To have a comprehensive security solution, it is important to cover all aspects of the operation of an organization. Comprehensive security requires suitable reliance on technical, physical, and administrative controls; implementing defense in depth; and developing an all-inclusive security policy. You will also be required to demonstrate forward thinking, taking into consideration the threats of tomorrow.
In this chapter you have learned that
- The confidentiality, integrity, and availability of the data need to be protected.
- Assets, vulnerabilities, and countermeasures can be classified to assist in developing a comprehensive set of security policies.
- New trends and threats are appearing frequently in the borderless network environment where we are evolving.
- To provide a comprehensive security solution, it is essential that there be a combination of technical, physical, and administrative controls in place.
- Defense in depth is a philosophy used to provide layered security to a system by using multiple security mechanisms.
- A security policy is a set of objectives for the company, rules of behavior for users and administrators, and requirements for system and management that collectively ensures the security of network and computer systems in an organization.