networksecurity  
IDS  Response   Policy   Encryption  
Patching  Honeypots  Network Security

 Security Policy


Most recognize the necessity of having a security policy, but designing and successfully implementing one throughout your organization can be quite an intimidating task. To take the pain out of this process we are providing you with one of the most comprehensive guides on the design and implementation of an effective security policy for your company. To make this guide available to the entire community we have opened web distribution rights, allowing you to freely host this guide on your website and share it with colleagues.

The purpose of this paper is to outline the strategies and managing processes behind implementing a successful Security Policy. Additionally, I will give recommendations for the creation of a Security Awareness Program, where the main objective will be to provide staff members with a better, if not much improved understanding of the issues stated in a security policy. We will also be focusing on significantly reducing the integration period of the security policy, by way of proper explanation of all of the items pointed out in a formal security policy document.

This paper is by no means intended to be a complete reference on the process of building a security policy or the development of a security awareness course. Instead, it was created with the idea of providing the reader with a reliable source of advice, various recommendations and useful tips gathered from my personal experiences while building and developing security policies, as well as conducting security awareness courses. This document will also provide you with a sample security newsletter, best practises concerning various information security threats, as well as discuss in detail some of the most common security problems which companies are facing every day (concentrating specifically on security problems endangering somehow the continuity and the proper functionality of the institution).

Click here to download (PDF)

Security policy resources are somewhat scarce on the Internet. Below we have listed some of the useful resources that we have encountered.

www.sans.org/rr/catindex.php?cat_id=50- The site contains articles and papers written by GIAC certified professions.

http://www.ietf.org/rfc/rfc2196.txt?Number=2196 - The Site Security Policies Procedure Handbook.

http://www.securityfocus.com/data/library/Why_Security_Policies_Fail.pdf - A white paper (PDF)

Some general websites with information security policies:
http://www.security.kirion.net/securitypolicy/
http://www.network-and-it-security-policies.com/
http://iatservices.missouri.edu/security/
http://www.utoronto.ca/security/policies.html
http://irm.cit.nih.gov/security/sec_policy.html
http://w3.arizona.edu/~security/pandp.htm
http://secinf.net/ipolicye.html
http://cio.berkeley.edu/policies.html
http://www.ruskwig.com/security_policies.htm
http://www.bindview.com/Support/RAZOR/Resources/InfoCarePart2.ppt
 

 

security ids honeypot policy encryption patch policies

 

Network Security Home - About

IDS  Response   Policy   Encryption Patching  Honeypots  Network Security


©2005 Network Security

Web cameras Panasonic IDS  Response   Policy   Encryption Patching  Honeypots  Network Security

website statistics