Chapter 8: Security

Overview

The meaning of "security" as it relates to information systems is often diluted to include only security related to clients and servers. This narrow view can be a fatal flaw in corporate information security. One of the early definitions of security for computer networks came from the IBM Dictionary of Computing published in 1994 by McGraw-Hill, Inc.:

Information Security: the concepts, techniques, technical measures, and administrative measures used to protect information assets from deliberate or inadvertent unauthorized acquisition, damage, disclosure, manipulation, modification, loss, or use.

This chapter deals primarily with security concepts, components, and design elements. In that light, many of the concepts and discussions are beyond the scope of what a server-based computing (SBC) systems administrator will directly control; however, that System Administrator must be able to accurately represent security requirements to other staff members who are responsible for design and implementation. Today's enterprises require that all staff are cognizant and vigilant with security, and the on-demand and in-control enterprise requirements dictate that security be a forethought and not an afterthought to any IT solution. Detailed implementation of security in an enterprise infrastructure is addressed in Chapter 17.