The Nine Fundamental Principles of Being A Security Practitioner
The CIA Triad is dated; its origins and value lay in technical operations. The Code of Ethics is about a framework of ethical behaviour. The CISSP is different. The CISSP doesn’t advertise itself as containing leadership principles. It is about the basics of high-level security assurance concepts. This is why courses like the CISSP need to be revamped. Holding CISSP or CISM does not make one a security leader. There are various definitions of principles. The Cambridge Dictionary defines it as a basic idea of rule that explains or controls how something happens or works. The Collins English Dictionary alternatively defines it as an accepted or professed rule of action or conduct. I prefer the definitions that principles are values guiding behaviours and actions. These nine principles are not confined to security practitioners engaged in governance activities. They can and should be leveraged by every security practitioner.
- Actionable principles
- Trusted advisor