Information security is a business issue that needs to be managed effectively. Good security management can provide consistent protection from compromised data and downtime. Although complete security is impossible to achieve, too little security can cost a company dearly. The appropriate amount of security is unique to every organization. The following chapters explore some of the methods and tools used to manage security.
When developing a security philosophy, a security assessment can provide necessary information on how business processes use network technology. It also identifies critical points of security within the business.
Once a philosophy has been established and security policies have been developed, systems and network monitoring tools provide feedback. This feedback can be used to refine policies and the overall philosophy.