Chapter 10. IT Infrastructure Security Policies

IT INFRASTRUCTURE SECURITY POLICIES are broader in scope and depth than User Domain policies. As discussed in Chapter 9, User Domain policies focus on human access and data handling. The number of user-related policies can be limited because you can define specific user access requirements. There is also a practical matter of human capacity. When writing policies for the typical user, you must consider the capacity to learn and retain the information.

In contrast, the IT infrastructure is vast. The number of devices and possible access points are far greater. A single server may have hundreds of ports. Each port on a server is an access point that needs to be protected. Security policies define how ...

Get Security Policies and Implementation Issues now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.