security160management(编辑修改稿)

security160management(编辑修改稿)内容摘要：

..........70 Appendices ........................................................................................................... 71 Appendix A: Sample Organizational Security Policy .............................................71 Policies.........................................................................................................71 Standards ....................................................................................................72 Procedures ...................................................................................................72 Appendix B: Resources .......................................................................................75 Appendix C: Security Monitoring and Security Auditing Tools ..............................77 Monitoring Microsoft Windows Event Logs .....................................................77 Monitoring Windows Services........................................................................77 Monitoring Device Drivers.............................................................................77 Security Auditing ..........................................................................................78 1 Executive Summary The business world is increasingly reliant on technology to supply information and munications facilities to staff, partners, and customers. Securing anizational information and the systems that are used to manage and transmit data has bee a high profile function. Failure to secure information can have a severe impact on business credibility. Threats to an anization e in a variety of forms, for example from hacking, viruses, and simple human error. The types of threats change constantly, so management must sponsor, design, and implement business and technical processes to safeguard critical business assets. To create a more secure business environment the anization must:  Assess business exposure and identify which assets to secure.  Identify ways to reduce risk to an acceptable level.  Design a plan for mitigating security risks.  Monitor the efficiency of security mechanisms.  Reevaluate effectiveness and security requirements regularly. All of these activities must be coordinated within a welldefined strategy. An anization can manage risk to an acceptable level by developing security policies and making staff and mercial partners aware of their responsibilities within them. Security can also contribute to an anization’s bottom line, because customers value the reliability of a supplier. This Security Management service management function (SMF) guides anization leaders and senior managers through issues that they should consider when developing an effective security policy and implementing it through a security program. The SMF discusses the individual and team security roles and their interrelationship with operational functions. The SMF also reviews tactics and best practices to increase staff awareness and encourage continuous improvement. Security management is only one aspect of providing information technology (IT) services to an anization. This SMF works within the wider Microsoft Operations Framework (MOF) to align defense with other critical services, such as Business Continuity Management and Change Management. The Security Management SMF also relates to industry security standards and initiatives, such as the International Standards Organization (ISO) 17799:20xx and the IT Infrastructure Library (ITIL) Best Practice in Security Management. 2 Introduction This service management function (SMF) provides information about security management for anizations that have deployed, or are considering deploying, Microsoft or other technologies in a data center or other enterpriselevel puting environment. The guide assumes that the reader is familiar with the intent, background, and fundamental concepts of the Microsoft Operations Framework (MOF) and the Microsoft technologies that this SMF discusses. You can find detailed information about the concepts and principles of MOF on the MOF Executive Overview site that is available at An overview of all of the MOF SMF guides is available on the Service Management Functions Introduction site at Audience This SMF provides security management information for a broad range of business and technical roles within an anization. It offers business executives and managers a basic understanding of the reasons for developing a security program. It also provides detailed information for those individuals who are responsible for designing and managing the implementation of security policies. Organization Leaders The term anization leader applies to those roles at the highest level of influence within an anization. In many anizations, these roles might include one or more chief officers (Executive, Operations, Information, Technology, and others). Organization leaders specifically:  Sponsor security.  Establish mercial criteria for security.  Drive the highlevel adoption of security policies across the anization. The areas in this SMF that are of particular use to anization leaders are the explanations of the language of security, the planning necessary for an effective security program, and the means of municating security policies throughout an anization. Operation and Service Managers Managers in these roles are primarily concerned with using information technology (IT) to deliver valuable business services. Securing these services means that developing and maintaining effective processes and procedures that support the aims and objectives of the anization are essential. Common goals for those people who are working in these positions include:  Service efficiency.  Service quality.  Service availability.  Quality user experience. 4 Security Managemen。