Network Security Policy - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

Network Security Policy

Description:

Network Security Policy Anna Nash MBA 737 Agenda Overview Goals Components Success Factors Common Barriers Importance Questions Overview A Network Security Policy ... – PowerPoint PPT presentation

Number of Views:385
Avg rating:3.0/5.0
Slides: 19
Provided by: Everc
Category:

less

Transcript and Presenter's Notes

Title: Network Security Policy


1
Network Security Policy
  • Anna Nash
  • MBA 737

2
Agenda
  • Overview
  • Goals
  • Components
  • Success Factors
  • Common Barriers
  • Importance
  • Questions

3
Overview
  • A Network Security Policy
  • Provides rules for access to and proper use of
    computer and network resources
  • Defines procedures to prevent and respond to
    improper use of network components, including
    associated data and systems

4
Goals
  • The goal of Network Security Policy is to
  • Strategically align network controls with
    enterprise business objectives in a value added
    fashion
  • Provide the appropriate mechanisms for
    effectively managing risk related to the network
    infrastructure and network-accessible assets
  • Provide the metrics needed to ensure that network
    security risks are appropriately mitigated and
    access policies effectively followed

5
Components
  • Network security policies are subjective,
    developed to meet the specific goals and risks of
    each individual organization
  • However, there are components common to all
    successful network security policies, including
  • Asset Management
  • HR Security
  • Physical Security
  • Communications/Operations Management
  • Access Control
  • Software Security
  • Incident Management
  • Business Continuity Management
  • Compliance

6
Components Asset Management
  • Asset Management is the set of policies and
    procedures designed to protect organizational
    assets
  • Assets include information, software assets,
    physical assets, people and intangibles such as
    reputation
  • Typical Asset Management Policies include
  • Inventory
  • Ownership Assignment
  • Defined Acceptable Use

7
Components HR Security
  • HR Security is the set of policies and procedures
    designed to ensure employees, contractors and
    third party users understand their
    responsibilities and are an appropriate fit for
    their role(s) within the organization.
  • HR policies can be targeted to different
    timeframes
  • Prior to employment
  • During employment
  • Termination / Change of employment
  • Typical HR Security Policies include
  • Screening / Background Checks
  • Security Awareness Training
  • Disciplinary Processes
  • Termination Responsibilities
  • Removal of Access Rights

8
Components Physical Security
  • Physical Security is the set of policies and
    procedures designed to prevent unauthorized
    physical access, damage and interference to the
    organizations physical premises and information
  • Should also prevent loss or theft of physical
    assets
  • Typical Physical Security Policies include
  • Physical entry policies
  • Security of offices, rooms and facilities
  • Equipment maintenance procedures
  • Security of equipment off-premises
  • Disposal or removal of property

9
Components Communications/Operations Mgt.
  • Communications and Operations Management policies
    and procedures are designed to ensure the correct
    and secure operation of IT facilities
  • This encompasses a broad set of controls
    including
  • Malicious code protection
  • Back-Ups
  • Network Controls
  • Handling and Disposal of removable media
  • Protection of information exchange including
    E-Mail
  • Protection of on-line transactions
  • Logging and Monitoring of systems to record
    security events

10
Components Access Control
  • Access Control policies and procedures are
    designed to control access to the organizations
    information
  • Access Control policies typically include
  • User access management
  • User permission management
  • Password management
  • Reviews of access
  • Authentication mechanisms
  • Network separation and associated controls
  • Telework controls and restrictions

11
Components Software Security
  • Software security policies and procedures are
    designed to ensure security is an integral part
    of IT systems (both those systems provided by
    third parties, and those developed in-house)
  • Typical Software Security policies include
  • Security requirements
  • Input data validation
  • Output validation
  • Integrity Checks
  • Encryption Requirements
  • Change Control
  • Security Patching / Vulnerability Management

12
Components Incident Management
  • Incident Management policies and procedures are
    designed to ensure that security events are
    discovered, communicated and corrected in a
    timely manner
  • Typical Incident Management policies include
  • Reporting of events
  • Reporting of vulnerabilities and weaknesses
  • Incident Handling and Recovery
  • Reporting of lessons learned after incidents

13
Components Business Continuity Management
  • Business Continuity Management policies and
    procedures are designed to minimize the impact of
    system failures or disasters and to ensure timely
    recovery of critical systems
  • Scope includes both preventative and recovery
    controls
  • Organization must understand the business impact
    of failures and disasters prior to formulating
    policies for prevention and recovery
  • Typical Business Continuity Management policies
    include
  • Scope definition (requirements for critical
    business continuity)
  • Continuity Plan
  • Testing and maintenance of plan

14
Components Compliance
  • Compliance policies and procedures are designed
    to help the organization avoid breaches of any
    relevant laws or regulatory requirements.
  • Should also focus on avoiding contractual
    breaches and security requirements or policy
    violations
  • Typical Compliance policies include
  • Documentation of applicable legislation
  • Data protection (organization trade secrets,
    private personal information)
  • Information System Audit controls

15
Network Security Policy Success Criteria
  • The success of a Network Security Policy is
    directly related to
  • Policys alignment with business objectives
  • Support from management
  • Employee awareness acceptance of policy
  • Enforceability of the policy
  • Corporate dedication to treat the policy as a
    living document

16
Network Security Policy Common Barriers
  • Barriers common to unsuccessful Network Security
    Policies include
  • Lack of funding
  • Lack of alignment with business objectives and
    organizational risk
  • Idiots

17
Importance
  • The risks surrounding network based operations
    are increasing
  • Cyber attacks are growing both in frequency and
    severity
  • There is a growing gap between the rate of
    technology adoption and the rate of controls
    adoption
  • Convergence of technologies has led to a
    convergence of risk, increasing the potential
    impact of attaches
  • The dependence on technology, particularly
    network operations, is similarly increasing

18
Questions
  • ?
Write a Comment
User Comments (0)
About PowerShow.com