Basic principles and common approaches for the development of information security, Information security state, the State of preservation of information. An important aspect of information security, The present document is the concept of information security, basic principles and approaches for designing a system for ensuring information security, methods. the necessary resources, without management and physical protection of solved it is impossible. Complexity also complicates perspective IB; requires the interaction of professionals from different areas.
As the main instrument of struggle with the complexity of the object-oriented approach is proposed. Encapsulation, inheritance, polymorphism, selection of faces, objects of varying levels of detail-all are universal concepts, knowledge of which is necessary for all information security professionals.
In accordance with the law on the safety and maintenance of the national security concept, under the information security will understand the State of protection of the vital interests of the individual, society and the State in the field of information. The combination of official views on the goals, objectives, principles and main directions of information security, The concept of information security-a document defining enterprise information security strategy for the long term. The concept of lists the tasks in the field of information security, as well as the principles which should be followed by the company in meeting the challenges of information security in accordance with business objectives, normative-legal acts.
The concept of information security is intended for formation of officially approved system of views on the aims, objectives and directions of activity of the company is the customer in the field of the protection of information assets.
The existence of the integral concept of information security will allow the customer to properly plan the development of an information security system and avoid significant excess costs in a dynamically changing environment information systems, as well as the requirements of regulators, information security requirements.In order to facilitate the building of secure it systems, Microsoft offers the Microsoft Solutions for Security recommendations and methodologies, guidelines and explanatory notes that in any case it is necessary to do.
Identity and Access Management. This tutorial-Guide, explaining how to implement a solution for identity and access management. This document provides an introduction to identity and access management, talks about creating a platform, aggregation and support digital identity using MIIS (Microsoft Identity Integration Server), integration of computers and applications using Kerberos, single BE (Business-to-Employee) web entry point using authentication certificates, unified BRIGHT (Business-to-Consumer) web entry point using Passport authentication, single BB (Business-to-Business) web entry point and delegating administration. Identity and Access Management is not simply a step by step guide explaining in what order and what to do in a given situation. Rather, it is a tutorial. With one hand he puts into perspective, shows what will face and how to conduct yourself properly. On the other hand, it provides a methodology and product knowledge, enabling to build, configure, and test the solution.
Security Patch Management. The methodology of "managing security updates" gets right in two areas: security solutions and management solutions. This document provides an overview of Microsoft solutions and comments to the various versions, introduction to managing security updates, information about preparing to update management and understanding of security update management, description of the Microsoft tools and technologies, as well as tools and resources 3-their firms. In addition to this information about managing security updates lifecycle: installation, initiating changes, versions, security policy, responding to emergencies, the optimization results. This document allows an IT professional to build such a solution, what he sees fit, but this gives some recommendations and guide to security patch management process to be truly effective.
Windows XP Security Guide and the Windows Server 2003 Security Guide. It's two different guides, each devoted to its operating system. However, they have a very similar structure: introduction to the problem, Microsoft Solution Framework, manage risk and project readiness, command model and processes, Microsoft Operations Framework, tools and templates. Again draws attention to the fact that it is not the Administration Guide, and the methodology for securing the ultimate client or server operating system. Such a guide to anything it is not obliged, however, provides tips and developer experience.
Threats and based checklists focused Guide. Guide to "threats and counter" carries a methodology for configuring security settings in Windows Server 2003 and Windows XP. The document provides an introduction to the issue, the domain-level policy information, their auditing, user rights assignment, security capabilities, system event log (Event Log), system services, policies governing the use of templates, Windows XP, Office, and Windows Server 2003, additional registry settings and techniques for hardening servers. It is anticipated that this methodology will be very useful for system administrators who know how to configure the client and server systems, but do not have a clear action plan for configuring security settings.