Abstract:
The administration of systems and networks is a technical specialized complex task. If large organizations can have in their Information Technology (IT) departments systems and network security specialists, Small and Medium Enterprises (SMEs) typically can’t; they have only some computers science broadband IT collaborators that respond by the maintenance of the IT resources, and, in some cases, accumulate with some software development. We make of this view the start point of our research, allying the growing need of securing the IT resources and the information sources which are becoming more and more valuable for every single organization.
For SMEs the solution for implement security is, many times, an outsourcing task. The problem is that implementing security is an exercise that overflows the common IT domain, but it starts by fully understanding the organization culture, policies and procedures. This knowledge is something that collaborators learn day by day and not something that we can put on paper easily and tell some outsourced specialists to secure. Even if that could be done, the daily maintenance of the security would be a very hard task.
This paper makes considerations about security on SMEs reality and presents a framework that permit a high level approach for implement security, more focused on the organization vision of what we want to do than on a technical vision of how to implement it. The framework hard core is one abstraction layer focused on the organizations perspective and a translator layer of them into technical rules capable of been applied on the IT resources, like servers, computers and network equipments.