Network Security Policies

The following list outlines the key points for and advantages of having a security policy:

• Security policies are created based on the security philosophy of the organization.

• The technical team uses the security policy to design and implement the corporate security structure.

• The security policy is not a technical document.

• Read the Site Security Handbook (RFC 2196).

• The security policy should be developed by a security team, including members of management, legal, human resources, and technical staff.

• Having a good security policy saves in the following areas:

- Savings by ensuring security of data

- Savings by preventing DoS attacks

- Savings by preventing data manipulation

- Savings by increasing efficiency

- Savings by reducing "unknown" problems on the network Security Policy Goals

Many goals are achieved by implementing a strong yet balanced security policy. The following list outlines these goals:

• Guides the technical team in selecting their equipment

• Guides the technical team in configuring the equipment

• Defines the responsibilities for users, administrators, and management

• Defines the consequences for violating the policies

• Defines responses and escalations to recognized threats Security Guidelines

The following list outlines the guidelines for developing and implementing a security policy:

• Management must support the policy.

• The policy must be consistent.

• The policy must be technically feasible.

• The policy should not be written as a technical document.

• The policy must be implemented globally throughout the organization.

• The policy must clearly define roles and responsibilities.

• The policy must be flexible enough to respond to changing technologies and organizational goals.

• The policy must be understandable.

• The policy must be widely distributed.

• The policy must specify sanctions for violations.

• The policy must contain an incident-response plan for security breaches.

• Security must be viewed as an ongoing process.

0 0

Post a comment