Why Do You Require Security Policy?

Secure system planning and administration is the human side of computer security

. Even in a highly trusted system, security isnt automatic. Administrators need a written guideline, spelled out beforehand, that clearly outlines what steps to take and what procedures to follow in the pursuit of security. The assault on trusted systems seems relentless these days, as vulnerability after vulnerability has riddled both the Windows and Linux worlds, and perfidy abounds both inside and outside an organizations walls. If there is safety in the changing world of security, it seems to lie not in what our equipment or software does for us, but in what we do for ourselves. The first step in maintaining security today is to set security policies for our organizations, and then to exercise diligence in promulgating and maintaining them. This effort cuts across all layers. Although the security administrators carry out the security policy in terms of protection, detection, and enforcement, it is the users who must keep the security and the owners and managers who must authorize and sustain it, and administer the required sanctions against those who violate it.

For example, your organizations security policy may require regular backups, but its the administrator who must actually run the backups. Once administrators train users to copy files to areas that will be protected, managers must deal with noncompliance. Similarly, administrators may tell users to avoid writing down machine-issued passwords and laying them near their keyboards, but management must give the policy teeth.

The most critical area for all layers to come together is likely incident response what to do once a breach occurs. Decisions about evidence preservation, notifying authorities (and which ones), and what to do next must be hashed out before the fact. These should be codified in writing and distributed to all persons likely to be affected.

The security policy is a living document that must be examined and updated regularly. Training users, administrating passwords, backing up system-critical files, setting up and tuning firewalls and intrusion detection systems, and examining audit logs: these are some of the many ways that a systems abstract security policy gets translated into real world defenses. This is the role of the security administrator.

Security grows down into an organization once a written policy dictates it is required. Administratively, this means that management creates and sustains the demand for things to be done according to certain standards and levels. This requires that risks be categorized and prioritized, and the value of the asset to be protected is weighed against the cost of its protection.

Security policies require procedures. Security procedures include holding regular security audits, and implementing rules such as separation of duties and use of two-man controls. To insure people know how execute security procedures requires security training. To make sure people actually follow policies and procedures requires oversight and enforcement. For there to be enforcement, management must be involved. Management, after all, sets the policies.

by: Spec India

POST COMMENT

It's Time to Take Email Archiving & Security Seriously Remove Security Suite - How to Remove Security Suite Completely What is My Security Shield - Remove My Security Shield completely! What is AV Security Suite - Remove AV Security Suite completely! What is Security Master AV - Remove Security Master AV completely! Personal Security Comes In Many Forms Meals Security in the Cooking area How to Get Rid of Security Tool Antivirus? Eliminate and Remove Security Tool Fake Antivirus Completely How to remove Security Tool Antivirus? How To Build A Laser Security System The Basic Importance Of A Security Fixture How to Get Rid of Security Suite Virus? Eliminate and Remove Security Suite Fake Antivirus Completely Security Bookshelves Security Recessed Seats