Cisco Cisco IPS 4255 Sensor Weißbuch
Network Security Policy: Best Practices White
Paper
Paper
Document ID: 13601
Contents
Introduction
Preparation
Create Usage Policy Statements
Conduct a Risk Analysis
Establish a Security Team Structure
Prevention
Approving Security Changes
Monitoring Security of Your Network
Response
Security Violations
Restoration
Review
Related Information
Preparation
Create Usage Policy Statements
Conduct a Risk Analysis
Establish a Security Team Structure
Prevention
Approving Security Changes
Monitoring Security of Your Network
Response
Security Violations
Restoration
Review
Related Information
Introduction
Without a security policy, the availability of your network can be compromised. The policy begins with
assessing the risk to the network and building a team to respond. Continuation of the policy requires
implementing a security change management practice and monitoring the network for security violations.
Lastly, the review process modifies the existing policy and adapts to lessons learned.
assessing the risk to the network and building a team to respond. Continuation of the policy requires
implementing a security change management practice and monitoring the network for security violations.
Lastly, the review process modifies the existing policy and adapts to lessons learned.
This document is divided into three areas: preparation, prevention, and response. Let's look at each of these
steps in detail.
steps in detail.
Preparation
Prior to implementing a security policy, you must do the following:
Create usage policy statements.
•
Conduct a risk analysis.
•
Establish a security team structure.
•
Create Usage Policy Statements
We recommend creating usage policy statements that outline users' roles and responsibilities with regard to
security. You can start with a general policy that covers all network systems and data within your company.
This document should provide the general user community with an understanding of the security policy, its
purpose, guidelines for improving their security practices, and definitions of their security responsibilities. If
your company has identified specific actions that could result in punitive or disciplinary actions against an
employee, these actions and how to avoid them should be clearly articulated in this document.
security. You can start with a general policy that covers all network systems and data within your company.
This document should provide the general user community with an understanding of the security policy, its
purpose, guidelines for improving their security practices, and definitions of their security responsibilities. If
your company has identified specific actions that could result in punitive or disciplinary actions against an
employee, these actions and how to avoid them should be clearly articulated in this document.
The next step is to create a partner acceptable use statement to provide partners with an understanding of the
information that is available to them, the expected disposition of that information, as well as the conduct of
the employees of your company. You should clearly explain any specific acts that have been identified as
information that is available to them, the expected disposition of that information, as well as the conduct of
the employees of your company. You should clearly explain any specific acts that have been identified as