Manualshelf

User guide

ManualsBrandsCheck Point Software Technologies ManualsNetworkingSafe@Office 1000NW
81828384858687888990
Introduction to Information Security
Chapter 2: Safe@Office Security 73
Information Security Challenges
The challenges of information security can be divided into the following areas:
Confidentiality and Privacy - Ensuring that only the intended recipients can read
certain information
Authentication - Ensuring that information is actually sent by the stated sender
Integrity - Ensuring that the original information was not altered and that no one
tampered with it
Availability - Ensuring that important information can be accessed at all times
and places
The Security Policy
In order to meet these challenges, an organization must create and enforce a security
policy. A security policy is a set of rules that defines how and by whom sensitive
information should be accessed, handled, and distributed, both within and outside of the
organization. For example, a security policy may include the following rules regarding
visitors who arrive at an enterprise building's lobby:
Visitors must sign in at the entrance desk.
Visitors must wear a visitor badge and be escorted while in the building.
Visitors cannot use their badge to open electronic doors.
Other types of security policy rules and measures might be:
Only the executive manager has access to financial reports.
Visitors must open their bags for a security check.
Surveillance cameras should be positioned in the area of the building.
Passwords must be changed on a daily basis.
Confidential papers must be shredded after use.
An organization's security policy is usually designed by a person who is in charge of
handling all security matters for the organization. This person is called a security manager.