Security Information and Review

Collection of security information and review

Guidelines Basic Security Policy of the Web Services

Author : Admin

If we want to build an enterprise web application services, we should not only focus on the features but the most important is to create the availability and security of the web application services. We also must focus to make good overall web services security. Many people focus only on the security mechanisms to make web application more secure. Security mechanisms are only valuable if they are part of an overall security fabric that provides the level of protection both desired and thought to be in place. It’s important that an enterprise’s security policy be comprehensive and thorough. So, It’s developing good policies more important that must provide for enterprise’s security strategy.

The security policy clearly communicates the roles and responsibility managers, users and administrators have in protecting information and technology assets. An enterprise security policy identifies responsible organizations for physical, personnel and IT security and the standards and countermeasures the organization will use for defending the computing environment, enclave boundaries and the network and computing infrastructure. The security policy also lays out incident reporting and response procedures. In next step, we will discussion about how step by step to developing a security policy.

security-policy

The first step is identify the assets we are trying to protect. At minimum condition, we must provide availability and integrity throughout the IT infrastructure, system and network must be available and accessible to whoever we define our user community to be.

The second step is identify the threats we are protecting against. We have an understanding of the information and threat we are trying to protect. There are five types of threats of attack, such as passive attacks include eavesdropping, active attack includes masquerade, replay, message modification and denial of service, close in threats, insider and distribution attacks.

The third step is implement cost effective measures. We must implement reasonable measures against any identified threats based on the results of risk analysis to secure the confidentiality, integrity, and availability of information assets, and to ensure the safety and security thereof.

Mohamad Widodo

Mohamad Widodo

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Netvouz
  • DZone
  • ThisNext
  • MisterWong
  • Wists
  • Technorati
  • YahooMyWeb
  • Slashdot
  • StumbleUpon
Categories: Web Application Security
 

[...] H­er­e is­ th­e or­igin­al­: G­uide­l­ine­s­ Bas­ic­ S­e­c­ur­ity Pol&#173… [...]

If you like this posts, please leave messages / comments.