Table of Contents
Advertisement
In order for a security policy be effective, it must be accompanied by the following measures:
Awareness - A security policy must be accompanied by steps taken to increase the employees'
awareness of security issues. If employees are unaware of a security policy rule and the reason
for it, they are likely to break it.
Enforcement - To enforce a security policy, an organization can take various measures, both
human and electronic. For example:
Installing surveillance cameras in strategic locations throughout the organization
Positioning human guards who have the authority to prevent other people from entering the
premises or certain areas on the premises
Installing alarms that are triggered upon certain conditions
Using magnetic identification tags to enforce and log access permissions to different areas on
the premises
Using ―red phones‖ to encrypt highly confidential voice phone calls
Updating - A security policy is a living thing that must be updated from time to time according to
changing situations.
Unfortunately, even when a security policy is accompanied by these measures, its effectiveness is limited
against a person with malicious intent.
Computer and Network Security
A great deal of an organization's existing information is processed and stored electronically by single
(standalone) computers or computer networks. Therefore, an attack on an organization's computers or
computer networks can result in extensive information theft or abuse. However, computers and computer
networks today are not just tools used to store information; they are the heart of an organization's operations
and crucial to its communication and business transactions. For example:
Nowadays, most of an organization's communication and business transactions are conducted via
email (regardless of the organization's size).
Online stores process orders and supply products over the Internet.
Emerging technology today allows an organization's branch offices to communicate, share data,
and even establish low-cost VoIP (Voice over IP) communications, rather then using the
traditional phone system.
Applications are hosted on a main computer rather than on personal workstations. This helps
organizations share application resources. For example, in service departments, the customer
database is located on a main computer, while all customer relations transactions are managed by
software clients running on the agents' computers.
In order to withdraw money from any ATM machine, your PIN and the details on your magnetic
card are scanned and verified against the details on the main bank computer.
A department store in New York can query the inventory of the main warehouse located in
Chicago and enter orders for missing products, all in real time.
Chapter 2: Security
Introduction to Information Security
31
Advertisement
Table of Contents
Troubleshooting
