Avaya 555-245-600 Benutzerhandbuch
Security
228 Avaya Application Solutions IP Telephony Deployment Guide
What are you trying to protect?
The security policy usually attempts to protect information, whether the information is in the
form of data (files) or conversations (digitized voice packets). Customers should assess the
value of those assets that require protection, and compare the true costs of security to the value
of those assets.
form of data (files) or conversations (digitized voice packets). Customers should assess the
value of those assets that require protection, and compare the true costs of security to the value
of those assets.
What are you protecting it from?
Most often, criminals, who are also called “hackers,” pose a significant threat to secure
information. However, do not forget to look internally. A significant number of attacks come from
within an enterprise. Your security policy should include rules about behavior, the
consequences of bad behavior, a path of escalation, and a person to contact with regard to
security issues.
information. However, do not forget to look internally. A significant number of attacks come from
within an enterprise. Your security policy should include rules about behavior, the
consequences of bad behavior, a path of escalation, and a person to contact with regard to
security issues.
How likely is a threat against these assets?
Security is always a trade-off. The more security, the more inconvenience and the more cost. To
avoid the necessary inconvenience, some users are likely to subvert the security policy. For
example, if you make passwords so complex so that the passwords are difficult to remember,
people will write the passwords down. Users prefer easy access without security. Having to log
on is inconvenient. However, everyone must endure some level of inconvenience if the system
is going to be secure against attacks. The security policy must define this level of inconvenience
to ensure that the security polity is not circumvented. In addition, management must support the
policy, and establish clear rules for its enforcement, including the consequences for violating it.
A security policy that does not establish consequences for violations quickly becomes
irrelevant.
avoid the necessary inconvenience, some users are likely to subvert the security policy. For
example, if you make passwords so complex so that the passwords are difficult to remember,
people will write the passwords down. Users prefer easy access without security. Having to log
on is inconvenient. However, everyone must endure some level of inconvenience if the system
is going to be secure against attacks. The security policy must define this level of inconvenience
to ensure that the security polity is not circumvented. In addition, management must support the
policy, and establish clear rules for its enforcement, including the consequences for violating it.
A security policy that does not establish consequences for violations quickly becomes
irrelevant.
Recommendations for your security policy
Avaya recommends that you continuously review your security policy, and keep up with new
threats and to make improvements each time a weakness is found. To effectively support your
security policy, your company must allocate long-term resources to the development,
implementation, and reassessment of the policy.
threats and to make improvements each time a weakness is found. To effectively support your
security policy, your company must allocate long-term resources to the development,
implementation, and reassessment of the policy.