5.0 Operational/Organizational Security
This chapter discusses security from the point of the view of the physical organization and the people within it. As you might guess from earlier chapters, the people aspect figures in prominently, whether were discussing physical or organizational security.
Additionally, this chapter looks at computer security-related policy-making. What rules should your organization have in place to govern business continuity, handling improper use of the organizations computing resources, the specification of the privacy/sensitivity level of data, what computer-related administrative activities occur at employee hiring and termination, etc.? These subjects are addressed in greater depth in this chapter.
Because all the security efforts in the world wont necessarily keep you from ever experiencing a break-in, we look at computer forensics the process of investigating an attack, often with the goal that evidence will be presented to law enforcement personnel, for prosecution of the attacker.
It also looks at the business issues of threat and risk identification and assessment a critical step in the business justification of computer security measures. Before you know how much (people, dollars, etc.) you can dedicate to computer security, you need to know the risks you face, and their values. This chapter covers the last official domain in Security+. Your authors have put forth every effort to adhere to RFC 1925413 throughout this work, and particularly so in this chapter as we are forced to interact with the non-technically inclined.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.