A Security Policy is created to:
| 1) form a baseline of the current security posture | 2) set the framework for security impelemtation | 3) define authorized and unauthorized behaviors | 4) define how security incidents are handled |
There are 4 major steps of a security policy.
| Step | Procedure | Usable elements of security |
|---|---|---|
| Step 1: Secure | Impementing Security solutions to prevent unauthorized activities. | -Encryption -Firewalls -Vulnerability Patching |
| Step | Procedure |
|---|---|
| Step 2: Monitor | Auditing of Security implementation in Step 1 and the detection of violations in security policies. |
| Step | Procedure |
|---|---|
| Step 3: Test | Often known in industry as PEN-testing (Penetration Testing). Procedure includes the auditing of seurity policies. |
| Step | Procedure |
|---|---|
| Step 4: Improve | Takes effect mainly after the Step 3, as testing will usually provide the scope of loopholes left out during step 1 and 2. |
Ulimately, the requirement of the access provided to users by this security policies depends on the organization or platform it is being built on. an Enterprise Network will usually have a more restrictive Security Policy, while a open or home network will have a more open Security policy.
No comments:
Post a Comment