livedoor
おはようございます。
PURA防犯コンサルタント ドノフリオ スティーブです。
In creating an IT security system there must be a plan that is based
on solid principles of security.
We in the security field often refer to the 3P’s of security,
Physical security, Policy and procedure, and the involvement of People.
In IT security these principles are the same even though the
technology and application may vary the principles remain.
The first P (physical) will represent the hard and software used
in the plan.
Setting up a secure network with firewalls and protected access points
is a key factor in this step. For wireless networks it is also important
to encrypt all communications as well as use intrusion detection systems
(IDS).
One area to be careful about is not to trust the software because this
is the most vulnerable area according to IT security people I have
learned from.
The 2nd P is policy and procedures. This step might be the most important
to effective IT security. Policies build awareness and help in balancing the use of technology and management.
Policy and procedures also need to include disk storage and how to dispose of information properly.
The 3rd step is involvement of people. This step includes making sure your
IT team is up to date on training and certifications. It also includes
training all users of networks at all levels.
Integrating, layering and a good balance between all aspects of
the 3 P’s is in my opinion the best way to create a solid IT security
system.
PURA防犯コンサルタント ドノフリオ スティーブです。
In creating an IT security system there must be a plan that is based
on solid principles of security.
We in the security field often refer to the 3P’s of security,
Physical security, Policy and procedure, and the involvement of People.
In IT security these principles are the same even though the
technology and application may vary the principles remain.
The first P (physical) will represent the hard and software used
in the plan.
Setting up a secure network with firewalls and protected access points
is a key factor in this step. For wireless networks it is also important
to encrypt all communications as well as use intrusion detection systems
(IDS).
One area to be careful about is not to trust the software because this
is the most vulnerable area according to IT security people I have
learned from.
The 2nd P is policy and procedures. This step might be the most important
to effective IT security. Policies build awareness and help in balancing the use of technology and management.
Policy and procedures also need to include disk storage and how to dispose of information properly.
The 3rd step is involvement of people. This step includes making sure your
IT team is up to date on training and certifications. It also includes
training all users of networks at all levels.
Integrating, layering and a good balance between all aspects of
the 3 P’s is in my opinion the best way to create a solid IT security
system.
