……….
Reasons for Investing in Network Security
• Invest in network security to protect assets from threats
• Data including software and hardware Assets
• Danger or vulnerability to assets Threats
• Response to threats Risk management
Security Design and Implementation
• Ensures that a logical and carefully planned strategy is used for securing organization’s assets
• Ensures that security is applied throughout the organization in a controlled and logical manner
• Creates policies and procedures for security
• Applies the policies and procedures created during the design to the organization’s assets
• Ensures that policies and procedures are deployed consistently throughout the organization
Security Design
Security Implementation
Security Policies and Procedures
• Security procedures provide detailed steps that describe how to implement policies
• Administrative policies are enforced by management
• Technical policies are enforced by operating systems and applications
• Physical policies are enforced by physical controls such as locks
• Security policies describe what must be implemented to secure a network
Reasons for Security Policy Failure
Security policies often fail because they are:
Not enforced
Difficult to read
Difficult to find
Outdated
Too strict
Not supported by management
Guidelines for Creating Policies and Procedures
Guidelines include:
Write clear and concise policies
Write simple procedures
Obtain management support
Make policies and procedures easily accessible
Ensure no disruption to business processes
Implement technology where possible
Ensure that consequences are consistent for policy violation