Chapter 5. Establishing and Maintaining a Security Policy
Secure system planning and administration is the human side of computer security. Even in a highly trusted system, security isn’t automatic. Administrators need a written guideline, spelled out beforehand, that clearly outlines what steps to take and what procedures to follow in the pursuit of security. The assault on trusted systems seems relentless these days, as vulnerability after vulnerability has riddled both the Windows and Linux worlds, and perfidy abounds abounds both inside and outside an organization’s walls. If there is safety in the changing world of security, it seems to lie not in what our equipment or software does for us, but in what we do for ourselves. The first step in maintaining security today is to set security policies for our organizations, and then to exercise diligence in promulgating and maintaining them. This effort cuts across all layers. Although the security administrators carry out the security policy in terms of protection, detection, and enforcement, it is the users who must keep the security, and the owners and managers who must authorize and sustain it, and administer the required sanctions against those who violate it.
For example, your organization’s security policy may require regular backups, but it’s the administrator who must actually run the backups. Once administrators train users to copy files to areas that will be protected, managers must deal with noncompliance. Similarly, administrators ...
Get Computer Security Basics, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.