Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common...
-
Upload
martha-watson -
Category
Documents
-
view
212 -
download
0
Transcript of Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common...
![Page 1: Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.](https://reader035.fdocuments.us/reader035/viewer/2022081007/56649e2c5503460f94b1aacf/html5/thumbnails/1.jpg)
Network Security Policy
Anna Nash
MBA 737
![Page 2: Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.](https://reader035.fdocuments.us/reader035/viewer/2022081007/56649e2c5503460f94b1aacf/html5/thumbnails/2.jpg)
Agenda
Overview Goals Components Success Factors Common Barriers Importance Questions
![Page 3: Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.](https://reader035.fdocuments.us/reader035/viewer/2022081007/56649e2c5503460f94b1aacf/html5/thumbnails/3.jpg)
Overview
A Network Security Policy: Provides rules for access to and proper use of
computer and network resources Defines procedures to prevent and respond to
improper use of network components, including associated data and systems
![Page 4: Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.](https://reader035.fdocuments.us/reader035/viewer/2022081007/56649e2c5503460f94b1aacf/html5/thumbnails/4.jpg)
Goals
The goal of Network Security Policy is to: Strategically align network controls with enterprise
business objectives in a value added fashion Provide the appropriate mechanisms for
effectively managing risk related to the network infrastructure and network-accessible assets
Provide the metrics needed to ensure that network security risks are appropriately mitigated and access policies effectively followed
![Page 5: Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.](https://reader035.fdocuments.us/reader035/viewer/2022081007/56649e2c5503460f94b1aacf/html5/thumbnails/5.jpg)
Components
Network security policies are subjective, developed to meet the specific goals and risks of each individual organization
However, there are components common to all successful network security policies, including: Asset Management HR Security Physical Security Communications/Operations Management Access Control Software Security Incident Management Business Continuity Management Compliance
![Page 6: Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.](https://reader035.fdocuments.us/reader035/viewer/2022081007/56649e2c5503460f94b1aacf/html5/thumbnails/6.jpg)
Components: Asset Management Asset Management is the set of policies and procedures
designed to protect organizational assets Assets include information, software assets, physical assets,
people and intangibles such as reputation Typical Asset Management Policies include:
Inventory Ownership Assignment Defined Acceptable Use
![Page 7: Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.](https://reader035.fdocuments.us/reader035/viewer/2022081007/56649e2c5503460f94b1aacf/html5/thumbnails/7.jpg)
Components: HR Security
HR Security is the set of policies and procedures designed to ensure employees, contractors and third party users understand their responsibilities and are an appropriate fit for their role(s) within the organization.
HR policies can be targeted to different timeframes Prior to employment During employment Termination / Change of employment
Typical HR Security Policies include: Screening / Background Checks Security Awareness Training Disciplinary Processes Termination Responsibilities Removal of Access Rights
![Page 8: Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.](https://reader035.fdocuments.us/reader035/viewer/2022081007/56649e2c5503460f94b1aacf/html5/thumbnails/8.jpg)
Components: Physical Security Physical Security is the set of policies and procedures
designed to prevent unauthorized physical access, damage and interference to the organization’s physical premises and information
Should also prevent loss or theft of physical assets Typical Physical Security Policies include:
Physical entry policies Security of offices, rooms and facilities Equipment maintenance procedures Security of equipment off-premises Disposal or removal of property
![Page 9: Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.](https://reader035.fdocuments.us/reader035/viewer/2022081007/56649e2c5503460f94b1aacf/html5/thumbnails/9.jpg)
Components: Communications/Operations Mgt. Communications and Operations Management
policies and procedures are designed to ensure the correct and secure operation of IT facilities
This encompasses a broad set of controls including: Malicious code protection Back-Ups Network Controls Handling and Disposal of removable media Protection of information exchange including E-Mail Protection of on-line transactions Logging and Monitoring of systems to record security
events
![Page 10: Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.](https://reader035.fdocuments.us/reader035/viewer/2022081007/56649e2c5503460f94b1aacf/html5/thumbnails/10.jpg)
Components: Access Control
Access Control policies and procedures are designed to control access to the organization’s information
Access Control policies typically include: User access management User permission management Password management Reviews of access Authentication mechanisms Network separation and associated controls Telework controls and restrictions
![Page 11: Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.](https://reader035.fdocuments.us/reader035/viewer/2022081007/56649e2c5503460f94b1aacf/html5/thumbnails/11.jpg)
Components: Software Security Software security policies and procedures are
designed to ensure security is an integral part of IT systems (both those systems provided by third parties, and those developed in-house)
Typical Software Security policies include: Security requirements Input data validation Output validation Integrity Checks Encryption Requirements Change Control Security Patching / Vulnerability Management
![Page 12: Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.](https://reader035.fdocuments.us/reader035/viewer/2022081007/56649e2c5503460f94b1aacf/html5/thumbnails/12.jpg)
Components: Incident Management Incident Management policies and procedures are
designed to ensure that security events are discovered, communicated and corrected in a timely manner
Typical Incident Management policies include: Reporting of events Reporting of vulnerabilities and weaknesses Incident Handling and Recovery Reporting of lessons learned after incidents
![Page 13: Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.](https://reader035.fdocuments.us/reader035/viewer/2022081007/56649e2c5503460f94b1aacf/html5/thumbnails/13.jpg)
Components: Business Continuity Management Business Continuity Management policies and procedures are
designed to minimize the impact of system failures or disasters and to ensure timely recovery of critical systems
Scope includes both preventative and recovery controls Organization must understand the business impact of failures
and disasters prior to formulating policies for prevention and recovery
Typical Business Continuity Management policies include: Scope definition (requirements for critical business continuity) Continuity Plan Testing and maintenance of plan
![Page 14: Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.](https://reader035.fdocuments.us/reader035/viewer/2022081007/56649e2c5503460f94b1aacf/html5/thumbnails/14.jpg)
Components: Compliance
Compliance policies and procedures are designed to help the organization avoid breaches of any relevant laws or regulatory requirements.
Should also focus on avoiding contractual breaches and security requirements or policy violations
Typical Compliance policies include: Documentation of applicable legislation Data protection (organization trade secrets, private
personal information) Information System Audit controls
![Page 15: Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.](https://reader035.fdocuments.us/reader035/viewer/2022081007/56649e2c5503460f94b1aacf/html5/thumbnails/15.jpg)
Network Security Policy: Success Criteria The success of a Network Security Policy is
directly related to: Policy’s alignment with business objectives Support from management Employee awareness & acceptance of policy Enforceability of the policy Corporate dedication to treat the policy as a living
document
![Page 16: Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.](https://reader035.fdocuments.us/reader035/viewer/2022081007/56649e2c5503460f94b1aacf/html5/thumbnails/16.jpg)
Network Security Policy: Common Barriers Barriers common to unsuccessful Network
Security Policies include: Lack of funding Lack of alignment with business objectives and
organizational risk Idiots
![Page 17: Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.](https://reader035.fdocuments.us/reader035/viewer/2022081007/56649e2c5503460f94b1aacf/html5/thumbnails/17.jpg)
Importance
The risks surrounding network based operations are increasing: Cyber attacks are growing both in frequency and severity There is a growing gap between the rate of technology
adoption and the rate of controls adoption Convergence of technologies has led to a convergence of
risk, increasing the potential impact of attaches The dependence on technology, particularly network
operations, is similarly increasing
![Page 18: Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.](https://reader035.fdocuments.us/reader035/viewer/2022081007/56649e2c5503460f94b1aacf/html5/thumbnails/18.jpg)
Questions
?