Network Security Illustrated buy the book at Amazon now!


search site
Table of Contents

Book
Introduction

Managing
Security

Outsourcing
Options

Reserving
Rights

Determining
Identity

Preserving
Privacy

Connecting
Networks

Hardening
Networks

Storing
Information

Hiding
Information

Accessing
Information

Ensuring
Availability

Detecting
Intrusions

Page Tools
print this pagePrint this Page
email this pageEmail this Page
notify me when this section changesWatch for Updates
send us feedbackSend us Feedback
Summary
of FAQs
More Info
  • How The Book is Organized
  • Why We Wrote The Book
  • Samples from the Book
  • Summary of Errata
  • Summary of FAQs
  • News
    Buy The Book
    at amazon.com

    Managing Security

    Q: If security is an illusion and impossible to achieve, what's the point?

    A: While total security is impossible, it is possible to have some security. Certain security techniques can mitigate some of the most common risks. For example, locks keep curious people away from sensitive or valuable materials. A curious person might become a thief if tempted -- the lock eliminates this risk. A serious thief won't be thwarted, but there are less serious thieves than there are curious people.

    Q: How do I figure out how much security my company needs?

    A: This is not an easy question to answer. Every company is different. Some businesses are easier to secure than others. Some need a lot of security, others need a little. Here are a few pointers, but this is mostly a matter of intuition and business saavy.

    First identify the potential risks. Some starting points: data getting stolen, data getting destroyed, systems becoming unavailable, etc. Now figure out how much it would cost your business if those risks became real. This is your exposure.

    An investment in security will reduce the likelihood of a risk happenng. In some cases, a small investment might signifcantly reduce the odds of a problem. In other cases, making an improvement might be very expensive. Usually, basic security measures can be inexpensive but highly effective. Past the basics, things can get pricy. At some point, the cost of the investment becomes more than the marginal improvement in the odds is worth.

    Managing Security: The Security Assessment

    Q: What is the difference between an assessment and an audit?

    A: At the moment, personal sematics. Security consulting companies use these terms interchangably. In our opinion, an audit is a formal process closely tied to some sort of regulatory/compliance need. An assessment is more informal -- often performed by interal staff as a self-diagnostic tool.

    Reserving Rights: Digital Rights Management