信息安全方针、标准、指导方针、流程的关系
2009-01-13 21:12
357 查看
一个很好的例子,说明信息安全方针、标准、指导方针、流程的关系:
A corporation’s security
policy indicates that confidential information should be properly protected. It states
the issue in very broad and general terms. A supporting standard mandates that all
customer information held in databases must be encrypted with the Advanced Encryption
Standard (AES) algorithm while it is stored and that it cannot be transmitted over
the Internet unless IPSec encryption technology is used. The standard indicates what
type of protection is required and provides another level of granularity and explanation.
The supporting procedures explain exactly how to implement the AES and IPSec
technologies, and the guidelines cover how to handle cases when data is accidentally
corrupted or compromised during transmission. All of these work together to provide
a company with a security structure.
A corporation’s security
policy indicates that confidential information should be properly protected. It states
the issue in very broad and general terms. A supporting standard mandates that all
customer information held in databases must be encrypted with the Advanced Encryption
Standard (AES) algorithm while it is stored and that it cannot be transmitted over
the Internet unless IPSec encryption technology is used. The standard indicates what
type of protection is required and provides another level of granularity and explanation.
The supporting procedures explain exactly how to implement the AES and IPSec
technologies, and the guidelines cover how to handle cases when data is accidentally
corrupted or compromised during transmission. All of these work together to provide
a company with a security structure.
相关文章推荐
- 安全方针、安全标准、安全指导、安全流程
- 信息安全标准术语集.rar
- 信息安全技术标准与应用高峰论坛在北京成功召开
- 美国信息安全风险评估工作流程详述
- 最新信息安全等级保护三级系统基线要求判分标准之应用安全
- 《ERP从内部集成起步》读书笔记——第2章 从优化业务流程谈信息集成的必要性 2.1从流程优化的需要理解信息化与管理的关系 2.1.1全局观念和全流程
- 基于ISMS和信息安全等级保护两个标准的信息安全项目设计方法
- ECC中标准表字段与BW中信息对象的对应关系表
- 信息安全:标准
- 国际信息安全评价标准(读书笔记)
- 一起来学信息安全知识(4)——CRC, MD5, SHA1的关系与区别
- 信息安全国内测评认证标准
- 企业信息安全与人员管理标准
- 企业实施信息安全审计的关键流程
- 信息安全常用概念间关系(图)
- 企业信息安全的操作流程
- [信息安全] 3.HTTPS工作流程
- 从企业角度谈信息安全技术体系的六个评估标准
- 《ERP从内部集成起步》读书笔记——第2章 从优化业务流程谈信息集成的必要性2.1从流程优化的需要理解信息化与管理的关系 2.1.3流程的可视化
- TYPESDK手游聚合SDK服务端设计思路与架构之四:流程优化之信息安全与订单校验