Your security policies and your network policies should be closely related. In this video, you’ll learn about the important of security policies and network policies, the use of an acceptable use policy, and common agreements with third-parties.
<< Previous: Ethernet StandardsNext: Safety Practices >>
Every organization needs to have a security policy. This is the document that details exactly how your organization and its data are to be secured. Every company has a set of business requirements, and those business requirements need to be translated into the security policy that will be used by your organization.
There are many different areas of security that are covered by the security policy– everything from physical security to data security and even how your information for HR will be handled as people are brought on board and people are off-boarded. These security policies also contain monitoring consents and other information to make people aware of what security is in place.
In many countries, the business can monitor everything the users are doing. In some countries, the businesses are not allowed to look at any of this information. So these policies should be well documented, especially those associated with the monitoring of the data coming from the users.
A network policy is one that describes how people are to use the network. Every organization is a little bit different in their philosophy around what is acceptable on a network and what is not. This is often closely tied to the security policy of course, because there are a lot of links between how people are using the network and the security of our data.
Network policies might also include things like acceptable use policies, where you are clearly documenting what is acceptable on this network and what is not acceptable on this network. And it is well documented and very detailed with exactly what is allowed and what is not. In some cases, organizations require that someone sign or validate this acceptable use policy before they’re even granted access to the network.
Security policies and network policies are important internal documents, but if you’re working with a third party, there are a number of agreements that have to be used. One might be a service level agreement. One of these agreements might be a service level agreement. If you’re acquiring services from a third party, you need to document exactly what level of service you’re expecting.
If this is a wide-area network provider, th then you’re expecting a certain amount of uptime and a certain amount of throughput. And if those standards aren’t met, the service level agreement needs the detail what the penalties might be to the service provider for not meeting these minimum service level agreements.
A more informal document might be a memorandum of understanding or an MOU. This is an informal letter of intent. It has no signatures associated with it, but it might have information that describes the confidentiality of a particular agreement.
Another important agreement is a master service agreement or MSA. This is very useful if you have not just one project going on but multiple projects with a third party. You can create this umbrella agreement that’s going to have contractual terms and any other types of service level agreements that will apply to all of these different projects.
A very detailed agreement is something like a statement of work or an SOW. A statement of work is a very detailed and itemized list of what is expected to be done when services are rendered. This is often paired with a master service agreement so that you can have an umbrella agreement of minimum terms and a statement of work that provides some detailed information of the services.