1 / 13

Why do I need a network security policy?

Why do I need a network security policy?. Dr. Charles T. Wunker.

bonita
Download Presentation

Why do I need a network security policy?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Why do I need a network security policy? Dr. Charles T. Wunker

  2. “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” Excerpt from The Art of War by Sun Tzu  (Retrieved July 13, 2006, fromhttp://classics.mit.edu/Tzu/artwar.html)

  3. “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” Excerpt from The Art of War by Sun Tzu  (Retrieved July 13, 2006, fromhttp://classics.mit.edu/Tzu/artwar.html)

  4. Know Your Enemy • Why would someone want to attack you? • What do you have that they want? • What is the value to the attacker? • How could they attack you? • What are the chances of an attack? • System failure or natural disaster? • Is the enemy also within?

  5. Know Yourself • What needs to be protected? • What is the value to you? • What is the effect on the organization if assets are accessed, stolen, damaged, or made public? • How can these assets be protected? • What protection is in place? Is it adequate?

  6. What should be in the policy? • List assets that needs to be protected • Identify those that may access the information (level of access) • Security tools to prevent unauthorized access (general strategies) • Rules & regulations. (can and cannot do) • Backup & recovery policy • Penalties & punishment • Who has the responsibilities

  7. How should it be written? • Sufficient depth • Written in clear, unambiguous language • Concise (to the point) • Include version number and date • Enforceable

  8. Is your system secure? Your system is only asstrong as the weakest link! Dr. Charles Wunker

  9. References Avolio, F. (2000, March 20). Best Practices in Network Security, Network Computing. Retrieved July 2, 2002, from Business Source Premier. Ellis, C. (2003, Feb) '7 Steps' for network security, Communications News. Retrieved June 24, 2003, from Business Source Premier. Jacobs, J.; Pearl, M.; Irvine, S. (2001, March). Protecting Online Privacy to Avoid Liability. Association Management. Retrieved on Nov 9, 2002 from Business Source Premier. Luzadder, D; Bryce, R; Gohring, N; Ploskina, B; Scanlon, B; Smetannikov, M; Spangler, T. (2001, Oct 22). Feeling Insecure, Interactive Week. Retrieved July 2, 2002, from Business Source Premier. Palmer, M. (2001, May/June) Information Security Policy Framework: Best Practices for Security Policy in the E-commerce Age, Information Systems Security. Retrieved July 2, 2002, from Business Source Premier.

More Related