dien thoai gia re , dau gia bizgia.net , the gioi smartphone , download game mobile downloadgamemobile.info , smartphone , tang truong tangtruong.net , khoa hoc cong nghe thong cong thongcong24h.vn , mua ban sim , Smartphone gia re , cong nghe congnghetuonglai.org , cong nghe congnghe360.org , giai tri guongmat.org , su kien sukientrongngay.net , thoi trang hi tech , thong tin thongtin360.net , may tinh bang gia re , perfect body , dien thoai xach tay , gia vang hom nay , kiem dinh kiemdinh3.com , kinh te viet nam , xay dung viet nam , thoi trang , thoi trang , phu nu viet nam , tin tuc moi online , dich vu bao ve viet nam , bao ve viet nam , cong ty bao ve viet nam , tin tuc moi online , giai tri 24h , tin tuc 24h

Risk Management

A traditional approach to risk management

There are two basic approaches (with multiple variations) to managing network security:

Hard core approach

The main principle behind this approach is the extension of physical boundaries to logical security.  Employess and contractors are considered to be trustworthy whereas connections coming from everyone else (i.e. the Internet) is untrusted and must be protected against.  The easiest way to put this approach into action is through the implementation of perimeter security devices such as firewalls and incoming content management mechanisms such as anti-virus packages.

There are two drawbacks to this approach:

  • Often the hard core can turn out to be an egg shell if not properly configured and maintained
  • Employees and contractors (internal connections) are trusted without necessarily restricting access at a role based level (employees only require access to those IT resources necessary to perform the role that they have been employed for).

Apart from the drawbacks, this is not an unacceptable approach and are often found in small environments where the cost to administer comprehensive internal controls cannot be justified.

Defence in depth

This approach protects resources based on the importance of information stored on those resources.  Multiple layers of security are implemented (firewall, intrusion detection systems, operating systems hardening, monitoring, etc.) and careful consideration is given to why and where specific security devices or mechanisms are implemented.

It is generally accepted practice to take basic precautions at the network perimeter.  However, a common mistake made during the implementation of this approach is to assume that because a resource is closer to an untrusted network, it requires more protection.

 

Critical resources might well be exposed to trusted employess without the necessary basis to warrant such trust.