23
In
system
security,
a
term
defense-in-depth is
widely
recognized
to
deliver
total
protection
and
effective
security
in
the
system
network.
Defense-in-depth
is
meant
to
provide
multilayered defense
line, combining
the benefits of IPS,
firewalls, proxy
servers,
and
other
security
tools
invested
in
the
network.
Basic
access
control
is
also
indispensable
to
mainly
control
authorization
to
the
users
and
administrators.
It
is
to
determine which
users
are
permitted or
which
users
are prohibited in
particular segment
of
the
network, depending on
their
task
and
responsibility. In
order
that
system security
is appropriately applicable
in organizations, users and administrators are also
imposed to
contribute
their
roles
in
the
approved
manner
for
the
effectiveness of
security
implementation. Thus,
the
practicality
of
security
policy
is
required,
defined,
and
enforced
by
means
of
giving
proper
information
for
users
and
administrators of
the
system
about
the
mandatory
prerequisites of
protecting
and
securing
technology and
information assets. Security policy
is a formal avowal of rules
that
is directed to people
or
users
who
have
access
to
the
organization’s
technology
and
information
assets.
It
intends to
accomplish the
organization’s security objectives
with
the
cooperation of
all
workforces of the organizations. A good security policy must be able to be
implemented
through
the
system
administration
procedures
and
publishing
of
acceptable
use
guidelines
or
other
appropriate
methods,
be
able
to
be
enforced
with
security
tools,
where appropriate, and
with sanctions, where actual prevention
is not technically
feasible,
clearly
define
the
areas
of
responsibility
for
the
users,
the
administrators,
and
the
managers,
be
communicated to
all
once
it
is
established,
and
be
flexible
to
the
changing
environment of
computer
network
since
it
is
living
document
[9].
Also,
organizations
should
be
concerned
of
their
infrastructure
of
the
network.
Good
 |