These are some general guidelines when considering security for your enterprise:
Sensitive information should be kept confidential – determine which users should have access to what information.
The system should enforce integrity – the server should enforce rules and constraints to ensure that information remains accurate and complete.
The information should be available – even with all the safeguards in place, anybody who needs access to the information should have it available when the information is needed.
Identify what is it that your organization wants to protect, and what the outside world requires from your organization:
Identify the information assets and the security risks associated with them if they become vulnerable or compromised.
Identify and understand any laws, statutes, regulations, and contractual agreements that apply to your organization and the information assets.
Identify your organization’s business processes and the requirements they impose on information assets, to balance practical considerations with the security risks.
Security requirements change over time. Periodically reassess security requirements to make sure they still reflect your organization’s needs.
Next, set up a series of controls and policies that meet the company's security objectives, the result of which is an information security policy document that clarifies decisions made for information security.
Adaptive Server® contains a set of security features that help you enforce your company’s security policies. For more information about security features in Adaptive Server, see Chapter 2, “Getting Started with Security Administration in Adaptive Server.”