Saturday, February 11, 2012
Chapter 14
This last chapter of the book covered how to mitigate risks of attack and damage to a computer system. The first part of the chapter dealt with terminology of risks. Privilege management was covered next, and it dealt with auditing the rights users were assigned on a network. Change management was discussed, which is keeping track of how and what changes are made to a system. Incident management was next, and it deals with identifying, analyzing and contain an event or issue that could r has compromised a system so as to return to normal operations as quickly and seamlessly as possible. Risks can be reduced through security policies, or a document that details how IT plans to secure a company's data networks and assets. Security policies can cover several different areas from digital policies (acceptable use and password complexity policies) to human resource policies, data classification policies, etc. Threat awareness was covered next, and went into detail about issues surrounding peer-to-peer networks and social networks. Lastly, the book went through how to train users in the organization to about these policies, including how to do so to a wide variety of learning styles.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment