Entry: General Security Concepts Monday, January 12, 2004

Now as I start reading the first chapter of my primary book and then finding extra material on the internet or on other books I have allready started to see different point of views between different authors.

Chapter 1. General Security Concepts

Information Security includes three main areas:-

1. Physical Security

2. Operational Security

3. Management & Policies

Other point of view can be found out from http://www.whiteknighthackers.com/Talks/basic/img1.htm & other point of view which is a bit different is pointed here http://www2.state.hi.us/dags/icsd/ppmo/Stds_Web_Pages/IT0802/it0802s3.htm .

1. Physical Security:- three components of physical security

a) Securing physical location

b) Detecting a penetration or theft

c) Recovering from the theft

Some other views from the internet are mentioned at http://www.ralphearl.com/ISSA_files/sld004.htm & http://www.ccsd.ca/pubs/2002/psi/appendix2.pdf & http://www.ciol.com/content/flavour/netsec/101051001.asp 

2. Operational Security

Operational Security is about how things are done in an organization from a systems point of view which includes computers, networks, communication of systems and how information is managed into an organization.

It includes policies, topologies, operational issues like backups and network setups and access controls

3. Management and Policies

Management and Policies provide the rules, policies, guidelines and procedures for implementing a secured environment. The policies that are needed to secure the network are administrative, disaster recovery plans (DRP's), backup, design, information policies, Security, Usage and user management policies.


Leave a Comment:


Homepage (optional)