Đang chuẩn bị liên kết để tải về tài liệu:
Bảo mật hệ thống mạng part 21

Đánh giá tổn thương An ninh sở cần thực hiện đánh giá tổn thương (hoặc quét) của các hệ thống của tổ chức này một cách thường xuyên. Các bộ phận nên có kế hoạch đánh giá hàng tháng của tất cả các hệ thống trong một tổ chức. Nếu số lượng hệ thống lớn, các hệ thống cần được nhóm lại một cách thích hợp và một phần của tổng số được quét mỗi tuần. | 124 Network Security A Beginner s Guide Vulnerability Assessment Security departments should perform vulnerability assessments or scans of the organization s systems on a regular basis. The department should plan monthly assessments of all systems within an organization. If the number of systems is large the systems should be grouped appropriately and portions of the total scanned each week. Plans should also be in place for follow-up with system administrators to make sure that corrective action is taken. Audit The security department should have plans to conduct audits of policy compliance. Such audits may focus on system configurations on backup policy compliance or on the protection of information in physical form. Since audits are manpower-intensive small portions of the organization should be targeted for each audit. When conducting audits of system configurations a representative sample of systems can be chosen. If significant non-compliance issues are found a larger audit can be scheduled for the offending department or facility. Training Awareness training plans should be created in conjunction with the human resources department. These plans should include schedules for awareness training classes and detailed publicity campaign plans. When planning classes the schedules should take into account that every employee should take an awareness class every two years. Policy Evaluation Every organization policy should have built-in review dates. The security department should have plans to begin the review and evaluation of the policy as the review date approaches. Generally this will require two policies to be reviewed each year. TECHNICAL SECURITY Technical security measures are concerned with the implementation of security controls on computer and network systems. These controls are the manifestation of the organization s policies and procedures. Network Connectivity The movement of information between organizations has resulted in a growing connectivity .