Chapter 5
Planning Enterprise Information Security
In This Chapter
Understanding the risk of data breaches
Planning to protect information assets
Devising a security policy
Employing security technology
Information has value. It’s an asset that can be worth much more than the hardware on which it is stored. Consider how costly the following events might be to a business:
An Internet-based retailer experiences problems with Web services, preventing customers from placing orders.
A file is copied to the wrong server, resulting in proprietary information being available on a company’s public Web site.
A programming team is tasked with making critical changes to a legacy production application, but the source code was lost months ago.
A company loses several weeks’ worth of billing data after a server crash. Although the data was scheduled to be backed up, the error messages in the backup log files were missed, or the backup was untested and failed during recovery.
Network connectivity issues prevent call center customer service personnel from accessing customer data.
Without proper planning and organization, your organization risks not only data loss, but also the capability to use data as required. This chapter gives you an overview of layered strategies for enterprise data protection, strategies for extending data access beyond the enterprise, and security policies. (Later chapters provide more detailed coverage of specific defensive strategies.)
Protecting Enterprise Data
Just ...