Summary

Previous page
Table of content
Next page

In this chapter, you learned about the many aspects involved in the business and operations of a secure environment. You studied business continuity, vendor support, security policies, security procedures, and privilege management. Each of these areas must be addressed and considered before you can be assured of a reasonable level of safety.

The issue of reliable service from utility companies, such as electricity and water, should be evaluated as part of your disaster recovery process. Addressing potential problems as part of your business decision making can prevent unanticipated surprises.

High-availability systems usually provide fail-over capabilities. These systems can use redundant components or fault-tolerant technologies. Clustering is a method of using multiple systems to ensure continuous operations in the event of server failure. One of the most common methods of improving fault tolerance is to utilize RAID devices for disk storage.

Disaster recovery is the process of helping your organization prepare for recovery in the event of an unplanned situation, and it is a part of your organization's business continuity.

Vendors can provide support and services to an organization. SLAs set a benchmark for expected performance when needed. Service performance and reliability are measured by MTBF and MTTR. Vendors that provide software or programming support should have code escrow agreements. They ensures that software can be maintained if the vendor ceases business.

Personnel policies define all of the key relationships between the employee, the organization, and the information they use. These policies dictate the expectations between all of the parties involved. These policies should be comprehensive, and they should have a huge impact on security expectations.

Business policies drive security efforts and confidentiality issues. These policies should address physical access, due care, separation of duties, document destruction, and certificate usage.

Understanding how certificate policies affect certificate usage requires a clear understanding of the parties involved in a transaction. The subscriber is the presenter of a certificate. The relying party depends on the subscriber or a third party to verify authenticity. A CA should have a clear set of practices, a CPS, to define how business activities are conducted.

The process of dealing with a security problem is called incident response. An incident response policy should clearly outline what resources, individuals, and procedures are to be followed in the event of an incident.

Privilege management involves making decisions regarding user and group roles, sign-on procedures, how information is accessed and used, auditing, and access control methods. Privilege management is one of the key components of an effective security policy.


Previous page
Table of content
Next page
CompTIA Security+ Study Guide. Exam SY0-101
Security+ Study Guide
ISBN: 078214098X
EAN: 2147483647
Year: 2006
Pages: 167
Authors: Michael A. Pastore
BUY ON AMAZON
Adobe After Effects 7.0 Studio Techniques
Special Edition Using Crystal Reports 10
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
Web Systems Design and Online Consumer Behavior
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
Java All-In-One Desk Reference For Dummies
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy