What is a security policy?
- 1 Answers
- 4879 Views
- I also Faced
- E-Mail Answers
Answer / yogendra
So the first inevitable question we need to ask is, “what
exactly is a security policy”? Well, a policy would be some
form of documentation that is created to enforce specific
rules or regulations and keep a structure on procedures.
Here, in the context of ‘security’, is simply a policy
based around procedures revolving around security. Think of
any other kind of policy… a disaster recovery policy is a
set of procedures, rules and plans revolving around having
a disaster and how to recover from it. Security polices are
much the same. Ok, now that you have the general idea now,
lets talk about what the security policy will generally
provide. Remember… a security policy is the foundation and
structure in which you can ensure your comprehensive
security program can be developed under. If I can make an
analogy, a security policy is like the spine, and the
firewalls, IDS systems and other infrastructure is the meat
and flesh covering it up. There are a great many things you
will need to understand before you can define your own.
Security policies are generally overlooked, not implemented
or thought of when it’s already too late. To keep you in
the loop on what this means, we can flip flop back to the
example I first stated with the Porn Surfer… It doesn’t
help ‘after’ the fact when your dealing with a court case,
if you had a policy in place to keep people informed about
what it is they can or cannot do (like surf the web during
business hours hitting sites that are not business related)
they may not do it in the first place, and If they do, you
have a tool (the policy) to hold them accountable.
So, now that we understand the fundamentals of what a
security policy is, lets sum it up in one sentence before
we move forward… A security policy is a living document
that allows an organization and its management team to draw
very clear and understandable objectives, goals, rules and
formal procedures that help to define the overall security
posture and architecture for said organization. This
article will cover the most important facts about how to
plan for and define a security policy of your own, and most
of all, to get you to think about it – whether you already
have one or not.
A security policy must also be created with a lot of
thought and process. You can make a security policy too
restrictive. If you do, you could cause a lot of strain on
your employees, who may be accustomed to one way of doing
business, and it may take awhile to grow them into a more
restrictive security posture based on your policy. A
security policy should contain some important functions and
they are as follows.
| Is This Answer Correct ? | 3 Yes | 0 No |
What is terminal emulation, in which layer it comes
Cannot ping host machine(windows xp) from virtual machine(linux)in VMware, but can ping to Vmnet1 from virtual machine(linux) and can also ping from host machine(XP) to virtual mach.(linux), both side firewalls are disabled, networking type=host only.
What do you do when you get blue screen in a computer? How do you troubleshoot it?
What is information security?
What are the main components of the CERT Taxonomy?
What is stateful inspection firewall?
What are the types of LAN cables used? What is a cross cable?
What are the stipulations of C2 level security?
congestion at network due to buffer overflows and packet dropping leads to a message confidentiality threat named.....
What is the purpose of a firewall?
How to you keep yourself updated on network security ?
Explain in mobile and computer and home is it possible that we see and listen person voice and activity carefully for destroying their privacy?
Networking Protocols 
