Chapter 25 - Security Management Systems

Abstract

Today, when most companies and government agencies rely on computer networks to store and manage their organizations' data, it is essential that measures be put in place to secure those networks and keep them functioning optimally. Network administrators need to define their security management systems to cover all parts of their computer and network resources. With a plethora of storage devices, including iPads, Android tablets, universal serial bus drives, watches, televisions, digital video recorders, smartphones, Apple TV appliances, Xboxes, and household appliances, management becomes even more difficult. This chapter focuses on security management systems, which are sets of policies put into place by an organization to maintain the security of its computer and network resources. These policies are based on the types of resources that need to be secured, and they depend on the organization. Some groups of policies can be applied to entire industries; others are specific to an individual organization. A security management system starts as a set of policies that dictate the way in which computer resources can be used. The policies are then implemented by the organization's technical departments and enforced. This can be easy for smaller organizations, but it can require a team for larger international organizations that have thousands of business processes. Either way, measures need to be put in place to prevent, respond to, and fix security issues that arise in an organization. Standards that were in place 10years ago may not be adequate for current business practices. As an example, a strong password may have included fewer than 8 characters, whereas modern computers can easily break the password using brute force or rainbow table methods.