Definition of Needs in Terms of IT Security

Next Implementing Security Measures

Definizione dei bisogni in termini di sicurezza informatica

Definição das necessidades de termos de segurança informática

Bestimmung des Bedarfs in Sachen Informatiksicherheit

Définition des besoins en terme de sécurité informatique

Definición de necesidades en términos de seguridad informática

Definition Phase

The definition phase for security needs is the first step towards implementing a security policy.

The goal consists in determining the organisation's needs by taking an inventory of the information system and then studying the different risks and threats that they represent in order to implement an appropriate security policy.

The definition phase is made up of three steps:

Identifying the needs
Analysing the risks
Defining the security policy

Identifying the Needs

The needs identification phase consists in first taking an inventory of the information system, notably of the following information:

People and jobs
Materials, servers and the services they provide
Network mapping (address map, physical and logical topologies, etc.)
List of the company's domain names
Communication infrastructure (routers, switches, etc.)
Sensative data

Risk Analysis

The risk analysis step consists in indexing the different risks encountered, estimating their probability and finally studying their impact.

The best way to analyse the impact of a threat consists in estimating the cost of the damages it would cause (e.g. an attack on a server or damage to vital company data).

On this basis, it might be interesting to draw up a table of risks and their potentiality (i.e. the probability that they might occur) by giving them staggered levels according to a scale to be defined. For example:

Unfounded (or improbable): the threat is groundless
Weak: the threat has little chance of occurring
Moderate: the threat is real
High: the threat has great chances of occurring

Defining the Security Policy

The security policy is the reference document that defines the security goals and the measures implemented to ensure that these goals are reached.

The security policy defines a number of rules, procedures and best practices that ensure a level of security that meets the needs of the organisation.

This document must be run like a project that brings together everyone from the users up to the highest part of the hierarchy so that it is accepted by all. Once the security policy has been written, the clauses concerning the employees must be sent to them so that the security policy can have the greatest impact.

Methods

Many methods exist that can be used to develop a security policy. Here is a non-exhaustive list of the main methods:

MARION (Méthodology of IT Risk Analysis by Level), developed by CLUSIF
- https://www.clusif.asso.fr/fr/production/mehari/
MEHARI (Harmonised Method of Risk Analysis)
- https://www.clusif.asso.fr/fr/production/mehari/
EBIOS (Expression of Needs and Identification of Security Goals), developed by DCSSI (Centeral Information Systems Security Office)
- http://www.ssi.gouv.fr/fr/confiance/ebios.html
ISO Standard 17799

Last update on Thursday October 16, 2008 02:43:15 PM.

Previous Security Policy

Next Implementing Security Measures

Download ZoneAlarm Security Suite ZoneAlarm Security Suite is a complete protection for your PC with a single complete program. It drives away viruses, blocks spam and removes definitively spyware from your PC. ZoneAlarm Internet Security Suite is not contented with eradicating... en.kioskea.net/telecharger/telecharger-3407-zonealarm-security-suite

Security Policies in Windows NT Understanding the notion of policy Security policy is the set of all security rules that are to be implemented in an organisation, and the ways in which they are implemented. The user manager located in the Start Menu (Programs/Administration... en.kioskea.net/contents/winnt/ntstrat.php3

Information security officer (ISO) Information security officer (ISO) An ISO (information security officer) is in charge of setting and a company's security policy. He/she also plays a critical role in informing, advising, and alerting the general management on matters relating to... en.kioskea.net/contents/metiers-informatique/rssi-responsable-securite.php3

Results for Definition of Needs in Terms of IT Security

How to disable the security Center under windows XP?How to disable the security Center under windows XP? Intruduction Disable Alerts Turn off Windows Security Center Intruduction Windows security Center is a component that works under Windows XP service pack 2 for providing... en.kioskea.net/faq/sujet-617-how-to-disable-the-security-center-under-windows-xp

[Shell] Viewing a binary file: Terminal illegible[Shell] Viewing a binary file: Terminal illegible When you unintentionally display contents of a binary file (e.g. cat /bin/mount | more), it may happens that the terminal displays characters which are not printable, causing the display of... en.kioskea.net/faq/sujet-942-shell-viewing-a-binary-file-terminal-illegible

Disabling security alerts under VistaDisabling security alerts under Vista If you are annoyed by the multiple Security Alert message, you can specify in which cases these messages will appear. The trick requires a modification of the registry, then it would be wise to save... en.kioskea.net/faq/sujet-1446-disabling-security-alerts-under-vista

