 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
• |
the
different requirements of different users and business units (R&D
|
|
|
requires
more flexibility, but also more security, production may not
|
|
|
need
only standard solution etc.)
|
|
|
• |
People
and their attitudes towards security, company policies and
|
|
|
standards.
These must not feel like paper pushing because of the paper
|
|
pushing.
|
|
|
• |
Questions
like:
|
|
|
|
• |
can
the service provider be trusted to terminate company user’s
|
|
|
IPSEC
tunnel and then create another one?
|
|
|
|
• |
how
can the user terminal be protected outside company network
|
|
|
so
that it won’t serve as a host for trojan horses or reveal sensitive
|
|
|
data
to non-employes about the network?
|
|
|
• |
Creating
the security policy and rules.
|
|