Summary

Best practices for computer security have many dimensions. In this chapter, you looked at some of the most important. Security starts with well-defined policies that need to be supported by everyone in the organization—especially the senior management. The policies and procedures form the structure by which the technical security measures will be implemented. Without defined and unambiguous policies, it’s impossible to implement effective security.

The security policies will vary in specificity and details based on the sensitivity of the data they protect. Ensuring the right level of strictness in developing the policies is important to a successful implementation. Policies that are too restrictive can inadvertently cause insecure behaviors to be practiced. The policies have to be practical and should be based on the tenets of security.