Security Management Architecture

Dev Shed Forums

Administration
Apache
BrainDump
DHTML
Flash
Java
JavaScript
Multimedia
MySQL
Oracle
Perl
PHP
Practices
Python
Reviews
Security
Style-Sheets
Web Services
XML
Zend
Zope

Forums Sitemap
IBM® developerWorks

Dedicated Servers
E-Commerce Hosting
Linux Web Hosting
Managed Hosting
Small Business Hosting
Download TestComplete
VPS Hosting

Weekly Newsletter
Developer Updates
Free Website Content

Articles

Forums

All Feeds

Write For Us Get Paid

Request Media Kit

Site Map

Privacy Policy
Support

USERNAME

PASSWORD

>>> SIGN UP!

Lost Password?

SECURITY

RSS

Security Management Architecture

By: McGraw-Hill/Osborne	Search For More Articles! Disclaimer Author Terms
Rating: / 5
2004-05-11

Table of Contents:

Security Management Architecture

Examples of AUP Enforcement Wording

Developing AUP Enforcement Policy Text

Enforcement Processing

Administrative Security

Management Practices

Activity Monitoring and Audit

A System and Device Log File Example (Windows)

System and Network Activity Monitoring

	ADD THIS ARTICLE TO:
	Del.ici.ous	Digg
	Blink	Simpy
	Google	Spurl
	Y! MyWeb	Furl

Email Me Similar Content When Posted

Add Developer Shed Article Feed To Your Site

Email Article To Friend

Print Version Of Article

PDF Version Of Article

ADVERTISEMENT

TestComplete™ automates software testing for a fraction of what the big guys charge. Easy functional and load testing for all Windows, .NET, Java and Web apps. Download a free trial now.

Security Management Architecture
(Page 1 of 9 )

This chapter provides a thorough guide to many security issues. The authors encourage writing strong enforcement statements of acceptable use policies (AUPs) and provide examples of wordings and a best practices checklist. They cover how to limit authority and separate duties and how to pinpoint accountability. The chapter is from Network Security: The Complete Reference, by Mark Rhodes-Ousley, Roberta Bragg and Keith Strassberg; ISBN:0-072-22697-8, McGraw-Hill/Osborne, 2003.

Security management is the process by which security controls are implemented and security managers are subject to control. Some of the elements of this architecture -- the management of passwords and accounts, authorization controls, legal issues, privacy, and so forth -- are discussed in their own chapters. The following additional elements also form part of the structure:

Acceptable use enforcement
Administrative security
Accountability controls
Activity monitoring and audit

Acceptable Use Enforcement

One of the best things that a company can do is to have an acceptable use policy (AUP) that dictates what employees can do with the computers they use and the networks and data they have access to. Many early AUPs only addressed Internet access; they either told subscribers of an ISP what was deemed acceptable or listed company policies created to reduce bandwidth demands. Now, however, AUPs are attempting to specify the entire panorama of computer use, from what subjects employees are allowed to read about on the Internet, to what's okay to say in an internal e-mail, to whether a personal music CD can be inserted in the CD-ROM drive of the office desktop.

A problem with many of these AUPs is that they do not have compliance enforcement written into them or do not evenly and fairly apply their own rules. One thing is certain: if an AUP is not enforced, it's not worth having. Before proposing potential enforcement rules, let's look at some typical enforcement statements.

Remember: this chapter is from Network Security: The Complete Reference, by Mark Rhodes-Ousley, Roberta Bragg and Keith Strassberg (McGraw-Hill/Osborne, ISBN 0-072-22697-8, 2003).

Buy this book now

Next: Examples of AUP Enforcement Wording >>

More Security Articles
More By McGraw-Hill/Osborne

Comments On: Security Management Architecture

>>> Be the FIRST to comment on this article!

SECURITY ARTICLES

- An Epilogue to Cryptography
- A Sequel to Cryptography
- An Introduction to Cryptography
- Security Overview
- Network Security Assessment
- Firewalls
- What’s behind the curtain? Part II
- What’s behind the curtain? Part I
- Vectors
- PKI: Looking at the Risks
- A Quick Look at Cross Site Scripting
- PKI Architectures: How to Choose One
- Trust, Access Control, and Rights for Web Se...
- Basic Concepts of Web Services Security
- Safeguarding the Identity and Integrity of X...
Find More Security Articles

Accelerating Trading Partner Performance

Competing on Analytics

Cost Effective Scaling with Virtualization and Coyote Point Systems

Five Checkpoints to Implementing IP Telephony

Hosted Email Security: Staying Ahead of New Threats