an organization’s technology and information assets must abide.
The reason to have a security policy is to have a baseline of the current security condition and also setting up a framework for security purposes such as defining what type of behaviors is allowed or not allowed. It also determines which tools to use when necessary and the procedures on handling security incidents so as to mitigate them.
Network security is a continuous process cycle and is built around the policy which usually involves 4 steps or more.
1.) Securing the network - Implement security solution such as authentication,encryption and firewalls to prevent unauthorized access and to protect information.
2.) Monitoring Security - Monitors system logging and real-time intrusion detection on the network to prevent violation towards the security policy.
3.) Test security - Validates the security and effectiveness through system auditing and pen-testing.
4.) Update/Improvise Security - Uses information from the previous phase to improvise and make changes to the security policy and having training for the staffs where necessary.
The following diagram of the security policy life cycle:
References:
OLIVE teaching materials.
No comments:
Post a Comment