Information-centric security is an approach to information security paradigm that emphasizes the security of the information itself rather than the security of networks, applications, or even simply data.
Following are security analyst Rich Mogull's principles of information-centric security:
- Information (data) must be self describing and defending.
- Policies and controls must account for business context.
- Information must be protected as it moves from structured to unstructured, in and out of applications, and changing business context.
- Policies must work consistently through the different defensive layers and technologies we implement.