Choosing Security Solutions That Use Public Key Technology

Previous Topic Next Topic

Defining Communication and Information Security Goals

After you analyze your organization's existing business information and communication, define realistic security goals for the organization. This is an important step in controlling the overall cost of the security measures that you eventually implement. Realistic security goals help ensure that you are providing acceptable levels of security at acceptable costs.

Following are examples of realistic communication and information security goals:

Setting unrealistic security goals (for example, specifying an unnecessarily high level of security) can result in security requirements that cost too much to implement or maintain. Unrealistic security goals can also exceed the limits of existing technology and performance capabilities. For example, setting a goal to provide IP-level authentication, integrity, and confidentiality for all of your network communication might be achievable in a few years, but it is generally not feasible with today's network infrastructures and existing IPSec technology. IPSec can place a substantial load on network traffic, and many clients and applications do not yet support IPSec.

© 1985-2000 Microsoft Corporation. All rights reserved.