Security and Privacy in a Networked World/Procedures: Thou shalt not...: erinevus redaktsioonide vahel
WikiHaldur (arutelu | kaastöö) Resümee puudub |
WikiHaldur (arutelu | kaastöö) Resümee puudub |
||
| 1. rida: | 1. rida: | ||
== Introduction == | |||
As illustrated by the title above, any larger community of humans throughout the history has had "the rules of game" (written or unwritten). The larger the difference between the "initiates" and the "mere mortals", the more vital are written, universal and enforced rules (they are usually called laws) - and security of a larger organization tends to have large difference here. And due to the the principle of the weakest link determining the strength of the whole chain, the axiom of [https://en.wikipedia.org/wiki/Ignorantia_juris_non_excusat ''ignorantia juris non excusat''] also applies, necessitating efforts both training to promote security awareness and policies to maintain and enforce it. | As illustrated by the title above, any larger community of humans throughout the history has had "the rules of game" (written or unwritten). The larger the difference between the "initiates" and the "mere mortals", the more vital are written, universal and enforced rules (they are usually called laws) - and security of a larger organization tends to have large difference here. And due to the the principle of the weakest link determining the strength of the whole chain, the axiom of [https://en.wikipedia.org/wiki/Ignorantia_juris_non_excusat ''ignorantia juris non excusat''] also applies, necessitating efforts both training to promote security awareness and policies to maintain and enforce it. | ||
That said, while not everyone can be a security professional in an organization, universal security awareness, shared responsibility and active participation (understanding and following the policies rather than complying mechanically) should be the goals. | |||
* Site and infrastructure | * Site and infrastructure | ||
* Acceptable Use | * Acceptable Use | ||
Redaktsioon: 3. mai 2014, kell 12:08
Introduction
As illustrated by the title above, any larger community of humans throughout the history has had "the rules of game" (written or unwritten). The larger the difference between the "initiates" and the "mere mortals", the more vital are written, universal and enforced rules (they are usually called laws) - and security of a larger organization tends to have large difference here. And due to the the principle of the weakest link determining the strength of the whole chain, the axiom of ignorantia juris non excusat also applies, necessitating efforts both training to promote security awareness and policies to maintain and enforce it.
That said, while not everyone can be a security professional in an organization, universal security awareness, shared responsibility and active participation (understanding and following the policies rather than complying mechanically) should be the goals.
- Site and infrastructure
- Acceptable Use
- Data value classification
- Data disclosure and destruction
- Roles and responsibilities
- Change control
- Disaster recovery
Additional reading and links
- ANONYMOUS. Maximum Security: A Hacker's Guide to Protecting Your Internet Site and Network. 3rd ed. Sams Publishing, 2001.
