Intranet Journal   Earthweb  
Events Jobs Premium Services Media Kit Network Map E-mail Offers Vendor Solutions Webcasts

   Intranet Journal Subjects
Search Earthweb

Privacy Policy



internet.com
IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

internet commerce
Be a Commerce Partner
















 

[ Home | Discussion Forum | How Do I... | Lotus Notes Intranets | Microsoft SharePoint | Products | Shopping  ]

free news!


Security Policies 101

Laura Taylor
1/6/2003

Go to page: 1 2 

Printer Friendly Version

If you are trying to keep your network secure from unauthorized access, creating security policies is an exercise in understanding what needs to be secured. Security policies serve many purposes and are the foundation of your security framework.

Why Your Organization Needs Security Policies

Security policies are the foundation of your secure infrastructure. Your security policies serve as a guide and a reference point to numerous security tasks in your organization including:

  • Securing applications
  • Configuring user access controls
  • Defining management duties and responsibilities
  • Assuring standardization and consistency
  • Retaining confidential and proprietary information
  • Designing enterprise architecture
  • Mitigating risk
  • Responding to security incident investigations
  • Disciplining employees for breach of policy
  • Minimizing liabilities to customers and shareholders
  • Assisting auditors in understanding security intentions
  • Establishing a sense of awareness and training
  • Avoiding disputes with different technical teams
  • Expediting procurement and deployment of new systems
Without security policies, no enforcement of security configurations or standards can be made. By establishing a policy, you are implying that enforcement can or will follow. Without security policies, enforcement of them is not possible.

Security Policy Basics

Security policies are high-level laws of the land regarding your security infrastructure. They are not procedures. (Procedures tell you how to implement security policies.) Upper management needs to hold someone accountable for drafting the security policies, overseeing their review, and implementing them. Without support from upper management, security policies often fall by the way side and never get written, understood, or implemented. The person being held responsible for security policies could be the Director of Information Security, the Chief Security Officer, the Director of Information Technology, the Chief Information Officer, or a knowledgeable employee appointed to be the information security officer.

Security is typically distributed, and security mechanisms should be built into all layers of the enterprise infrastructure. Security policies should describe the rules of the road for the following types of technology systems:

  • Encryption mechanisms
  • Access control devices
  • Authentication systems
  • Virtual Private Networks (VPNs)
  • Firewalls
  • Messaging systems
  • Anti-virus systems
  • Web sites
  • Gateways
  • Mission critical applications
  • End-user desktops
  • DNS servers
  • Routers and switches
All security policies need to be written down. Policies that exist in someone's head are not really policies. When your organization has finished developing security policies, and right when you think you can breathe easy, it will be time to update your security policies. Since most IT organizations are deploying new technology continuously and retiring old systems, you will have to make sure your security policies still make sense for your new infrastructure. Similarly, when you are evaluating new equipment for possible procurement, you will want to make sure that the new equipment can properly be configured to meet your security requirements — if it can't, you may want to consider procuring alternative products.

Some products and modules built into operating systems are designed specifically to configure and enforce security policies. Windows 2000 uses security templates (also called .inf files) to automatically configure security policies on servers and desktops. There are also third-party enterprise management tools that are designed specifically for security policy configuration, distribution, and enforcement. These products should undergo a thorough evaluation and analysis process before expensive procurement decisions are made.

Security controls are mechanisms put into place to enforce security policies.

Go to page: 1 2

Printer Friendly Version
Of Interest
Intranet eXchange Discussion Board
Anti-Virus Protection 101
Secure FTP 101

email this page

Tutorials
and more at:
Intranet Journal's Tutorials
Intranet Journal Favorites

Creating a PHP-Based Content Management System

The Spyware Guide

Introduction to Microsoft SharePoint Portal

Intranet Journal
Part of the EarthWeb Network

Managing Editor
Intranet Journal
Tom Dunlap

EarthWeb Home Page
Jupitermedia Home Page

Media Kit




The Network for Technology Professionals

Search:

About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers

Solutions

Whitepapers and eBooks

Microsoft Personalized Whitepapers and Resources for You
Article: Why Migrating from MySQL to SQL Server 2008 Makes Sense
Articles: Build a More Agile Business with IBM
Articles: IBM Offers Enhanced Measurement and Management for Energy Usage
Microsoft Article: Windows 7 Features Your Clients Will Need on Day One
Articles: IBM Helps Transformation to an Information-Based Enterprise
Microsoft Articles: Visual Studio 2010
Adobe Article: Java Developers Finding a Home at Adobe Flex
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Webcast: Connecting PHP to Microsoft Technologies
Video: Windows Azure Debugging Tips
 MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Ready. Set. Windows 7.
HP PartnerONE | SolutionsINFINITE Visit us at hp.com/partners/us
Microsoft Free Trials: Windows Server 2008 R2, Exchange Server 2010 and Windows 7
Get the Windows 7 SDK
 Free Trial: Red Gate SQL Backup Pro 6
Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Learn Unified Communications
BlackBerry Application Development Resources
Learn SQL Server 2008
Learn Windows Server 2008 R2
Internet.com Hot List: Get the Inside Scoop on IT and Developer Products
 Learn Forefront
Learn System Center
All About Botnets
Learn SharePoint
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES