Introduction to Information Security
30
Nokia IP60 Security Appliance User Guide
To prevent the theft, abuse, misuse, or any form of damage to crucial information
For example, no business wants to find its customer list or future secret product line plans in the hands
of the competition.
To comply with local laws
Local laws may enforce the protection, integrity, and availability of specific information, such as an
individual's personal details, in order to respect the individual's right to privacy. Local laws may also
enforce the security requirements made in the Health Insurance Portability and Accountability Act of
1996 (HIPAA).
To comply with another organization's security requirements
Some organizations require their business partners to comply with international standards of security.
Information Security Challenges
The challenges of information security can be divided into the following areas:
Confidentiality and Privacy
- Ensuring that only the intended recipients can read certain
information
Authentication
- Ensuring that information is actually sent by the stated sender
Integrity
- Ensuring that the original information was not altered and that no one tampered with it
Availability
- Ensuring that important information can be accessed at all times and places
The Security Policy
In order to meet these challenges, an organization must create and enforce a
security policy
. A security
policy is a set of rules that defines how and by whom sensitive information should be accessed, handled,
and distributed, both within and outside of the organization. For example, a security policy may include the
following rules regarding visitors who arrive at an enterprise building's lobby:
Visitors must sign in at the entrance desk.
Visitors must wear a visitor badge and be escorted while in the building.
Visitors cannot use their badge to open electronic doors.
Other types of security policy rules and measures might be:
Only the executive manager has access to financial reports.
Visitors must open their bags for a security check.
Surveillance cameras should be positioned in the area of the building.
Passwords must be changed on a daily basis.
Confidential papers must be shredded after use.
An organization's security policy is usually designed by a person who is in charge of handling all security
matters for the organization. This person is called a
security manager
.
Summary of Contents for IP60 - Security Appliance
Page 1: ...Part No N450000643 Rev 001 Published February 2008 Nokia IP60 Security Appliance User Guide ...
Page 4: ...4 Nokia IP60 Security Appliance User Guide ...
Page 10: ......
Page 12: ......
Page 38: ......
Page 58: ......
Page 108: ......
Page 268: ......
Page 482: ......