Home | | Information Management | Administering Security

Chapter: Security in Computing : Administering Security

Administering Security

In this chapter we complete our study of security controls by considering administrative and physical aspects.

Chapter 8

Administering Security

In this chapter

§   Security planning

 

§   Risk analysis

 

§   Security policies

 

§   Physical security

 

 

In reading this book you may have concluded by now that security is achieved through technology. You may think that the important activities in security are picking the right IDS, configuring your firewall properly, encrypting your wireless link, and deciding whether fingerprint readers are better than retina scanners. These are important matters. But not all of security is addressed by technology. Focusing on the firewall alone is like choosing a car by the shape of the headlight. Before you get to the headlights, there are some more fundamental questions to answer, such as how you intend to use the car, how much you can afford, and whether you have other transportation choices.

 

Security is a combination of technical, administrative, and physical controls, as we first pointed out in Chapter 1. So far, we have considered technical controls almost exclusively. But stop and think for a moment: What good is a firewall if there is no power to run it? How effective is a public key infrastructure if someone can walk off with the certificate server? And why have elaborate access control mechanisms if your employee mails a sensitive document to a competitor? The administrative and physical controls may be less glamorous than the technical ones, but they are surely as important.

 

In this chapter we complete our study of security controls by considering administrative and physical aspects. We look at four related areas:

 

o    Planning. What advance preparation and study lets us know that our implementation meets our security needs for today and tomorrow?

 

o    Risk analysis. How do we weigh the benefits of controls against their costs, and how do we justify any controls?

 

o    Policy. How do we establish a framework to see that our computer security needs continue to be met?

 

o    Physical control. What aspects of the computing environment have an impact on security?

 

These four areas are just as important to achieving security as are the latest firewall or coding practice.


Study Material, Lecturing Notes, Assignment, Reference, Wiki description explanation, brief detail
Security in Computing : Administering Security : Administering Security |

Related Topics

Information Management
Anna University - All Subjects
Anna University IT - All Subjects
Engineering - All Subjects
Information Technology Engineering - All Subjects
Security in Computing : Administering Security
Administering Security
Security Planning
Contents of a Security Plan
Security Planning Team Members
Assuring Commitment to a Security Plan
Business Continuity Plans
Incident Response Plans
Risk Analysis
The Nature of Risk
Steps of a Risk Analysis
Arguments For and Against Risk Analysis
Organizational Security Policies
Characteristics of a Good Security Policy
Policy Issue Example: Government E-mail
Physical Security
Interception of Sensitive Information
Contingency Planning
Physical Security Recap


Privacy Policy, Terms and Conditions, DMCA Policy and Compliant

Copyright © 2018-2024 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.