Security Policy

Security Policy

Security Policy is a definition of what it means to be secure for a system, organization or other entity. For an organization, it addresses the constraints on behavior of its members as well as constraints imposed on adversaries by mechanisms such as doors, locks, keys and walls. The reason to have a security policy is to have a baseline of the current security condition and also setting up a framework for security purposes such as defining what type of behaviors is allowed or not allowed. It also determines which tools to use when necessary and the procedures on handling security incidents so as to mitigate them. 

The policies could be expressed as a set of instructions that could be understood by special purpose network hardware dedicated for securing the network.

Network security is a continuous process cycle and is built around the policy which usually involves 4 steps or more.


1.) Securing the network - Implement security solution such as authentication,encryption and firewalls to prevent unauthorized access and to protect information.


2.) Monitoring Security - Monitors system logging and real-time intrusion detection on the network to prevent violation towards the security policy.


3.) Test security - Validates the security and effectiveness through system auditing and pen-testing.


4.) Update/Improvise Security - Uses information from the previous phase to improvise and make changes to the security policy and having training for the staffs where necessary. 


Reference:


http://en.wikipedia.org/wiki/Network_security_policy
http://en.wikipedia.org/wiki/Security_policy