ITEE ITEE-1 | Page 294

9-5-3 Information security measures / information security implementation technology

It is necessary to institute and implement information security measures from every possible perspective in order to suitably deal with a variety of threats to information security. It is also important to institute information security measures against human, technical, and physical threats respectively.

1 Types of human security measures

The types of human security measures are summarized below.

( 1) Realization of information security policy The purpose of a security policy is to realize a unified approach to information security as an organization. There are multiple information security measures for each threat. Of these measures, an organization can achieve a unified approach to information security by pursuing“ standardization of measures as an organization.”

( 2) Implementation of security education It is important to regularly implement security education so as to raise awareness of security among users.

( 3) Compliance with company regulations and manuals The organization should prepare company regulations and manuals, and ensure strict compliance by users. For example, there are various methods for logging on to a server such as through the use of an“ IC card”,“ password”, or“ fingerprint authentication.” The organization should prescribe the administration method for logging on to servers through company regulations or manuals so that it is standardized to secure unified compliance by users.

Chapter 9 Technology element

( 4) Access administration Unauthorized intrusion into a company network can lead to the possibility of theft or falsification of data in shared folders. When sharing directories or folders on a network, it is necessary to set“ access rights” that determine who may use the directories or folders, and the extent of use. By setting access rights, it is possible to restrict the users with access and extent of use to prevent theft or falsification of data.

288