It is important for your organization to determine what “information security” means to the organization. This is not a one-size-fits-all concept. One organization’s acceptable level of security could be another organization’s worst nightmare. Although everybody has different definitions, these are guidelines for considering security
Sensitive information should be kept confidential – you need to determine who should have access to what information
The system should enforce integrity – the server should enforce the rules and constraints to ensure the information remains accurate and complete.
The information should be available – even with all the safeguards in place, anybody who needs access to the information should have it available when the information is needed..
You should identify where your organization’s security requirements originate from. That is, what is it that your organization wants to protect and what does the outside world require of your organization:
Identify the information assets and the security risks associated with them if they become vulnerable or compromised.
Identify and understand any laws, statutes, regulations, and contractual agreements that apply to your organization and the information assets.
Identify your organization’s business processes and the requirements they impose on information assets, to balance practical considerations with the security risks.
Remember that these requirements can change over time. You will probably have to revisit and reassess the security requirements to make sure they still reflect your organization’s needs.
After you and your organization determines what information security means, you must set up a series of controls and policies that meet the company's security objectives. One desirable outcome of these efforts is an information security policy document that clarifies decisions made for information security.
For more information about security features in Adaptive Server, see Chapter 13, “Getting Started With Security Administration in Adaptive Server.”
| Copyright © 2005. Sybase Inc. All rights reserved. |
|
|
