Français
4. Methods
There are several possible approaches to ISS. The first, and simplest, is the purely technical approach, with no explicit security policy: you don't want to touch the existing organization at all, just install a device that filters flows, logs service requests or partitions the network, for example. This type of security is based on automatic systems and corresponds to a predefined security "model" that is applied "intuitively" without prior study. Poor, unspecified and requiring little effort to design and implement, it offers protection only against a low-intensity threat. Does it protect against internal malicious acts? Have all the consequences of a security incident been considered? Do we know how to recover from a disaster? These and many other unanswered questions will resurface with force when the time comes. This way of thinking stems from concepts that are still very prevalent,...
The Ultimate Scientific and Technical Reference
This article is included in
Security of information systems
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
Methods
Conclusion
References
- (1) - Sécurité informatique : manager et assurer. - AFNOR normes, fév. 2002. http://www.afnor.fr
- (2) - CLUSIF, MEHARI - août 2000. http://www.clusif.asso.fr ...
The Ultimate Scientific and Technical Reference
