Security has a wider meaning to it .
Security for an organization does not only includes the security of customer's applications but it also includes the security of workstation used by organization employees.
Security for an organization can mean any of the following
Application security - Authentication and Authorization of the customers applications.
Network security - Implementing firewalls between communication end points , Seperating the different components of an architecture e.g. having webserver, application server , database on different machines , Implementing a proxy .
Password security- In case of personal user ids /passwords , passwords need to be strong , must not be shared with anyone else. In case of Shared Id usage , their passords must be stored at a location which can be accessed only by responsible people . The best solution in case of shared id usage would be implementing a solution like cyberark which would record every occurence when password would be read from the software and also there are mechanisms which would keep changing the password after a cycle of time.
Workstation security - Security is not the aspect that applies to applications but also to the workstation which employee is using to access the customer and organization applications. There should be antivirus , network threat protection installed on the workstation . It is responsibility of employees not to install the unauthorized softwares on the system.In case of workstation theft , there should be a provision that data on system is encrypted and it can not be viewed by someone else.
Information security - Any confidential information related to organization should not be published outside the organization without the organization permissions.
Security for an organization does not only includes the security of customer's applications but it also includes the security of workstation used by organization employees.
Security for an organization can mean any of the following
Application security - Authentication and Authorization of the customers applications.
Network security - Implementing firewalls between communication end points , Seperating the different components of an architecture e.g. having webserver, application server , database on different machines , Implementing a proxy .
Password security- In case of personal user ids /passwords , passwords need to be strong , must not be shared with anyone else. In case of Shared Id usage , their passords must be stored at a location which can be accessed only by responsible people . The best solution in case of shared id usage would be implementing a solution like cyberark which would record every occurence when password would be read from the software and also there are mechanisms which would keep changing the password after a cycle of time.
Workstation security - Security is not the aspect that applies to applications but also to the workstation which employee is using to access the customer and organization applications. There should be antivirus , network threat protection installed on the workstation . It is responsibility of employees not to install the unauthorized softwares on the system.In case of workstation theft , there should be a provision that data on system is encrypted and it can not be viewed by someone else.
Information security - Any confidential information related to organization should not be published outside the organization without the organization permissions.
No comments:
Post a Comment