Home arrow Security arrow Security Management Architecture

Security Management Architecture

This chapter provides a thorough guide to many security issues. The authors encourage writing strong enforcement statements of acceptable use policies (AUPs) and provide examples of wordings and a best practices checklist. They cover how to limit authority and separate duties and how to pinpoint accountability. The chapter is from Network Security: The Complete Reference, by Mark Rhodes-Ousley, Roberta Bragg and Keith Strassberg; ISBN:0-072-22697-8, McGraw-Hill/Osborne, 2003.

TABLE OF CONTENTS:
  1. Security Management Architecture
  2. Examples of AUP Enforcement Wording
  3. Developing AUP Enforcement Policy Text
  4. Enforcement Processing
  5. Administrative Security
  6. Management Practices
  7. Activity Monitoring and Audit
  8. A System and Device Log File Example (Windows)
  9. System and Network Activity Monitoring
By: McGraw-Hill/Osborne
Poor Best
Rating: starstarstarstarstar / 5
May 11, 2004

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

Network Security: The Complete ReferenceSecurity management is the process by which security controls are implemented and security managers are subject to control. Some of the elements of this architecture -- the management of passwords and accounts, authorization controls, legal issues, privacy, and so forth -- are discussed in their own chapters. The following additional elements also form part of the structure:

  • Acceptable use enforcement
  • Administrative security
  • Accountability controls
  • Activity monitoring and audit

Acceptable Use Enforcement

One of the best things that a company can do is to have an acceptable use policy (AUP) that dictates what employees can do with the computers they use and the networks and data they have access to. Many early AUPs only addressed Internet access; they either told subscribers of an ISP what was deemed acceptable or listed company policies created to reduce bandwidth demands. Now, however, AUPs are attempting to specify the entire panorama of computer use, from what subjects employees are allowed to read about on the Internet, to what's okay to say in an internal e-mail, to whether a personal music CD can be inserted in the CD-ROM drive of the office desktop.

A problem with many of these AUPs is that they do not have compliance enforcement written into them or do not evenly and fairly apply their own rules. One thing is certain: if an AUP is not enforced, it's not worth having. Before proposing potential enforcement rules, let's look at some typical enforcement statements.

Remember: this chapter is from Network Security: The Complete Reference, by Mark Rhodes-Ousley, Roberta Bragg and Keith Strassberg (McGraw-Hill/Osborne, ISBN 0-072-22697-8, 2003).

Buy this book now



 
 
>>> More Security Articles          >>> More By McGraw-Hill/Osborne
 

blog comments powered by Disqus
   

SECURITY ARTICLES

- Skipfish Website Vulnerability Scanner
- Critical Microsoft Visual Studio Security Pa...
- US Faces Tech Security Expert Deficit
- LAN Reconnaissance
- An Epilogue to Cryptography
- A Sequel to Cryptography
- An Introduction to Cryptography
- Security Overview
- Network Security Assessment
- Firewalls
- What’s behind the curtain? Part II
- What’s behind the curtain? Part I
- Vectors
- PKI: Looking at the Risks
- A Quick Look at Cross Site Scripting
Find More Security Articles


© 2003-2012 by Developer Shed. All rights reserved. DS Cluster 7 - Follow our Sitemap

Dev Shed Tutorial Topics: