Security Policy & Procedure
The best way to handle an incident is to prevent it from happening. To do that, you will need to establish effective security policies that will monitor and analyze the network traffic. The use of proactive techniques is the first line of defense against security threats. Well-defined enforceable security policies will make it more difficult for intruders to access your system. These policies must be established, understood, practiced, and frequently updated throughout your organization to prevent potentially catastrophic security breaches.
An effective security policy is the foundation of a secure network.
Policies, Standards, and Guidelines Defined
A policy is a document that outlines specific requirements or rules that must be met. In the network security realm, policies usually cover a single area. For example, a “password policy” would fully cover all the rules and regulations for the appropriate use, complexity, and lifetime of passwords.
A standard is typically collections of system-specific or procedural-specific requirements that must be met by everyone in an organization. For example, you might have a standard that describes how to harden an Internet-facing Windows server. This standard must be exactly followed for placing the server on an Internet-facing the network segment.
A guideline is typically a collection of system-specific or procedural-specific “suggestions” or best practices. They are not requirements that must be met, but it is strongly recommended that they are.
Our Phased Approach:
• Define security goals based on your business needs. |
• Assess the safety level of your assets. |
• Identify, refine, and establish new policies. |
• Work with your security and IT teams to develop a plan that activates these new policies. |