Site Security Planning

Making Policy

Design your Web site security policies to achieve realistic goals at a reasonable cost. Although Web sites will differ from each other, they will share some fundamental goals relating to strength of security, its cost, and the means of achieving a secure site. To ensure this:

• Provide strong security that is consistent with access requirements.
• Certify that all personnel who administer security are fully competent to enforce security policy consistently and accurately. Make sure that all users accept their responsibility to comply with this policy.
• Control security implementation costs that are consistent with the need for strong security. Security must scale up efficiently as sites expand.
• Adopt technologies, standards, and practices that are adaptable to changing conditions and new developments.
• Choose technologies that allow you to fully integrate security monitoring and management into network and user account administration. A single interface for security and administration will enable you to have efficient and timely security monitoring.
• Adopt Internet community standards for communication between your Web site and Internet destinations, including the security of communication. The adoption of Internet standards yields low-cost start-up and good scalability, because the standards are widely supported by your customers and business partners.

See the following:

• Vigilance and Revision
• Adopting Technologies and Standards

© 1997-1999 Microsoft Corporation. All rights reserved.