Chapter 12. Creating and Tuning Policy

Chapter 12. Creating and Tuning Policy

This chapter covers the following topics:

• Creating policy

• Tuning policy

Now that you understand the various building blocks within the Cisco Security Agent Management Console (CSA MC) architecture, you can begin to develop your strategy for the application of the product. Before any organization enters a lab test, pilot, or implementation of this or any product, you need a well-defined scope of work and success criteria. You can use the CSA product to granularly control your endpoints, and you might need a great deal of time to develop and adjust those policies. Although granularly controlling your endpoints might be your ultimate goal, you need to develop an implementation plan that provides a phased approach in rolling out the product features such that the most protective mechanisms, such as worm prevention, can be realized sooner than later.

The process of testing and adjusting policies is called tuning. Tuning policies and rules is a requirement at the beginning of the implementation because the various rules you implement will either create events that you no longer want to see in the log, or could attempt to prevent required system interaction. Throughout this chapter, you learn about the mechanisms available when creating and tuning CSA policies.