CS459/559 - Network Security - Chapter 2: Implementing a
Security Policy
-
Planning Your Security Policy
-
Identify what you need to protect
-
Determine who may do harm to any of the items listed in step
1.
-
Determine what types of threats exist.
-
Determine your priorities
-
Implementing Your Security Policy
-
Automate the Security Process
-
Identification and authentication
-
Access control
-
Accountability
-
Audit trails
-
Object resuse
-
Accuracy
-
Reliability
-
Data Exchange
-
Limit User Access
-
Level 1: Systems administrator/network supervisor
-
Level 2: Network administrators
-
Level 3: Power Users
-
Level 4: Task-oriented users
-
Publish Your Policy
-
The user will follow all established password practices set
forth in the policy statement
-
The user agrees not to allow any authorized personnel to
access systems or data
-
The user agrees not to gain access or attempt to gain access
to any systems or data to which he or she does not have authority to access
-
The user agrees not to introduce any foreign programs into
the system without authorization
-
The user agrees that the company has the right to monitor
use of the system
-
Avoid Danger
-
Schedule Security Drills
-
Performing Background Checks
-
Striking a Balance Between Security and Privacy
-
Responding to Violations
-
Is it a Real Threat?
-
Set Up an Action Plan
-
Establish Policies for Different Types of Violators
-
Non-Technology Security Policies
-
Dumpster Diving
-
Photocopy Regulations
-
Phony Workmen
-
The Secretary's Desk
-
Meetings and Tradeshows
-
Survivable Systems