What is a Network Security Policy? It is a policy intended to protect a network's integrity and to mitigate the losses as well as the risks which are associated with security threats to the network and its resources. Without Network Security Policy, a user's network availability could be easily compromised. A Network Security Policy starts with assessing the risk to the network and building a response team. Implementing a security change management practice and network monitoring for security violations are required in the continuation of a Network Security Policy.
Some aspects of a Network Security Policy are:
a) The Network Security Policy must be understandable
Users who read the policy must be able to comply with it easily. Ensuring that the policy is understandable will help the users understand it better.
b) The Network Security Policy must be consistent
If the policy is not consistent, it may raise discontent among the user community. An example would be making a decision in one issue and changing the decision again a few weeks later.
c) The Network Security Policy must be enforceable
If a user were to violate one of the policies, without punishing the user, the policy would be useless. So the management has to enforce the policy by punishing those who violate the terms and conditions of the policy.
d) The Network Security Policy must be documented, distributed, and communicated properly
If the policy is not documented, distributed nor communicated, enforcing a policy that no user has read would mean that only the one who created the policy would enforce it. So having new hires to sign a copy as they join the organisation would help enforce the policy.
e) The Network Security Policy needs to be flexible
Policies would surely experience changes as the business changes, and the management will need to stay on top of the policy.
f) The Network Security Policy must be reviewed
Implementing a regular review of the policies would ensure that they do not become obsolete. Months after the policy has been created, it is possible for the policy to become obsolete as the company changes its business relationship.
g) The Network Security Policy must be realisticIf the policies are too restrictive, complaints would arise, and the management will not help with the back up as the policies are unrealistic.
Examples of Network Security Policies:
1) Virtual Private Network Policy
2) Acceptable Encryption Policy
3) Information Sensitivity Policy
4) Password Policy
5) Wireless Communication Policy
References:
http://www.utoronto.ca/security/documentation/policies/policy_5.htm
http://www.cpcstech.com/sample-network-computer-security-policies.htm
http://www.windowsecurity.com/articles/Defining_a_Security_Policy.html
No comments:
Post a Comment