Home > Articles > Security > Network Security

  • Print
  • + Share This
This chapter is from the book


Policy plays an integral role in security effectiveness. Educating users on their responsibility to enhance security can have a twofold effect: It ensures that deployed equipment can perform tasks with greater effectiveness, and it creates an environment that encourages and supports individual responsibility.

The business case for network security requires that soft elements be acknowledged, considered, and ultimately weighted through adoption of an analytical process. Risk, and aversion to it, must be quantified before effective programs can be developed and put in motion. It is a fundamental step in the process of formulating concrete ROP results.

This chapter focused its discussion of policy on the following topics:

  • Outlining steps to secure the physical organization, both equipment and access

  • Understanding the importance of operations management of physical and logical equipment

  • Safely deploying new software and understanding privacy concerns

  • Promoting the need for consistent confidentiality labeling and equipment tagging

  • Understanding the need to mobilize the human element within an organization to create a security culture

  • Defining policies, detailing pertinent processes, and assigning ownership

  • Exploring corporate and user compliance

  • Developing a process to work through crises, using business continuity planning

  • Acknowledging common vulnerabilities in security policies

  • Introducing a fundamental step to quantify soft issues: surveying senior management

The next chapter advances the discussion by focusing on the board and presenting the issues inherent in security governance. Chapter 7 focuses on the IT manager, providing him with an overview of the business side of the organization and equipping him with the necessary tools to effectively lobby his senior-management colleagues on the merits of investing in security. Chapter 7 also introduces the next survey, the Infosec Operational (IO) survey, the results of which are explored in Chapter 8.

  • + Share This
  • 🔖 Save To Your Account