About the Author
A veteran of more than 20 years of information system experience, Roberta Bragg currently specializes in Windows (NT and Windows 2000) security issues. She is a columnist (Security Advisor) and contributing editor for Microsoft Certified Professional Magazine. In the past, she has developed curriculum on C, C++, Windows NT Microsoft Exchange Server, VPNs, and firewalls. Her virtual company Have Computer Will Travel, has her working across the world, lecturing, consulting, and training.
Read an Excerpt
Chapter 1: General Business AnalysisBusiness management often sees IT the way Alice described Wonderland. Things are not as they seem. You have to go backward to make progress. You might find lots of instructions on things, but they make no sense ("this one will make you larger, this one will make you small"). There are illusive Queens, Mad Hatters, and white rabbits that are always late. It always seems as if you've not only arrived late for the tea party, but you also are very unaware of the protocol and therefore can't follow the conversation.
Business managers are looking for IT to tell them which way to go, but it often seems to IT as if business managers don't know where they want to be. Stop grinning like a Cheshire cat, and learn how to ask them questions they understand.As IT professionals, you and I must take the time to learn the business side of business so that we can support that business with IT efforts and protect it with a security solution. If you encompass the organization's business drives, opportunities, processes, and goals in your IT proposals, you are more likely to succeed. If you recognize that investments in IT should be driven by business, not technical aspects, you may just realize, if not the most technically advanced security solution, surely the best security solution for the problem at hand.This chapter is meant to help you ground yourself with a little business knowledge before you embark on your security design. You will analyze the business in general by looking at three business-related objectives: analyzing existing and planned business models, analyzing existing and planned organizational structures, and analyzingfactors that influence company strategies. At the least, I hope that it gives you a better sense of direction to follow. At the best, perhaps it will give you enough insight to direct your IT proposals toward business goals. Either way, you and your company should benefit from your increased understanding.
Companies often are defined by the answers to several questions. What are their products, and what industry are they in? What markets do they do business in, and how centralized is their control? Knowing these things about a company gives you a frame of reference. If you know other companies that follow this model, you will feel that you know something about how this new business functions, which in turn will make you feel more comfortable with it.
Companies with the same model often find similarities in their requirements for communications, financing, marketing, management, development, expansion, human resources, and technologies.
Another way to look at a business is to define the way it does business-the steps it takes to complete a business function. These functions, or business processes, also tell us much about the business
So, how do you start your quest for business knowledge?
Today, knowing the geographical scope of a business often serves to define it and its IT infrastructure. An international corporation that produces laptop computers may have much more in common with an international corporation that produces luggage than with a local producer of PCs. A branch office of Allstate Insurance has more in common with a branch office of Arthur Anderson Consulting than it does with the national headquarters of Prudential. In these comparisons, many business processes and information technological needs are similar.
Analyzing Company Model and Geographical Scope
Analyze the company model and the geographical scope. Models include regional, national, international, subsidiary, and branch offices...
Table of Contents
I. ANALYZING BUSINESS REQUIREMENTS.
II. ANALYZING TECHNICAL REQUIREMENTS.
III. ANALYZING SECURITY REQUIREMENTS.
5. Securing Resources.
IV. DESIGNING A WINDOWS 2000 SECURITY SOLUTION.
7. Designing a Security Group Strategy.
8. Designing Security Policy Inheritance.
9. Designing an Encrypting File System Strategy.
10. Designing an Authentication Strategy.
11. Designing a Public Key Infrastructure.
12. Designing Windows 2000 Network Services Security.
V. DESIGNING A SECURITY SOLUTION FOR ACCESS BETWEEN NETWORKS.
14. Designing Security for Access Between Networks.
15. Designing Security for Communication Channels.
VI. FINAL REVIEW.
Study and Exam Prep Tips.
Appendix B. Overview of the Certification Process.
Appendix C. What's on the CD-ROM.
Appendix D. Using the ExamGear, Training Guide Edition Software.