The security of a company's information system is an important
requirement for the pursuit of its business. Whether it is the
degradation of its brand image, theft of its manufacturing secrets or
the loss of its customer data; a computer disaster always has
unfortunate consequences that can lead to bankruptcy.
Organizing this
security is not easy, which is why there are recognized methods to
help IT managers implement a good security policy and conduct audits
to verify their effectiveness.
Security Policy
A security policy
can be seen as the set of organizational models, procedures, and good
technical practices to ensure the security of the information system.
But what is the
security of an IS? It revolves around the following five main
concepts: data integrity, information and exchange confidentiality,
service availability, user authentication and non-repudiation of
transactions.
To guarantee
security, a security policy is generally organized around three major
axes: the physical security of the installations, the logical
security of the information system and the user's awareness of the
security constraints.
The purpose of this
document is not to explain how to design a security policy but to
present the existing methods.
Audit
A security audit can
highlight the weaknesses of the implementation of a security policy.
The problem may come from the policy itself: poorly designed or
unsuited to the needs of the company, or errors when applied.
Source: Network Security Assessment

No comments:
Post a Comment