First page Back Continue Last page Summary Graphic

Security Decisions

Decide what is, and is not permitted.

This process is normally driven by the business or structural needs of the organization, such as:

An edict that bars personal use of corporate computers.
Restrictions on outgoing traffic (employees exporting valuable data).
Not allowing a specific protocol because it cannot be administered securely.
Not allowing employees to import software without proper permission
(licensing issues, virus’, etc).
This philosophy extends to opposite ends of the scale.
We’ll run it unless, and until, you Show me it’s both safe and necessary
can show me that it’s broken. otherwise we won’t run it at all.