Security, The Big Picture

1410 Words6 Pages
1. OBJECTIVE: Security, the big picture A secure “enterprise”, big or small, should have an approach to security that is comprehensive and end-to-end if it is to be effective. Most organizations do not have such policies and practices in place. There are some good reasons for this; security clearly comes at a cost. This cost can be measured not just in dollars, but also in complexity, time and efficiency. To make things secure, it is necessary to spend money, perform more procedures, and wait for these procedures to complete (or perhaps involve someone else). The reality is that true security programs are difficult to achieve. It is usually necessary to choose a schema that has a certain amount of “cost” and an understood amount of security coverage. (This is almost always less than “comprehensive and end to end”.) The point here is to make educated decisions for each aspect of an overall system and to consciously employ more or less in a calculated fashion. If one knows the areas that are less protected, one can at least monitor such areas to determine problems or breaches. 2. SCOPE: Knowing the network It is not possible to protect anything unless one clearly understands WHAT one wants to protect. Organizations of any size should have a set of documented resources, assets and systems. Each of these elements should have a relative value assigned in some manner as to their importance to the organization. Examples of things that should be considered are
Open Document