The security policy is concerned with authentication, authorization, secure communication, auditing, and profile management, as shown in Figure 3-2.
Figure 3-2. Aspects of the security policy
There are some general security principles that should be considered whenever you are designing a security policy. Consider the following guidelines:
Whenever possible, you should rely on tested and proven security systems rather than building your own custom solution. Use industry-proven algorithms, techniques, platform-supplied infrastructure, and vendor-tested and supported technologies. If you decide ...