Which security principle involves using separate networks for sensitive information?

The security principle that involves using separate networks for sensitive information is segmentation. This practice enhances security by isolating sensitive data and systems from the rest of the network, limiting access and reducing the risk of unauthorized access or data breaches.

Segmentation allows organizations to create distinct zones within their network, each with its own security controls. For instance, critical financial systems can be placed on a separate network segment, so even if a less secure part of the network is compromised, the sensitive data remains protected. Properly segmented networks enable more focused monitoring and enforcement of security policies, thus increasing the overall security posture of the organization.

In contrast, encryption refers to the process of converting data into a coded format to prevent unauthorized access. While it is a vital security practice for protecting data at rest and in transit, it doesn’t involve the isolation of networks. Authentication ensures that users are who they claim to be and is important for controlling access to resources, but it does not address the physical or logical separation of networks. Redundancy involves creating additional or backup resources to ensure availability and reliability but does not apply specifically to the principle of keeping sensitive information isolated from other network traffic.