Site Security Planning
Making Policy
Design your Web site security policies to achieve realistic goals at a reasonable cost. Although Web sites will differ from each other, they will share some fundamental goals relating to strength of security, its cost, and the means of achieving a secure site. To ensure this:
Provide strong security that is consistent with access requirements.
Certify that all personnel who administer security are fully competent to enforce security policy consistently and accurately. Make sure that all users accept their responsibility to comply with this policy.
Control security implementation costs that are consistent with the need for strong security. Security must scale up efficiently as sites expand.
Adopt technologies, standards, and practices that are adaptable to changing conditions and new developments.
Choose technologies that allow you to fully integrate security monitoring and management into network and user account administration. A single interface for security and administration will enable you to have efficient and timely security monitoring.
Adopt Internet community standards for communication between your Web site and Internet destinations, including the security of communication. The adoption of Internet standards yields low-cost start-up and good scalability, because the standards are widely supported by your customers and business partners.
See the following: