Chapter 8
Administering Security
In this chapter
§
Security planning
§
Risk analysis
§
Security policies
§
Physical security
In reading this book you may
have concluded by now that security is achieved through technology. You may
think that the important activities in security are picking the right IDS,
configuring your firewall properly, encrypting your wireless link, and deciding
whether fingerprint readers are better than retina scanners. These are
important matters. But not all of security is addressed by technology. Focusing
on the firewall alone is like choosing a car by the shape of the headlight.
Before you get to the headlights, there are some more fundamental questions to
answer, such as how you intend to use the car, how much you can afford, and
whether you have other transportation choices.
Security is a combination of
technical, administrative, and physical controls, as we first pointed out in Chapter 1. So far, we have considered technical
controls almost exclusively. But stop and think for a moment: What good is a
firewall if there is no power to run it? How effective is a public key
infrastructure if someone can walk off with the certificate server? And why
have elaborate access control mechanisms if your employee mails a sensitive
document to a competitor? The administrative and physical controls may be less
glamorous than the technical ones, but they are surely as important.
In this chapter we complete our
study of security controls by considering administrative and physical aspects.
We look at four related areas:
o Planning. What advance
preparation and study lets us know that our implementation meets our security
needs for today and tomorrow?
o Risk analysis. How do we
weigh the benefits of controls against their costs, and how do we justify any
controls?
o Policy. How do we establish a framework to see that our computer security
needs continue to be met?
o Physical control. What
aspects of the computing environment have an impact on security?
These four areas are just as
important to achieving security as are the latest firewall or coding practice.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.