A network
security policy, or NSP,
is a generic document that outlines rules for computer network access, determines how policies are
enforced and lays out some of the basic architecture of the company security/ network security environment. The document itself is
usually several pages long and written by a committee. A security policy goes
far beyond the simple idea of "keep the bad guys out". It's a very
complex document, meant to govern data access, web-browsing habits,
use of passwords and encryption, email attachments
and more. It specifies these rules for individuals or groups of individuals
throughout the company.
Security policy should
keep the malicious users out and also exert control over potential risky users
within your organization. The first step in creating a policy is to understand
what information and services are available (and to which users), what the
potential is for damage and whether any protection is already in place to
prevent misuse.
In addition, the
security policy should dictate a hierarchy of access permissions; that is,
grant users access only to what is necessary for the completion of their work.
While writing the
security document can be a major undertaking, a good start can be achieved by
using a template. National Institute for Standards and Technology provides a security-policy guideline.
The policies could be
expressed as a set of instructions that could be understood by special purpose network hardware dedicated for securing the network.
0 commentaires:
Enregistrer un commentaire