Professional Documents
Culture Documents
CH3 - Planning Enterprise Information Security: Pacu Putra, B.CS., M.CS
CH3 - Planning Enterprise Information Security: Pacu Putra, B.CS., M.CS
Information Security
Pacu Putra, B.CS., M.CS.
Prootecting Enterprise Data
identify and include security requirements in all stages of planning and for all levels of your
enterprise architecture
Implementation can’t start until the security requirements for all resources have been
identified.
Physical security requirements need at least as much attention as logical security
requirements
Design a Workable Prrogram
find the proper balance between security and usability, or risk having users bypassing
controls in order to perform their jobs.
Developing a security policy
A comprehensive security policy is necessary so that all network users, both technical and
nontechnical, are aware of the enterprise’s required security controls.
The policy should balance security with usability, and its procedures must work hand in
hand with business processes to avoid disruption of normal operations.
Requiring an employee who has forgotten his password to report to the IT office and show
proper identification
Classifying data to be secured
know the type of information that is on your network before you can dictate policies
regarding its security.
storage survey should reveal enough information for you to classify your organization’s
data by business function, sensitivity, owner, and known security requirements based on
legal or contractual mandates.
Addressing basic Security Elements
Security policies are living documents, and as such, they should be reviewed and
updated periodically. The following events may also trigger a review of the security policy:
Emerging security threats
Changes in business functionality or data classification
Implementation of new technology
Mergers and acquisitions
Security incidents
Training Employees
After the policies are in place, employees must be educated about the policies and the
reasons behind them.
They must also have clear instructions for reporting suspicious behavior or events.
This training should be conducted regularly, to help keep employees alert and up-to-date
on new procedures.
Thank You