This paper discusses an integrated security approach that engages multiple functional levels in an organization from the Board and management to IT staff and individual users. The discussion presents security issues at the policy setting level and important control implementations at the gateway interface, internal network, and corporate files. As this approach involves multiple layers, the security environment can be strengthened. This discussion can be used as a guideline for corporate security management, as the components for a security audit, and as an internal communication to enhance corporate security awareness. The comprehensive view presented in this discussion is beneficial to managers, auditors, controllers, and consultants who work on security issues.
[1]
Ramez Elmasri,et al.
Fundamentals of database systems (2nd ed.)
,
1994
.
[2]
Steven Cheung,et al.
The threat from the net [Internet security]
,
1997
.
[3]
Ramez Elmasri,et al.
Fundamentals of Database Systems
,
1989
.
[4]
Matt Bishop,et al.
Improving system security via proactive password checking
,
1995,
Comput. Secur..
[5]
Paul F. Burton,et al.
Information Management Technology
,
1991
.
[6]
Patrick James McFadden.
Guarding Computer Data
,
1997
.
[7]
Helen Meyer,et al.
Network security for all
,
1999
.
[8]
Michael Hines,et al.
AN EIGHT-STEP AUDIT WORK PROGRAM FOR TCP/IP
,
1997
.