University of Washington Network Security Credo

Published:: Tuesday, January 1, 2002
: Policies, Guidelines, Plans and Toolkits

Author(s) and Contributors:: Author(s): Terry Gray

Source(s) and Collection(s):: Sources(s): Higher Education Information Security Council (HEISC)

ParentTopics:: Network Security Risk Management Security Management Security Policies

Abstract

Incidents of unauthorized access to networked computer systems in an enterprise are growing at fearful rates. The purpose of this document is to identify general design principles and practices for defending against these threats. The full spectrum of security embraces several phases: prevention, detection, and recovery, and several elements: architecture, policy and education, risk management, liability management, technical defense, and operational defense. However, this document focuses primarily on the prevention phase (including detection of vulnerabilities before they are exploited) and technical defenses.

Download Resources

Access HTML