Security policy in information systems

Information security issues are currently one of the leading topics discussed not only at the annual conference of the world's best programmers, but also at meetings of various firms and companies. In our era of universal computerization and the translation of all information into an electronic form, security policy began to play a dominant role in all enterprises, since the preservation of trade secrets as well as confidential information is very important for achieving success and being able to get ahead of its competitors.

Most users in the world work in the world-famous Windows system, which every year improves its software, making it more secure and reliable. However, unfortunately, to achieve full guarantee of data retention from hacking and unauthorized penetration is not possible, because it is due to the wide popularity, as well as the great popularity of this system, a lot of hacking falls on Windows. For this reason, the security policy is extremely important here and the IT department of each enterprise should give this issue priority.

Some large companies and specialized companies solve the security issue as follows: they install on their computer hardware not Windows, but other software (Linux, Unix, etc.). This significantly reduces not only the number of virus attacks, but also the probability of information theft, because these software shells are not very common among ordinary users. The security policy in this case can be high, however, the enterprise will incur additional costs for training its personnel to work in the Linux system.

If we talk about Windows, then its security model is based on the concepts of authorization and authentication, which allow not only to restrict access to local resources of the company, but also to clearly monitor all those who logged on to the system. User authentication is the verification of its identity, and authorization checks its rights regarding access to local computers or specific electronic data. It is noteworthy that the Windows security policy is based on the NTLM protocol, as well as on the new encryption technology Encrypting File System (EFS). Despite the fact that this is a public key, it is quite difficult to hack such a system, since Microsoft programmers constantly update protection systems, improving and supplementing them.

The big plus of Windows XP Professional is the presence of an active Active Directory, with which you can manage the registration of users, change the parameters for accessing data and restrict them in the specified limits, forcibly terminate the sessions of specific individuals, and so on. With a competent system administrator, the security policy here can be configured very well. In addition, it is also possible to add or remove access to certain resources using the control list (ACL), as well as monitor the changes that occur.

Recently, cases of industrial espionage have increased several times, which is even more evidence that the managers of the enterprise should fully ensure the safety of their confidential data. The security policy of Windows XP in this respect makes it possible to provide as much as possible all necessary information protection from both internal kidnapping and external penetration.

It is also important to remember that no one will guarantee a 100% guarantee for the safety of your data, because constantly on the network there are attempts to penetrate and steal information from both specific users and company and company databases, therefore IT department must constantly monitor the operating system and the local network .