IT人应该知道的.pdf

Copyright © 2005 Information Systems Audit and Control Association. All rights reserved. . The 10 Most Important Things an IT Person Must Understand About Security Across the Enterprise By Reed Harrison his article is not going to focus on the typical top 10 list decade of running an information security program at a US ranking items in some predetermined order of multibillion-dollar worldwide electronics and communications Timportance; instead, this discussion will look at the corporation throughout the 1990s. This perspective is also equally essential components of a successful information shared from myriad experiences described by chief security security program that can scale across an enterprise. officers (CSO) of the largest corporations, financial institutions The 10 most important things an IT person must and accounting firms in the world over the last five years. understand include: Viruses and hackers, once the prime concerns as networks • Every organization must have a plan. and computers were proliferating, are now a mere fraction of • Having no plan is a plan in and of itself. the threat landscape. This landscape has expanded with legal • Security programs come in all extremes, shapes and sizes. mandates requiring security programs to be in place; controls • Security programs need to put learned information to be provably implemented, maintained and monitored into practice.