Chapter 3. Security As a Process
Security is a process that requires the integration of security into business processes to ensure enterprise risk is minimized to an acceptable level. This chapter will introduce the concept of using risk analysis to drive security decisions, and to shape policies and standards for consistent and measurable implementation of security. Ensuring the security team is involved in IT policies and standards development, and the enterprise change management process is key to reducing risk to the enterprise, especially when changes include firewall policy modifications, business partner connectivity, changes to network architecture, and defined policies and standards. Additionally, exceptions to defined standards and policies ...
Get Enterprise Security: A Data-Centric Approach to Securing the Enterprise now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.