Information security is a business issue that needs to be managed effectively. Good security
management can provide consistent protection from compromised data and downtime.
Although complete security is impossible to achieve, too little security can cost a company
dearly. The appropriate amount of security is unique to every organization. The following
chapters explore some of the methods and tools used to manage security.
- Information security is a business problem, not a technology problem.
- Total security is impossible. A trade-off has always existed between security and usability.
- Some amount of security is possible, but this can only be achieved after an organization identifies its security philosophy and integrates that philosophy into its business processes.
- Security policies are used to integrate a security philosophy with business processes. They should be driven by the needs of the business, not the needs of the technology.
When developing a security philosophy, a security assessment can provide necessary information
on how business processes use network technology. It also identifies critical points of
security within the business.
Once a philosophy has been established and security policies have been developed, systems
and network monitoring tools provide feedback. This feedback can be used to refine
policies and the overall philosophy.
The above information is an excerpt from "Network Security Illustrated," published by McGraw-Hill and available from amazon.com, as well as your local bookstore. The book goes into much greater depth on this topic. To learn more about the book and what it covers, click here.
Below, you'll find links to online resources that supplement this portion of the book.