The Practice of System and Network Administration Second Edition phần 4

, tính chính xác dữ dội, hoặc bởi nhóm SA, có trách nhiệm cung cấp một nền tảng cơ bản mà người dùng có thể tùy chỉnh. Trong trường hợp trước đây, người ta có thể tưởng tượng một văn phòng Telesales nơi mà các nhà khai thác nhìn thấy một tập hợp các ứng dụng. Ở đây, công việc SA với | 276 Chapter 11 Security Policy company s own intellectual property it would not be as damaging as the loss of customer confidence. Acompany based entirely on e-commerce availability of thecompany se-commerce site was most important with protecting access to customers credit cards coming in second. The company was not nearly as worried about access to its own intellectual property. A hardware manufacturing division of a large multinational electronics company had a different priority. In this case availability of and access to the manufacturing control systems was of the utmost importance. A large networking hardware and software company the crown jewels were identified as the financial and order-processing systems. Surprisingly neither their intellectual property nor that of their customers was mentioned. Document the Company s Security Policies Policies are the foundation for everything that a security team does. Formal policies must be created in cooperation with people from many other departments. The human resources department needs to be involved in certain policies especially in determining acceptable-use policies monitoring and privacy policies and creating and implementing the remedies for any policy breach. The legal department should be involved in such policies as determining whether to track and prosecute intruders and deciding how and when to involve law enforcement when break-ins occur. Clearly all policies need the support of upper management. The decisions the security team makes must be backed by policy to ensure that the direction set by the management team is being followed in this very sensitive area. These policies must be documented and formally approved by the appropriate people. The security team will be asked to justify its decisions in many areas and must be able to make decisions with the confidence it is doing so in the best interests of the company as determined by the management of the company not by the security engineering or

Không thể tạo bản xem trước, hãy bấm tải xuống
TỪ KHÓA LIÊN QUAN
TÀI LIỆU MỚI ĐĂNG
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.