Interested to Buy Any Domain ? << Click Here >> for more details...
What is a security policy?
- 1 Answers
- 5691 Views
- I also Faced
- E-Mail Answers
Answer / yogendra
So the first inevitable question we need to ask is, “what
exactly is a security policy”? Well, a policy would be some
form of documentation that is created to enforce specific
rules or regulations and keep a structure on procedures.
Here, in the context of ‘security’, is simply a policy
based around procedures revolving around security. Think of
any other kind of policy… a disaster recovery policy is a
set of procedures, rules and plans revolving around having
a disaster and how to recover from it. Security polices are
much the same. Ok, now that you have the general idea now,
lets talk about what the security policy will generally
provide. Remember… a security policy is the foundation and
structure in which you can ensure your comprehensive
security program can be developed under. If I can make an
analogy, a security policy is like the spine, and the
firewalls, IDS systems and other infrastructure is the meat
and flesh covering it up. There are a great many things you
will need to understand before you can define your own.
Security policies are generally overlooked, not implemented
or thought of when it’s already too late. To keep you in
the loop on what this means, we can flip flop back to the
example I first stated with the Porn Surfer… It doesn’t
help ‘after’ the fact when your dealing with a court case,
if you had a policy in place to keep people informed about
what it is they can or cannot do (like surf the web during
business hours hitting sites that are not business related)
they may not do it in the first place, and If they do, you
have a tool (the policy) to hold them accountable.
So, now that we understand the fundamentals of what a
security policy is, lets sum it up in one sentence before
we move forward… A security policy is a living document
that allows an organization and its management team to draw
very clear and understandable objectives, goals, rules and
formal procedures that help to define the overall security
posture and architecture for said organization. This
article will cover the most important facts about how to
plan for and define a security policy of your own, and most
of all, to get you to think about it – whether you already
have one or not.
A security policy must also be created with a lot of
thought and process. You can make a security policy too
restrictive. If you do, you could cause a lot of strain on
your employees, who may be accustomed to one way of doing
business, and it may take awhile to grow them into a more
restrictive security posture based on your policy. A
security policy should contain some important functions and
they are as follows.
| Is This Answer Correct ? | 3 Yes | 0 No |
What factors would you consider before deploying a web intrusion detection system?
How long can a ddos attack last?
what is sites, why we use it.
What is a wild card certificate ? can I use it for all my appliance in the network ?
What is 3 DES 256 bit security in IPSec technology.
A System programmer have access to computer room, it is possible that he may undertake some unauthorised activities at any time, due to his deep knowledge how can a control build to avoid the risk?
What is the difference between HTTP and HTTPS where u can use HTTPS
How do we test for stateful packet in firewall ? Do we need scripts written for this ?
Can you give me some ransomware variants?
what is active directory partication ?
What is difference between arp & rarp? How both of these protocols will work, and where it will use?
What are the vulnerabilities according to the extended CERT Taxonomy?
Networking Protocols 
