|[ LiB ]|
The network security policy , by defining who will be allowed access, who will be denied access, and what explicitly the policy is aiming to protect, supports the organization's primary security objectives.
According to the "Site Security Handbook" (RFC 2196), found at http://www.faqs.org/rfcs/rfc2196.html:
"A security policy is a formal statement of the rules by which people who are given access to an organization's technology and information assets must abide a security policy is essentially a document summarizing how the corporation will use and protect its computing and network resources."
A network security policy is essential. When defined to address a company's unique environment, a network security policy performs the following functions:
Provides a general technical framework for security implementation
Provides a process for auditing existing network security
Defines which behavior is allowed and prohibited
Supports the choice of tools and procedures to be used by the organization
Defines roles and responsibilities
Describes the process for incident reporting
Provides a basis for legal action where necessary
Enables global, enterprisewide security policy enforcement
In other words, without a security policy, you have no grounds to enforce, no baseline, and no accountability and you will be going nowhere fast!
|[ LiB ]|