Security Analysis, Assessment, and Assurance

Security Analysis, Assessment, and Assurance

Joseph Kizza (The University of Tennessee-Chattanooga, USA) and Florence Migga Kizza (The University of Tennessee-Chattanooga, USA)
Copyright: © 2008 |Pages: 19
DOI: 10.4018/978-1-59904-379-1.ch009

Abstract

In the previous chapter, we discussed the important role security policies play in the security of networks, in particular, and in the information communication technology (ICT) infrastructure, in general. The security policy should always be considered as the baseline security piece that dictates what other security mechanism are to be used and how. However, one must not forget that security policies are passive documents; they are lines of statements of what must be done and nothing more. A security policy will not physically stop a determined intruder, for example. To stop a determined intruder, or any other intruder for that matter, the security policy must be put into use. This chapter moves us into a new phase of the implementation of the security policies we discussed in the last chapter, starting with security assessment and analysis.

Complete Chapter List

Search this Book:
Reset