Network Security Policy

The network security policy , by defining who will be allowed access, who will be denied access, and what explicitly the policy is aiming to protect, supports the organization's primary security objectives.

RFC 2196, the "Site Security Handbook"

According to the "Site Security Handbook" (RFC 2196), found at http://www.faqs.org/rfcs/rfc2196.html:

"A security policy is a formal statement of the rules by which people who are given access to an organization's technology and information assets must abide a security policy is essentially a document summarizing how the corporation will use and protect its computing and network resources."

The Need for a Network Security Policy

A network security policy is essential. When defined to address a company's unique environment, a network security policy performs the following functions:

• Provides a general technical framework for security implementation

• Provides a process for auditing existing network security

• Defines which behavior is allowed and prohibited

• Supports the choice of tools and procedures to be used by the organization

• Defines roles and responsibilities

• Describes the process for incident reporting

• Provides a basis for legal action where necessary

• Enables global, enterprisewide security policy enforcement

In other words, without a security policy, you have no grounds to enforce, no baseline, and no accountability and you will be going nowhere fast!