Planning for security of a system is part of deployment design that is essential to successful implementation. Consider the following when planning for security:
Physical security. Physical security is the physical access to routers, servers, server rooms, data centers, and other parts of your infrastructure. Other security measures become compromised if an unauthorized person can walk into a server room and unplug routers.
Network security. Network security is access to your network through firewalls, secure access zones, access control lists, and port access. For network security you develop strategies for unauthorized access, tampering, and denial of service (DoS) attacks.
Application and application data security. Application and application data security covers access to user accounts, corporate data, and enterprise applications through authentication and authorization procedures and policies. This area includes defining the following policies:
Password policies
Access rights, such as delegated administration to users as opposed to administrator access
Account inactivation
Access control
Encryption policies, including secure transport of data and using certificates to sign data
Personal security practices. An organization-wide security policy defines the working environment and practices with which all users must comply to ensure other security measures perform as designed. Typically, you develop a handbook or manual on security and also offer training to users on security practices. For an effective overall security policy, sound security practices must become part of the organization culture.