Flux rss
Reviews
They need your help

Definition of Needs in Terms of IT Security

Definition Phase

The definition phase for security needs is the first step towards implementing a security policy.

The goal consists in determining the organisation's needs by taking an inventory of the information system and then studying the different risks and threats that they represent in order to implement an appropriate security policy.

The definition phase is made up of three steps:

  • Identifying the needs
  • Analysing the risks
  • Defining the security policy

Identifying the Needs

The needs identification phase consists in first taking an inventory of the information system, notably of the following information:

  • People and jobs
  • Materials, servers and the services they provide
  • Network mapping (address map, physical and logical topologies, etc.)
  • List of the company's domain names
  • Communication infrastructure (routers, switches, etc.)
  • Sensative data

Risk Analysis

The risk analysis step consists in indexing the different risks encountered, estimating their probability and finally studying their impact.

The best way to analyse the impact of a threat consists in estimating the cost of the damages it would cause (e.g. an attack on a server or damage to vital company data).

On this basis, it might be interesting to draw up a table of risks and their potentiality (i.e. the probability that they might occur) by giving them staggered levels according to a scale to be defined. For example:

  • Unfounded (or improbable): the threat is groundless
  • Weak: the threat has little chance of occurring
  • Moderate: the threat is real
  • High: the threat has great chances of occurring

Defining the Security Policy

The security policy is the reference document that defines the security goals and the measures implemented to ensure that these goals are reached.

The security policy defines a number of rules, procedures and best practices that ensure a level of security that meets the needs of the organisation.

This document must be run like a project that brings together everyone from the users up to the highest part of the hierarchy so that it is accepted by all. Once the security policy has been written, the clauses concerning the employees must be sent to them so that the security policy can have the greatest impact.

Methods

Many methods exist that can be used to develop a security policy. Here is a non-exhaustive list of the main methods:



Last update on Thursday October 16, 2008 02:43:15 PM.
This document entitled « Definition of Needs in Terms of IT Security » from Kioskea (en.kioskea.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the licence, as this note appears clearly.

Results for Definition of Needs in Terms of IT Security

Security - Introduction to IT Security As Internet use is developing, more and more companies are opening their information system to their partners and suppliers. Therefore, it is essential to know which of the company's resources need protecting and to control system access and the user... en.kioskea.net/secu/secuintro.php3
(MRU) Most Recently Used - Definition and Tips (MRU) Most Recently Used - Definition and Tips Most Recently Used (MRU) is a data based feature under Microsoft which detects in cached the most recently used items. In other terms, it means that same refer to a list of programs, files and... en.kioskea.net/faq/sujet-336-mru-most-recently-used-definition-and-tips
Protection - DMZ (Demilitarized Zone) Firewall systems allow for the definition of access rules between two networks. However, in practice, companies generally have several subnetworks with different security policies. This is why it is necessary to set up firewall architectures that... en.kioskea.net/protect/dmz-cloisonnement.php3

Results for Definition of Needs in Terms of IT Security

How to disable the security Center under windows XP?How to disable the security Center under windows XP? Intruduction Disable Alerts Turn off Windows Security Center Intruduction Windows security Center is a component that works under Windows XP service pack 2 for providing... en.kioskea.net/faq/sujet-617-how-to-disable-the-security-center-under-windows-xp
[Shell] Viewing a binary file: Terminal illegible[Shell] Viewing a binary file: Terminal illegible When you unintentionally display contents of a binary file (e.g. cat /bin/mount | more), it may happens that the terminal displays characters which are not printable, causing the display of... en.kioskea.net/faq/sujet-942-shell-viewing-a-binary-file-terminal-illegible
Securing your wireless networkSecuring your wireless network What is Wi-Fi? Ad-hoc mode Infrastructure mode connection Security and protection What is Wi-Fi? Wi-Fi regroups various IEEE802.11 standards and technologies, using radio waves to provide reliable... en.kioskea.net/faq/sujet-431-securing-your-wireless-network
More answers

Results for Definition of Needs in Terms of IT Security

Is ESEt Smart Security a good one???Hello, i wanted to know if the ESEt Smart Security is a reliable one and whether i should go for it???? en.kioskea.net/forum/affich-16662-is-eset-smart-security-a-good-one
Password Expiration n security ? (Solved)Hello, Don't complex rules and password expiration cause people to write down their passwords? Doesn't that defeat the security? en.kioskea.net/forum/affich-1553-password-expiration-n-security
Sharing n security plz?? (Solved)Hello, How do I enable Windows 2000-like file sharing and security in Windows XP workgroups? en.kioskea.net/forum/affich-1476-sharing-n-security-plz
More answers

Results for Definition of Needs in Terms of IT Security

Download NadaIn the common language, they use term " nada " to mean "nothing". Nada is however the name of a program of a byte. What they can make with a byte you wonder? And definitely it is definitely the purpose of this program, it is strictly of use for... en.kioskea.net/telecharger/telecharger-412-nada
Download Instant File Name SearchAlthough mode searches already exist on Windows, sometimes more definite tools for specific tasks are needed. Instant Name Search Goes off search files by name on your computer or on a network instantly. It supports the Boolean operators (AND,or,... en.kioskea.net/telecharger/telecharger-630-instant-file-name-search
More answers

Results for Definition of Needs in Terms of IT Security

India says no security threat from BlackBerry: reportA woman sends text messages on her Blackberry phone. BlackBerry mobile devices do not pose a security threat and no permission is needed from the Indian government to make the service available, an official said Wednesday, according to media reports.... en.kioskea.net/actualites/india-says-no-security-threat-from-blackberry-report-10505-actualite.php3
Japanese firms say starting ratings for IT securityA person uses a laptop in Tokyo. Eighteen Japanese firms have said they are creating the world's first ratings agency looking at data security, which they said was a rising concern for companies. Eighteen Japanese firms said Tuesday they were... en.kioskea.net/actualites/japanese-firms-say-starting-ratings-for-it-security-10274-actualite.php3
French reporters booted from US computer security conferenceMembers of the media, seen August 1, 2008, go online at the main press center on the Olympic Green in Beijing. Reporters from an online French magazine were booted from the world's premier computer security conference Thursday after reportedly... en.kioskea.net/actualites/french-reporters-booted-from-us-computer-security-conference-10598-actualite.php3
More answers

Results for Definition of Needs in Terms of IT Security

OOP - Object class and instance A class is the structure of an object, meaning the definition of all items that an object is made up of. An object is therefore the "result" of a class. In reality, an object is an instance of a class, which is why can use interchange the terms... en.kioskea.net/poo/classe-instance.php3
Organisation - Third-Party Application Maintenance (TMA) The term third-party application maintenance (acronym TMA) refers to outsourcing the maintenance of applications, i.e. entrust all or part of the maintenance of applications to a third-party computer service provide for consideration by defining the... en.kioskea.net/entreprise/tma-tierce-maintenance-applicative.php3
Frauds - Social engineering The term "social engineering" refers to the art of manipulating people so as to circumvent security systems. This technique involves obtaining information from users by telephone, email, traditional mail or direct contact. Social engineering... en.kioskea.net/attaques/ingenierie-sociale.php3
More answers