لطفا منتظر باشید ...
Responsibilities for Network Security
Many people are involved in the security process of an organization, ranging from senior management to the everyday user. Senior management enforces the security policy, which is discussed in more detail in Chapter 5, "Security Policies." Policies and rules that come from senior management that are based on the saying "Do as I say, not as I do" are usually ignored. If you want users to participate in maintaining security, they need to believe that you take it seriously. Users need to be aware of not only the existence of security, but also the consequences of not abiding by the rules. The best way to do this is by providing short security-training seminars in which people can ask questions and talk about issues. Another excellent security practice is to post articles describing security breaches in highly frequented areas (the coffee corner or the cafeteria).In addition, governments are now playing a significant role in security by enacting laws to create a legal structure to surround emerging technologies such as wireless and voice communication over IP. In this way, governments have created legal requirements that need to be taken into account when making security decisions. The following list describes some of these legal requirements:
- HIPAA
The Health Insurance Portability and Accountability Act restricts disclosure of health-related data along with personally identifying information. - GLB
The Gramm-Leach-Bliley Act affects U.S. financial institutions and requires disclosure of privacy policies to customers. - ECPA
The Electronic Communications Privacy Act specifies who can read whose e-mails and under what conditions.
NOTEThis list is provided as a reference and is not meant to be comprehensive.
