Probably the most difficult task when dealing with security is the planning stage, in which you need to develop a solution to meet your company's business and security needs. When examining your network and identifying critical and insecure areas and components, you need to approach a security plan from various perspectives:
- Business goals and user needs
- People and politics
- Technical issues
First, you have to remember that your company has business goals outlined in a business plan. These are used as a roadmap to increase your company's success. A good security solution should help, not hinder, a company in reaching its business goals. The company's users have needs that are related to the company's business plan. Whereas the business plan is a general guideline, users have specific needs to reach the company's business goals.
You must deal with all kinds of users from different departments and divisions when determining what assets and resources your company is using to reach its business goals. This means that you need to be intimate with the corporate organization ladder and have political savvy when dealing with various users and departments, as well as their diverse needs.
When you understand what resources either are being used by or are required by users to reach the company's business goals, you need to determine what kind of security solution should be implemented that will protect your company yet allow it to achieve its goals. A solution that is completely secure yet prevents a company from reaching its goals is counterproductive and useless.
Tidak ada komentar:
Posting Komentar