Beruflich Dokumente
Kultur Dokumente
Pgina 1 de 6
Comments by Section
Comments by Contributor
Login
INTRODUCTION
Next
1
This memo provides information for the Internet community. It does not
specify an Internet standard of any kind. Distribution of this memo is
unlimited.
Abstract
1. Introduction
http://rfc2196.foo.be/archives/10
18/09/2014
Introduction RFC 2196 (Site Security Handbook) with ISO 27001 and other annot... Pgina 2 de 6
10
A special thank you goes to Joyce Reynolds, ISI, and Paul Holbrook,
CICnet, for their vision, leadership, and effort in the creation of the first
version of this handbook. It is the working groups sincere hope that this
version will be as helpful to the community as the earlier one was.
11
12
13
site will have to make many decisions, gain agreement, and then
communicate and implement these policies.
14
1.2 Audience
15
The audience for this document are system and network administrators,
and decision makers (typically middle management) at sites. For brevity,
16
17
The primary audience for this work are sites that are members of the
Internet community. However, this document should be useful to any site
18
1.3 Definitions
19
For the purposes of this guide, a site is any organization that owns
computers or network-related resources. These resources may include host
computers that users use, routers, terminal servers, PCs or other devices
that have access to the Internet. A site may be an end user of Internet
services or a service provider such as a mid-level network. However, most
of the focus of this guide is on those end users of Internet services. We
assume that the site has the ability to set policies and procedures for itself
with the concurrence and support from those who actually own the
resources. It will be assumed that sites that are parts of larger
organizations will know when they need to consult, collaborate, or take
recommendations from, the larger entity.
20
21
The term administrator is used to cover all those people who are
responsible for the day-to-day operation of system and network resources.
This may be a number of individuals or an organization.
http://rfc2196.foo.be/archives/10
18/09/2014
Introduction RFC 2196 (Site Security Handbook) with ISO 27001 and other annot... Pgina 3 de 6
22
The term security administrator is used to cover all those people who are
23
The term decision maker refers to those people at a site who set or
approve policy. These are often (but not always) the people who own the
resources.
24
25
26
27
28
29
Most of this document is focused on item 4 above, but the other steps
30
31
32
One of the most important reasons for creating a computer security policy
is to ensure that efforts spent on security yield cost effective benefits.
Although this may seem obvious, it is possible to be mislead about where
the effort is needed. As an example, there is a great deal of publicity about
33
Risk analysis involves determining what you need to protect, what you
34
http://rfc2196.foo.be/archives/10
18/09/2014
Introduction RFC 2196 (Site Security Handbook) with ISO 27001 and other annot... Pgina 4 de 6
35
36
For each asset, the basic goals of security are availability, confidentiality,
and integrity. Each threat should be examined with an eye to how the
37
38
One step in a risk analysis is to identify all the things that need to be
39
40
41
42
43
44
45
46
47
threats you are trying to protect your assets. The following are classic
threats that should be considered. Depending on your site, there will be
more specific threats that should be identified and addressed.
48
http://rfc2196.foo.be/archives/10
18/09/2014
Introduction RFC 2196 (Site Security Handbook) with ISO 27001 and other annot... Pgina 5 de 6
Powered by Digress.it
http://rfc2196.foo.be/archives/10
18/09/2014
Introduction RFC 2196 (Site Security Handbook) with ISO 27001 and other annot... Pgina 6 de 6
http://rfc2196.foo.be/archives/10
18/09/2014