You are probably deploying Check Point Next Generation (NG) with Application Intelligence (AI) to protect something. Do you know what you are protecting, what you are protecting it from, and how you are protecting it? Before you can effectively deploy any security control, especially a powerful tool like Check Point NG AI, you need to have an Information Security Policy. This is not to be confused with the Check Point Security Policy, which, according to Check Point, is Defined in terms of a Rule Base and [FW-1 NG AI] Properties. (www.checkpoint.com/products/downloads/fw1-4_1tech.pdf) We are talking about an enterprise-wide information security policy that includes a written Security Policy accompanied by standards, guidelines, and procedures for implementing and maintaining an information security program. (This is explained in more detail in the next section.)
Many organizations now find the need to have an articulated information security policy. Having such policies makes organizations more effective in their preventative, detective, and responsive security measures. Moreover, as a result of government regulations, organizations in certain vertical industries are required to have formally documented information security policies.
In addition, an Information Security Policy is also extremely beneficial to the security manager because it provides, at an executive level, a mandated framework for ensuring the confidentiality, integrity, and availability of an organization s information assets. What this means is that the security manager has some weight in their corner for budget requests when they have an approved Information Security Policy.
For the security administrator, having a written and approved policy can ensure that they are able to deploy Check Point NG AI in a way that minimizes disruption to business but enforces the protection necessary to keep business functioning. Think of the written policy as a recipe to ensure that you configure everything correctly.