Results for Definition of Needs in Terms of IT Security

Remove system security (Solved)Hello, I also have a problem with my desktop being infected by "security system". I also need directions on how to destroy it. any help? Margie22 en.kioskea.net/forum/affich-59028-remove-system-security

High definition sound (Solved)Hello, just bought one new brand pc integrated with high definition audio but when i play a game my speakers crackles to the sound of an explosion in the game. i was thinking about the speakers may be not hd but when i checked it out ive found that it... en.kioskea.net/forum/affich-29245-high-definition-sound

You have a security problem (Solved)Hello, I have an issue with my PC (Windows XP), I have a popup that states "You have a security problem" and attempts to sell me new virus protection. I have McAfee already installed and I have run a scan for a virus but it did not pick up anything.... en.kioskea.net/forum/affich-30169-you-have-a-security-problem

Results for Definition of Needs in Terms of IT Security

Download Eset Smart SecurityAntivirus, antispyware, antispam, firewall: all-in-one! We cannot find a simple protection! Based on NOD32 antivirus, extremely little greedy in resources! Eset Smart Security is a protection solution to be tried! en.kioskea.net/telecharger/telecharger-2190-eset-smart-security

Download Spyware TerminatorSpyware Terminator includes: - fast spyware scanning - 100 % real-time protection - HIPS protection - antivirus protection - several languages support It prevents the spywares, adwares and keyloggers from affecting your system. It works in... en.kioskea.net/telecharger/telecharger-2167-spyware-terminator

Download Microsoft Baseline Security AnalyzerMicrosoft Baseline Security Analyzer ( MBSA ) is a tool for the professionals. It allows to help small and medium-sized firms to determine their level of security in accordance with the recommendations of Microsoft. Furthermore, it gives guidelines... en.kioskea.net/telecharger/telecharger-1825-microsoft-baseline-security-analyzer

Results for Definition of Needs in Terms of IT Security

Trend Micro Internet Security 2009 - Complete package + 1 Year Maintenance - 3 users - DVD - Win - EWith Trend Micro Internet Security, you no longer need to choose between computer performance and maximum protection. Get smart, proven security that never sleeps, guarding your PC from the latest threats while giving you the freedom to browse and... en.kioskea.net/guide/655237480-trend-micro-internet-security-2009-complete-package-1-year-maintenance-3-users-dvd-win-english

Trene Micro, Inc. Trend Internet Security Pro 2009 2 Year License (PC CD)Inc ., Whether you are at home or on the go Trend Micro PC-cillinInternet Security Pro 2009 safeguards your online transactionsidentity and irreplaceable files with the most comprehensiveprotection available. Get all the benefits of our proven... en.kioskea.net/guide/591565108-trene-micro-inc-trend-internet-security-pro-2009-2-year-license-pc-cd

Kaspersky Lab Kaspersky Internet Security 2009, 3-Desktop, 1 year Renewal Subscription (PC)INTERNET SECURITY 2009 3 USER en.kioskea.net/guide/451197104-kaspersky-lab-kaspersky-internet-security-2009-3-desktop-1-year-renewal-subscription-pc

Results for Definition of Needs in Terms of IT Security

Conficker worm active, security experts sayA man surfs the Internet in Beijing. The Conficker worm, believed to have burrowed into millions of computers around the world, has sent an encrypted data message to infected machines, according to a computer security firm. The Conficker worm,... en.kioskea.net/actualites/conficker-worm-active-security-experts-say-12512-actualite.php3

Results for Definition of Needs in Terms of IT Security

Protection - Introduction to Network SecurityWhat is Network Security? Network security is a level of guarantee that all the machines in a network are working optimally and the users of these machines only possess the rights that were granted to them. This can include: preventing... en.kioskea.net/contents/protect/protintro.php3

Security - Risk identification and types of hackersWhat is a Hacker? The term "hacker" is often used to refer to a computer pirate. Victims of hacking on computer networks like to think they have been attacked by experienced hackers who have carefully studied their system and developed specific... en.kioskea.net/contents/secu/secuconn.php3

Security AuditsThe Concept of Audits A security audit consists of relying on a trustworthy third party (generally a company that specialises in computing security) to validate, based on the security policy, the protective measures that are in place. The goal of... en.kioskea.net/contents/secu/audit-securite.php3

Results for Definition of Needs in Terms of IT Security