Chapter 5

Planning Enterprise Information Security

In This Chapter

Understanding the risk of data breaches

Planning to protect information assets

Devising a security policy

Employing security technology

Information has value. It’s an asset that can be worth much more than the hardware on which it is stored. Consider how costly the following events might be to a business:

An Internet-based retailer experiences problems with Web services, preventing customers from placing orders.

A file is copied to the wrong server, resulting in proprietary information being available on a company’s public Web site.

A programming team is tasked with making critical changes to a legacy production application, but the source code was lost months ago.

A company loses several weeks’ worth of billing data after a server crash. Although the data was scheduled to be backed up, the error messages in the backup log files were missed, or the backup was untested and failed during recovery.

Network connectivity issues prevent call center customer service personnel from accessing customer data.

Without proper planning and organization, your organization risks not only data loss, but also the capability to use data as required. This chapter gives you an overview of layered strategies for enterprise data protection, strategies for extending data access beyond the enterprise, and security policies. (Later chapters provide more detailed coverage of specific defensive strategies.)

Protecting Enterprise Data

Just ...

Get IT Architecture For Dummies now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.