Security Designs

17 Pages 4143 Words

er systems, environments, and organizational policies are different, making each computer security services and strategy unique. However, the principles of good security remain the same, and this research will focus on those principles.
Although a security strategy can save the organization valuable time and provide important reminders of what needs to be done, security is not a one-time activity. It is an integral part of the system lifecycle. The policies developed at the end of this research will generally require either periodic updating or appropriate revision. These changes are made when configurations and other conditions and circumstances change significantly or when organizational regulations and policies require changes. This is an iterative process. It is never finished and should be revised and tested periodically.
Overview of How to Compile a Security Strategy
Reviewing Current Policies
Establishing an effective set of security policies and controls requires using a strategy to determine the vulnerabilities that exist in our computer systems and in the current security policies and controls that guard them. The current status of computer security policies can be determined by reviewing the list of documentation that follows. The review should take notice of areas where policies are lacking as well as examine documents that exist:
· Physical computer security policies such as physical access controls.
· Network security policies (for example, e-mail and Internet policies).
· Data security policies (access control and integrity controls).
· Contingency and disaster recovery plans and tests.
· Computer security awareness and training.
· Computer security management and coordination policies.
· Other documents that contain sensitive information such as:
o Computer BIOS passwords.
o Router configuration passwords.
o Access control documents.
o Other device management passwords.
Identifying ...