The NCSA Guide to PC & LAN Security

Chapter 3: Security Planning

This chapter is about: Risk analysis and security policy

For companies active in this field check out the following Hot Links at NCSA:

• Security Assessment, Policies, and Auditing
  - Scanning, testing, policy, awareness, auditing
• Business Recovery and Risk Analysis
  - Disaster recovery planning, data recovery, risk analysis

The Story So Far

• No typos or errors reported so far.
• Links and supplemental info being prepared.
• Check back in 10 days for more links and info.

• Chapter 1. Security Matters: Assessing the problems, threats, and issues
• Chapter 2. Security Solutions: Basic concepts and techniques
• Chapter 3. Security Planning: Risk analysis and security policy
• Chapter 4. Secure Hardware: Defending and insuring equipment
• Chapter 5. Secure Power: Spikes, Sparks, and Electrical Threats
• Chapter 6. Secure Sites: Defending sites and systems
• Chapter 7. Secure Access: Controls, passwords, and encryption
• Chapter 8. Secure Data: Backup, backup, backup
• Chapter 9. Secure Code: Defeating viruses, worms and other malicious code
• Chapter 10. Secure Software: Piracy, bugs, and other "soft" threats
• Chapter 11. Secure Networks I: Generic network defense
• Chapter 12. Secure Networks II: Protecting name brand networks
• Chapter 13. Secure Communications: WANs, remote access, and the Internet
• Chapter 14. Secure People: Hacking and ethical issues
• Chapter 15. Security in the Future: How to become and remain secure
• Appendix A: Threat List
• Appendix B: A Brief Guide to Batch Files
• Appendix C: Computer Security Policy
• Appendix D: Notes on EMR
• Appendix E: Export Restrictions on Encryption
• Appendix F: Further Resources
• Appendix G: Glossary
• Appendix H: How Public Key Encryption Works
• Appendix I: Introduction to LANs
• Appendix J: Securing Safe Software
• Appendix K: Appraising Microsoft AV