The Security Policy
| Although some people do not recognize it, your corporate security policy has an important role to play in defense-in-depth. It contains policies, procedures, guidelines, standards, implementation specifications, and requirements that should guide every facet of your security strategy. A typical corporate security policy contains four sections:
Each section defines a layer of security. For example, the administrative safeguards determine who should have access to a protected resource, the physical safeguards determine what physical access controls should protect the resource, and the technical safeguards define the technical countermeasures that should be in place. An IPS would likely be a tool used in the technical safeguards section. The technical safeguards section also defines implementation guidelines for each layer of technical security. It covers how each layer should be configured, what layers should protect each type of resource, and how the layers are to interact. If you do not already use IPS, be sure to add it to your security policy. You might find that as you add IPS to your security policy that you have to revise other sections to reflect the IPS' impact on other layers. For example, some IPS can reconfigure other types of devices, like firewalls, in response to an attack. The firewall section of the policy must be updated to define which interface should be reconfigured by the IPS, how the configuration request should be handled, and how the communications channel is to be secured. |
EAN: 2147483647
Pages: 115