【正文】 ...................................................21 File System Confidentiality ...........................................................................26 Integrity.............................................................................................................26 Nonrepudiation...................................................................................................26 Auditing .............................................................................................................27 Planning Auditing .........................................................................................28 Implementing Auditing .................................................................................28 Testing Auditing ...........................................................................................28 Roles and Responsibilities................................................................................... 29 Security Manager ...............................................................................................29 Personnel Security Technician.............................................................................30 Antivirus Technician ...........................................................................................30 iv Security Administration Application Security Technician...........................................................................30 Database Security Technician .............................................................................30 Messaging Security Technician............................................................................30 Operating System Security Technician ................................................................30 Hardware Security Technician.............................................................................30 Network Security Technician...............................................................................31 Facilities Security Technician ..............................................................................31 Egress Security Technician .................................................................................31 Outsourcing Manager .........................................................................................31 Security Compliance Auditor ...............................................................................31 Relationship to Other SMFs ................................................................................. 33 System Administration .......................................................................................33 Service Monitoring and Control ...........................................................................33 Job Scheduling ...................................................................................................34 Network Administration ......................................................................................34 Directory Services Administration .......................................................................34 Storage Management .........................................................................................34 Configuration Management .................................................................................35 Availability Management.....................................................................................35 Capacity Management ........................................................................................35 Release Management .........................................................................................35 Change Management..........................................................................................35 Problem Management .........................................................................................36 Service Desk ......................................................................................................36 IT Service Continuity Management .....................................................................36 Workforce Management......................................................................................36 Financial Management ........................................................................................37 1 Executive Summary Security administration is the process of maintaining a safe puting environment. Security is an important part of enterprise infrastructure: An information system with a weak security foundation will eventually experience a security breach. Security can be divided into six basic requirements, or tes, that help ensure data confidentiality, integrity, and availability. The six security tes are: ? Identification. This deals with user names and how users identify themselves to the system. ? Authentication. This deals with passwords, smart cards, biometrics, and so on. Authentication is how users prove to the system that they are who they claim to be. ? Access control (also called authorization). This deals with access and the privileges granted to users so that they may perform certain functions on the system. ? Confidentiality. This deals with encryption. Confidentiality mechanisms ensure that only authorized people can see data stored on or traveling across the work. ? Integrity. This deals with checksums and digital signatures. Integrity mechanisms ensure that data is not garbled, lost, or changed when traveling across the work. ? Nonrepudiation. This is a means of providing proof of data transmission or receipt so that the occurrence of a transaction cannot later be denied. 2 Introduction This guide provides detailed information about the Security Administration service management function (SMF) for anizations that have deployed, or are considering deploying, Microsoft174。 At Not or ~ The letter ―v‖ ^