Академический Документы
Профессиональный Документы
Культура Документы
LECTURE 13
Security Administration
1
What we are planning to
discuss?
Introduction
Security Planning
Risk Analysis
Security Policies
Physical Security
Introduction
Security is a combination of technical, administrative,
and physical controls.
So far, we have looked at security from a technology
perspective.
In this lecture, we will consider administrative and
physical aspects.
Four related areas:
Planning: What advance preparation and study lets us know that our
implementation meets our security needs for today and tomorrow?
Risk Analysis: How do we weigh the benefits of controls against their costs,
and how do we justify any controls?
Policy: How do we establish a framework to see that our computer security
needs continue to be met?
Physical Control: What aspects of the computing environment have an
impact on security?
Security Planning (1)…
Basically, users lack appreciation of security. Every
interaction with the computing system has
Confidentiality
Integrity
Availability requirements
on the data, application and physical machines.
Lack of accuracy.
Security Policies (1)…
Security policies are used for several purposes.
Clarify responsibilities.
24