A network security policy is a set of rules for computer network access. It is usually written by a committee of members, rather than a single individual. The security policy of a network is meant to govern access to data, web browsing actions, what can be attached in an email, and the various passwords and encryption protocols used. These rules apply for all personnel throughout the company.
To start writing a security document from scratch can be quite an uphill task. A good way to start writing security policies is to use a template. The National Institute for Standards and Technology has also provided a security policy guideline to writing the rules out. Another way of writing a security policy is do perform a risk analysis. From there, the results of the risk analysis can be thoroughly studied, and policies can be written to lessen or negate the security risks found within the network.To ensure that the security policy is effective, the employees of a company should be required to read through and state clearly that they have read and understood the various regulations that have been stated within the security policy. This would serve to reduce the amount of security breaches due to negligence or ignorance.
references: http://en.wikipedia.org/wiki/Network_security_policy
No comments:
Post a Comment