ABSTRACT
This chapter considers layering security measures and examines common enterprise threats. Security should form a foundation for all other architecture changes, not be layered on top of the network at some later date, and all defenses should be regularly tested and updated to meet emerging threats. Security planning and review should include management of a risk register, with impact, value, and responsible parties clearly identified and communicated appropriately. Power outages, storms and earthquakes, acts of terrorism or warfare, and industrial espionage are all potential threats to the enterprise that must be addressed by security and recovery practices. The growing use of mobile, often personally owned, devices for access to organization resources requires the creation and communication of clear security policies for all devices used for business purposes. Numerous regulatory and legal mandates may provide a number of “must address” constraint items in the risk registry, and should be considered first in any security prioritization efforts.
