130 likes | 221 Views
Why do I need a network security policy?. Dr. Charles T. Wunker.
E N D
Why do I need a network security policy? Dr. Charles T. Wunker
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” Excerpt from The Art of War by Sun Tzu (Retrieved July 13, 2006, fromhttp://classics.mit.edu/Tzu/artwar.html)
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” Excerpt from The Art of War by Sun Tzu (Retrieved July 13, 2006, fromhttp://classics.mit.edu/Tzu/artwar.html)
Know Your Enemy • Why would someone want to attack you? • What do you have that they want? • What is the value to the attacker? • How could they attack you? • What are the chances of an attack? • System failure or natural disaster? • Is the enemy also within?
Know Yourself • What needs to be protected? • What is the value to you? • What is the effect on the organization if assets are accessed, stolen, damaged, or made public? • How can these assets be protected? • What protection is in place? Is it adequate?
What should be in the policy? • List assets that needs to be protected • Identify those that may access the information (level of access) • Security tools to prevent unauthorized access (general strategies) • Rules & regulations. (can and cannot do) • Backup & recovery policy • Penalties & punishment • Who has the responsibilities
How should it be written? • Sufficient depth • Written in clear, unambiguous language • Concise (to the point) • Include version number and date • Enforceable
Is your system secure? Your system is only asstrong as the weakest link! Dr. Charles Wunker
References Avolio, F. (2000, March 20). Best Practices in Network Security, Network Computing. Retrieved July 2, 2002, from Business Source Premier. Ellis, C. (2003, Feb) '7 Steps' for network security, Communications News. Retrieved June 24, 2003, from Business Source Premier. Jacobs, J.; Pearl, M.; Irvine, S. (2001, March). Protecting Online Privacy to Avoid Liability. Association Management. Retrieved on Nov 9, 2002 from Business Source Premier. Luzadder, D; Bryce, R; Gohring, N; Ploskina, B; Scanlon, B; Smetannikov, M; Spangler, T. (2001, Oct 22). Feeling Insecure, Interactive Week. Retrieved July 2, 2002, from Business Source Premier. Palmer, M. (2001, May/June) Information Security Policy Framework: Best Practices for Security Policy in the E-commerce Age, Information Systems Security. Retrieved July 2, 2002, from Business Source Premier.