9781111640125_IM_ch14

Security+ Guide to Network Security Fundamentals

  • Notes
  • 11
  • 100% (1) 1 out of 1 people found this document helpful

This preview shows page 3 - 5 out of 11 pages.

What Is a Security Policy? 1. Define a security policy as a written document that states how an organization plans to protect the company’s information technology assets. 2. Describe some of the functions served by a security policy, including the following: a. It can be an overall intention and direction, formally expressed by the organization’s management. b. It details specific risks and how to address them, and provides controls that executives can use to direct employee behavior. c. It can create a security-aware organizational culture. d. It can help to ensure that employee behavior is directed and monitored to ensure compliance with security requirements. Balancing Trust and Control 1. Mention that an effective security policy must carefully balance two key elements: trust and control. 2. Describe the following three approaches to trust: a. Trust everyone all of the time. b. Trust no one at any time. c. Trust some people some of the time. Teaching Tip Security policies, along with the accompanying procedures, standards, and guidelines are keys to implementing information security in an organization. Having a written security policy empowers an organization to take appropriate action to safeguard its data.
Image of page 3

Subscribe to view the full document.

Security+ Guide to Network Security Fundamentals, Fourth Edition 14-4 3. Explain that deciding on the level of control for a specific policy is not always clear. The security needs and the culture of the organization play a major role when deciding what level of control is appropriate. 4. Mention that because security policies are a balancing act between trust and control, not all users have positive attitudes toward security policies. Use Table 14-1 to illustrate your explanation. Designing a Security Policy 1. Define a standard as a collection of requirements specific to the system or procedure that must be met by everyone. A guideline is a collection of suggestions that should be implemented. 2. Define a policy as a document that outlines specific requirements or rules that must be met. 3. Describe the general characteristics of a policy, including the following: a. Policies communicate a consensus of judgment. b. Policies define appropriate behavior for users. c. Policies identify what tools and procedures are needed. d. Policies provide directives for Human Resource action in response to inappropriate behavior. e. Policies may be helpful in the event that it is necessary to prosecute violators. 4. Explain that most organizations follow a three-phase cycle in the development and maintenance of a security policy. The first phase involves a risk management study. The second phase of the security policy cycle is to use the information from the risk management study to create the policy. The final phase is to review the policy for compliance. Use Figure 14-2 to illustrate your explanation.
Image of page 4
Image of page 5
You've reached the end of this preview.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern