network security policy why do i need a network security policy? dr. charles t. wunker
TRANSCRIPT
- Slide 1
Slide 2 Network Security Policy Why do I need a network security policy? Dr. Charles T. Wunker Slide 3 Network Security Policy If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle. Excerpt from The Art of War by Sun Tzu ( Retrieved July 13, 2006, from http://classics.mit.edu/Tzu/artwar.html) http://classics.mit.edu/Tzu/artwar.html Slide 4 Network Security Policy If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle. Excerpt from The Art of War by Sun Tzu ( Retrieved July 13, 2006, from http://classics.mit.edu/Tzu/artwar.html) http://classics.mit.edu/Tzu/artwar.html Slide 5 Network Security Policy Know Your Enemy Why would someone want to attack you? What do you have that they want? What is the value to the attacker? How could they attack you? What are the chances of an attack? System failure or natural disaster? Is the enemy also within? Slide 6 Network Security Policy Know Yourself What needs to be protected? What is the value to you? What is the effect on the organization if assets are accessed, stolen, damaged, or made public? How can these assets be protected? What protection is in place? Is it adequate? Slide 7 Network Security Policy List assets that needs to be protected Identify those that may access the information (level of access) Security tools to prevent unauthorized access (general strategies) Rules & regulations. (can and cannot do) Backup & recovery policy Penalties & punishment Who has the responsibilities What should be in the policy? Slide 8 Network Security Policy Sufficient depth Written in clear, unambiguous language Concise (to the point) Include version number and date Enforceable How should it be written? Slide 9 Network Security Policy Your system is only as strong as the weakest link! Dr. Charles Wunker Is your system secure? Slide 10 Network Security Policy Slide 11 Slide 12 Slide 13 Avolio, F. (2000, March 20). Best Practices in Network Security, Network Computing. Retrieved July 2, 2002, from Business Source Premier.Business Source Premier Ellis, C. (2003, Feb) '7 Steps' for network security, Communications News. Retrieved June 24, 2003, from Business Source Premier.Business Source Premier Jacobs, J.; Pearl, M.; Irvine, S. (2001, March). Protecting Online Privacy to Avoid Liability. Association Management. Retrieved on Nov 9, 2002 from Business Source Premier.Business Source Premier Luzadder, D; Bryce, R; Gohring, N; Ploskina, B; Scanlon, B; Smetannikov, M; Spangler, T. (2001, Oct 22). Feeling Insecure, Interactive Week. Retrieved July 2, 2002, from Business Source Premier.Business Source Premier Palmer, M. (2001, May/June) Information Security Policy Framework: Best Practices for Security Policy in the E-commerce Age, Information Systems Security. Retrieved July 2, 2002, from Business Source Premier.Business Source Premier References Slide 14 Network Security Policy