- We recognize that open-source and commercial software has become the foundation of our modern world. We know the awesome responsibility of providing services to our clients
- We recognize that our work will be used in ways we cannot anticipate, in ways they were not designed, and for longer than ever intended.
- We recognize that our work will be attacked by talented and persistent adversaries who threaten our clients physical, economic, and national security
- We recognize these things, and we choose to be in this business helping our customers every day.
- We will be secure because our people refuse to be a source of vulnerability or weakness. We will be secure, not because it is easy, but because it is necessary and we are up for the challenge.
- People - Everyone has a role to play in information security. Security is implemented and practiced by people. People design and implement processes and technology, as well as follow processes and use technology to enable business.
- Process - Includes formal and informal mechanisms (large and small, simple and complex) to get things. Processes identify, measure, manage, and control risks to confidentiality, integrity, availability, privacy, and safety, and they also ensure accountability.
- Technology - Is composed of all of the tools, applications and infrastructure that make processes more efficient. Technology implemented by people following processes allows for the organization to meet its information security objectives.