The core concepts of information security management and protecting mission-critical systems
have been explained. Now, how do you actually apply these concepts to your organization
from the ground up? You literally start at the ground (physical) level and work yourself up to
the top (application) level. This model can be applied to many IT frameworks, ranging from
networking models such as OSI or TCP/IP stacks to operating systems or other problems
such as organizational information security and protecting mission-critical systems.
There are many areas of security, all of which are interrelated. You can have an extremely
hardened system running your ecommerce Web site and database; however, if physical access
to the system is obtained by the wrong person, a simple yanking of the right power plug can
be game over. In other words, to think that any one of the following components is not
important to the overall security of your organization is to provide malicious attackers the