DEV Community

Cover image for Security Pillar - Best Practice Areas
Sebastian Torres
Sebastian Torres

Posted on

Security Pillar - Best Practice Areas

Security Foundations

Why is the Security Foundations best practice area important?

To operate your workload securely, you must apply overarching best practices to every area of security. Take requirements and processes that you have defined in Operational Excellence at an organizational and workload level, and apply them to all areas.

Identity and Access Management

Why is the Identity and Access Management best practice area important?

Identity and access management is a key part of an information security program. It helps ensure that only authorized and authenticated users and components are able to access your resources, and only in a menner that you intend.


Why is the Detection best practice area important?

You can use detective controls to identify a potential security threat or incident. They are an essential part of governance framework and can be used to support a quality process, a legal or compliance obligation, and for threat identification and response efforts.

Infrastructure Protection

Why is the Infrastructure Protection best practice area important?

Infrastructure protection encompasses the control methodologies, such as defense in depth, necessary to meet best practices and organizational or regulatory obligations. Use of these methodologies is critical for succesful, ongoing operations in either the cloud or on premises.

Data Protection

Why is the Data Protection best practice area important?

Before architecting any system, foundational practices that influence security should be in place. For example, data classification provides a way to categorize organizational data based on levels of sensitivity. Encryption protects data by way of rendering it unintelligible to unathorized access.

Incident Response

Why is the Incident Response best practice area important?

Even with extremely mature preventive and detective controls, your organization should still put processes in place to respond to and mitigate the potential impact of security incidents.

Discussion (0)