The IT Security Cookbook - About this document

1.1 How to read this document

Look at the table of contents to understand the structure of this document. Go to the section that interests you.

  • If you're interested in detailed technical guidelines, read section "Practical IT Security Summary" (it's only 1-2 pages) first, then go to the topic in Part III which interests you.
  • An index, abbreviations list and references list are available at the end of this document.
  • The symbols     and  are used extensively in this document to refer to a sensitivity and availability level classification and not paragraph numbering. See also the sections classification  and practical security summary.

1.2 Scope / Objectives

This document has the following objectives:

  1. To briefly discuss threat & risk analysis.
  2. To outline the ingredients necessary to define a security policy and to provide a framework (based on standards such as ITSEC and TCSEC) for deciding how tightly systems need to be secured.
  3. To outline (sample) policies, processes, structure and responsibilities required in a security organisation.
  4. To present current security mechanisms.
  5. To briefly present physical security (concerning IT systems).
  6. To provide a detailed list of technical guidelines for
    • operating systems, applications and networks used in client/server systems. For the moment this report concentrates on Client/Server and Internet systems: NT, FW, Win95, OLTP, Oracle, Sybase, Sun UNIX, Firewalls, WWW/Java and TCP/IP Networks.
    • Auditing checklists and "quick overviews" are provided for several types of systems
    • DEC, SGI, AIX and HP systems are only partially covered in this document. They need to be covered in more detail (especially for the comparison in the Operating Systems Overview Chapter).
    • It is not intended that this document cover VAX , Mainframe, Novell or Macintosh systems

A detailed list of Security Information resources (such as CERT, FIRST, TCSEC and ITSEC) are listed in the Appendix, along with sample scripts and programs. 

1.3 Who should read this document?

  • Line managers (Chapters 1-4, 6).
  • Computer Users (Chapters 1, 2, 6.2 User Policy)
  • System administrators, Security administrators: Chapters 7-22
  • Technical Project leaders: Chapters 1-7, 15. 

1.4 Corrections/Mistakes

Feedback and notification of corrections or mistakes are welcome. Please send them to book@boran.com with a subject line of "IT Security Cookbook". 

1.5 Copyright

Share this article

Receive all the latest articles by email!

Get all articles delivered directly to your mailbox as and when they are released on WindowSecurity.com! Choose between receiving instant updates with the Real-Time Article Update, or a monthly summary with the Monthly Article Update.



Receive all the latest articles by email!

Receive Real-Time & Monthly WindowSecurity.com article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become a WindowSecurity.com member!

Discuss your security issues with thousands of other network security experts. Click here to join!

Community Area

Log in | Register

Solution Center

Readers' Choice

Which is your preferred Authentication solution?