|
|
In this chapter, we covered the key elements that an information security specialist should consider. Every organization will have a different set of priorities and a different focus when it comes to security. Your responsibility is to take this information and create or maintain a security-oriented environment to address these priorities and concerns.
The primary areas of responsibility you will see include:
Physical security
Operational security
Management and policy
You should consider actions that you perform in this environment to accomplish one or more of the goals of information security:
Prevention
Detection
Response
Security is a set of processes and products. In order for a security program to be effective, all of its parts must work and be coordinated by the organization. This includes:
Antivirus software
Access control
Authentication
Typically, your network will run many different protocols and services. These protocols allow connections to other networks and products. However, they create potential vulnerabilities that must be understood. You must also work toward finding ways to minimize the vulnerabilities. Many protocols and services offered by modern operating systems are highly vulnerable to attack. New methods of attacking these systems are being developed every day.
Security topologies provide a mechanism to design networks that have multiple ways of implementing security. Design goals for a security topology must address these four areas of security to be effective:
Confidentiality
Integrity
Availability
Accountability
Your network can be made more secure by considering the impact of security zones and access. Here are the three most common security zones that you will encounter in the workplace:
Internets
Intranets
Extranets
You can improve the likelihood of a successful security implementation if you consider putting high externally accessed servers into areas called DMZs.
Your network can take advantage of several technologies that can help you minimize the risks your network has to compromise. These technologies include:
VLANs
NAT
Tunneling
The final part of this chapter discussed business requirements in a security environment. These requirements include:
Asset identification
Risk assessment
Threat identification
Vulnerabilities
|
|