Week Seventeen - Security+ Guide to Network Security...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 14 Security Policies and Training
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Security+ Guide to Network Security Fundamentals, Third Edition Objectives Define organizational security policy List the types of security policies Describe how education and training can limit the impact of social engineering 2
Background image of page 2
Security+ Guide to Network Security Fundamentals, Third Edition Organizational Security Policies Plans and policies must be established by the organization – To ensure that users correctly implement the hardware and software defenses One of the key policies is an organizational security policy 3
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Security+ Guide to Network Security Fundamentals, Third Edition What Is a Security Policy? Security policy – A written document that states how an organization plans to protect the company’s information technology assets An organization’s information security policy can serve several functions: – It can be an overall intention and direction – It details specific risks and how to address them – It can create a security-aware organizational culture – It can help to ensure that employee behavior is directed and monitored 4
Background image of page 4
Security+ Guide to Network Security Fundamentals, Third Edition Balancing Trust and Control An effective security policy must carefully balance two key elements: trust and control Three approaches to trust: – Trust everyone all of the time – Trust no one at any time – Trust some people some of the time Deciding on the level of control for a specific policy is not always clear – The security needs and the culture of the organization play a major role when deciding what level of control is appropriate 5
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Security+ Guide to Network Security Fundamentals, Third Edition 6 Balancing Trust and Control (continued)
Background image of page 6
Security+ Guide to Network Security Fundamentals, Third Edition Designing a Security Policy Definition of a policy Standard • A collection of requirements specific to the system or procedure that must be met by everyone Guideline • A collection of suggestions that should be implemented Policy • Document that outlines specific requirements or rules that must be met 7
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Security+ Guide to Network Security Fundamentals, Third Edition Designing a Security Policy (continued) A policy generally has these characteristics: – Policies communicate a consensus of judgment – Policies define appropriate behavior for users – Policies identify what tools and procedures are needed – Policies provide directives for Human Resource action in response to inappropriate behavior – Policies may be helpful in the event that it is necessary to prosecute violators 8
Background image of page 8
Security+ Guide to Network Security Fundamentals, Third Edition Designing a Security Policy (continued) The security policy cycle – The first phase involves a risk management study • Asset identification • Threat identification • Vulnerability appraisal • Risk assessment
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 33

Week Seventeen - Security+ Guide to Network Security...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online