Introduction to Information Security
Chapter 2: UTM-1 Security 41
Information Security Challenges
The challenges of information security can be divided into the following areas:
• Confidentiality and Privacy - Ensuring that only the intended recipients can read
certain information
• Authentication - Ensuring that information is actually sent by the stated sender
• Integrity - Ensuring that the original information was not altered and that no one
tampered with it
• Availability - Ensuring that important information can be accessed at all times
and places
The Security Policy
In order to meet these challenges, an organization must create and enforce a security
policy. A security policy is a set of rules that defines how and by whom sensitive
information should be accessed, handled, and distributed, both within and outside of the
organization. For example, a security policy may include the following rules regarding
visitors who arrive at an enterprise building's lobby:
• Visitors must sign in at the entrance desk.
• Visitors must wear a visitor badge and be escorted while in the building.
• Visitors cannot use their badge to open electronic doors.
Other types of security policy rules and measures might be:
• Only the executive manager has access to financial reports.
• Visitors must open their bags for a security check.
• Surveillance cameras should be positioned in the area of the building.
• Passwords must be changed on a daily basis.
• Confidential papers must be shredded after use.
An organization's security policy is usually designed by a person who is in charge of
handling all security matters for the organization. This person is called a security manager.
To Next Page
Loading...
