Security Cannot be an Afterthought
No matter what you might think about the environment in which your
systems are running, you cannot take security for granted. Even
standalone systems not connected to the Internet may be at risk
(although obviously the risks will be different from a system that is
more connected to the outside world).
Therefore, it is extremely important to consider the security
implications of everything that you do. The following lists illustrates
the different kinds of issues that you should consider:
The nature of possible threats to each of the systems under your
care
The location, type, and value of data on those systems
The type and frequency of authorized access to the systems (and
their data)
While you are thinking about security, do not make the mistake of
assuming that possible intruders will only attack your systems from
outside of your company. Many times the perpetrator is someone within
the company. So the next time you walk around the office, look at the
people around you and ask yourself this question:
What would happen if that person were to
attempt to subvert our security?
 | Note |
|---|
| | This does not mean that you should treat your
coworkers as if they are criminals. It just means that you should
look at the type of work that each person performs, and determine what
types of security breaches a person in that position could perpetrate,
if they were so inclined. |
