Organizations use a formal set of policies to help guide their security requirements. In this video, you’ll learn about security policies and how they are used to develop a formal security posture.
<< Previous: Switch Port SecurityNext: Disabling Unneeded Services >>
One way to maintain a good security posture is to have everyone understanding exactly what level of security you should have in your organization. And you can do this by creating formal security policies. This will be the starting point so that everybody knows exactly what devices need to be secure and how you’re going to have that security put in place.
This is usually something that’s well-documented. You’re sitting down and writing a very formal document that describes security from the very beginning to the very end and everything in between. It’s the management of an organization that decides what needs to be secure. It’s then up to the IT department and the security teams to implement a security structure that’s going to provide that security.
Security policies will often define what you need in place to prevent an attack from the outside. You may have a security policy that specifies what types of firewalls and where they will sit in the organization. There might also be intrusion prevention systems or other types of security components to help against those attacks.
You might also have security policies that specify how malware will be protected against so you might require antivirus software. There might be a need for a proxy server inside of your environment. Or you may need real time network scanning in your firewalls themselves.
You might also have part of your security policy revolve around password security and training of your users. They’re often the weakest link when it comes to security, so you want to be sure they’re as knowledgeable as possible of the expectations that are on them for the security of the organization. And if people are outside the organization and they need access to your internal resources, you may need security policies for remote access. This policy might include VPN software or multi-factor authentication, or anything that would allow you to confirm that the people connecting to your network from the outside are absolutely authorized to do so.