Establishing Acceptable Use Documents and Security Policies

Previous page
Table of content
Next page
 < Day Day Up > 

Unfortunately, in today s environments, many organizations rely solely on user ability to make the correct decision when using a computing resource. These decisions may relate to what software to install, what e-mail to open, or when to report "strange" system behavior to the computer support staff.

Acceptable use documents are a mechanism thought to protect intellectual property and computing resources. The documents typically state which resources can be used and how they should be used. In most cases, these documents are related to the computer issued to the individual, intellectual property, e-mail systems, and Internet usage. Acceptable use documents are commonly the result of a human resources or legal requirement and are not an enforcement mechanism for employing policy. These documents suggest what sort of behavior or misuse can result in employee discipline but accomplish very little toward guaranteeing a secure environment. This is not to say that you should not utilize acceptable use documents to satisfy legal requirements; however, understand the difference between legal requirements and notification versus enforcement.

Acceptable use documents are much like traffic laws that specify how fast you are allowed to travel on certain roads. You are only penalized when you are "caught" breaking the law, but it is very common for people to break (or bend) this law. The only way to guarantee the law is upheld is through the active enforcement of the law, such as speed traps using various detection mechanisms. CSA policies are an active enforcement mechanism that controls exactly which resources your systems can interact with and how they are allowed to interact.

Security policy documents are other documents regularly used in enterprise networks. These documents should list in detail the computing resources within the environment and precisely how the services offered may be used. Security documents typically cover the entire security landscape of an organization, including the types of access granted to users, application versions allowed, connections granted to and from portions of the network, and procedures and processes relating to modification of the document and its policies. The security policy documentation is the most important document to have on hand when laying out the CSA policy, module, and rule requirements. Because CSA is the practical enforcement mechanism of the written security policy, you must map the written document to specific rules of enforcement. The remainder of the chapter covers how to map written policy to enforced policy through various CSA mechanisms.

     < Day Day Up > 

    Previous page
    Table of content
    Next page
    Cisco Security Agent
    Cisco Security Agent
    ISBN: 1587052059
    EAN: 2147483647
    Year: 2005
    Pages: 145
    Authors: Chad Sullivan
    BUY ON AMAZON
    Snort Cookbook
    Microsoft VBScript Professional Projects
    Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
    802.11 Wireless Networks: The Definitive Guide, Second Edition
    MPLS Configuration on Cisco IOS Software
    Python Programming for the Absolute Beginner, 3rd Edition
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy