StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Successful Implementation of Network Security Policies - Assignment Example

Cite this document
Summary
This paper "Successful Implementation of Network Security Policies" focuses on the dividing of operation, development, and test systems to reduce the risk of illegal alteration or access. To operate properly, each type of computing network requires a known and secure environment…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER91.3% of users find it useful
Successful Implementation of Network Security Policies
Read Text Preview

Extract of sample "Successful Implementation of Network Security Policies"

Configuring Files, NTFS, and Backups of the of Configuring Files, NTFS, and Backups Introduction We are living in an era where information is now an expensive and an essential commodity, the need to protect the integrity of data that are being transmitted becomes compulsory. As information becomes precious number of Security threats and attacks to it are growing. Network security is the ability to preserve the integrity of a system or network, its information processing environment. It demands controlling access, adaptable use and implementing emergency plans. It also involves monitoring and protection of data infrastructure services from unauthorized access. Security breaches possibly caused by human actions, which could be malicious, accidental, or through improper installation, operation or configuration. This paper presents guidelines that should be adopted to ensure efficient management and security of any information and communication technology network. These guidelines are written with keeping in mind of a less experienced IT network managers, to assist them in understanding and dealing with the risks they face. Upon implementation, these guidelines will go a long way in easing with problems of network insecurity. Network security Policy Network security policy guidelines are the practices and rules followed by an institution to protect its information resources. These polices must be documented, developed, reviewed, implemented and evaluated to ensure the integrity of the network. Hence, the need for these policies by an institution is never overemphasized (Avolio & Fallin, 2007). Developing Security Policies Developing security policies means developing the following: Program policies. System-specific policies. Issue-specific policies. Program policies. It tackles overall Network security goals and it should be applied to all IT resources inside an institution. The institution’s management must instruct policy development to guarantee that the policies address the Network security requirements of all systems operating within the institution. System-specific policies. It addresses the Network security matters and requirements of a particular system. Corporate facilities may have several sets of system-specific policies that address security from the very common (access control) to the particular (system authorizations that reflect the isolation of duties among a team of employees). Issue-specific polices. They address Network security issues related to Internet access, installation of unofficial software or devices, and sending/receiving e-mail attachments. The guidelines for the development of security policies are: Obtain an assurance from higher management to enforce security policies. Maintain good working relationships among departments, such as facilities management, internal audit, human resource, analysis of policy and budget. Create an approval procedure to include legal and human resources specialists, regulatory specialists and procedure and policy experts. Allow maximum time for the review and respond to every comment whether you accept it or not. Documenting Security Policies Institution once developed its network security policy; next step is to document these policies. Each department is responsible to protect its networks, vital information systems, and sensitive information from illegal disclosure, destruction or modification. Network security policies and procedures must be documented to ensure that accountability, availability, integrity, and confidentiality of information are not breached. Implementing Security Policies Successful implementation of network security policies requires awareness at all levels of the organization. You can create awareness through widely circulated documentation, e-mail, newsletters, a web site, training programs, and other announcements about security issues. Reviewing and Evaluating Policies Institutions/organizations and their respective departments should review their security policies periodically to ensure they persist to fulfill the institutions security needs. Policy Review within the Institution A plan should be developed by the institution/organization to review and evaluate their Network security policies once they are in place. Table A. Documentation guidelines for security policy Guideline Description Describe policies Describe policies by documenting the subsequent information: Identify common areas of threat. Generally state how to address the threat. Supply a basis for verifying agreement through audits. Outline implementation and enforcement plans. Balance protection with productivity. Describe standards Define network security standards by documenting the following: Define least requirements designed to address certain threat. Define exact requirements that guarantee compliance with policies. Verify policy compliance through audits. Summarize implementation and enforcements plans. Balance security with productivity. Describe guidelines Describe network security guidelines by documenting: Classify best practices to ease compliance Provide complete background and required information. Describe Enforcement Describe how policies will be imposed by documenting the following information: Identify team who are authorized to identify investigate and review breaches of policy. Means to enforce policies are to be identified. Table B: Guidelines for implementing network security policies Guideline Description Awareness Apply user awareness using the following methods: Inform employees about the latest security policies. Publish policy documents on paper and electronically. Develop explanatory security documentation for users. Conduct user training sessions. Signature acknowledgement from users. Retain awareness Update user awareness of current and upcoming security issues using the following methods: Web site Posters Newsletters E-mail for comments, questions, and suggestions Designate responsibility for reviewing policies and procedures. Implement a reporting procedures in which departments report security incidents to nominated security personnel Implement regular periodic reviews to evaluate the following: Impact, number and nature of recorded security incidents. Impact and cost of controls and impacts on business efficiency, along third-party vendor agreement. Reviews the effects of changes to technology or organizations. Organizational Security Organization should consider these security measures particularly when granting access to someone outside into its network. Internal security infrastructure should also be developed by each department in an organization that develops, uses, or maintains information systems. Network security infrastructure protects an institution’s IT assets by defining assets and the necessary means to protect them, and delegating responsibility for assets. This infrastructure must consist of procedures that ensure the accountability, confidentiality, availability, and integrity of IT assets. Institution must able to distinguish the following for a feasible security infrastructure. Dealing Risks from Third-Party Access Any institution should analyze the risk in granting access to the third party to its IT resources. Proper risk assessment should be conducted in the organizations that allow multiple users/systems from outside. In other words to mitigate risk from outside, security awareness and access control should be implemented. Undertaking with Third-Party Entities Organization and its departments that allow third-party access to its information should address the security threats of that access and require the third-party to stick on to all established security policies. Some of the guidelines that should be processed when contracting with a third party are. (1) Control access (2) Protect asset (3) Manage service (4) Manage liabilities (5) Ensure compliance (6) Secure equipments (7) Manage personnel Identifying Security Requirement for Outsourcing Contract Outsourcing contracts should address all IT security threats identified for the exacting resources included in the agreements. Asset Classification and Control Assets should be classified in order to understand which are crucial or mission critical assets. Organization should. Classify assets Develop and maintain an asset record. Analyze and assess risk. Personnel Security Network managers should address the security issues with respect to personnel. The following areas must be considered to ensure a complete Personnel Security as regards Network Security. New Entries in IT When hiring someone, IT departments should enforce security procedures to reduce the risks of human error, misuse of resources, and fraud. The steps that should be enforced when screening employee are. Screening possible employee. Sketch employee responsibilities. Evaluate the duties of newly appoint. Assuring appropriate use of technology Organization should provide IT resources to authorized personnel to facilitate the efficient performance to their duties. Authorization enforces certain obligations and responsibilities on users and is subject to organization policies. Users at every level should be educated in the appropriate use of IT resources. The steps for ensuring proper use of technology are. Creating of appropriate user policies. Enforcement of policies. Training users Users should be trained to make them to be aware of potential threats and to understand their duties to report any security breach. The steps for training users are: Create information access. Apply acceptable use of software. Maintain accepted use of system. Reporting of security breach Personnel should be educated to report any violation in accordance with security policy. The steps for this are as follows: Report incidence. Manage violation. Collection and sharing network information. Develop user knowledge. Define user duties. Developing a disciplinary policy A disciplinary policy ensures fair treatment of users who breach security and may also prevent users from ignoring security procedures. Steps for the implementation of developing disciplinary policy are: Development of disciplinary policy for internals. Development of disciplinary policy for third parties. Operation Management Creating network controls. Dividing operational and developing facilities. Creating network controls Network controls guarantees the security of information and connected resources. To maintain security on computer networks a series of controls must be applied. The guidelines for creating network controls include: Divide operational duties for networks and system operations where required. Establish remote resource management Establish particular controls to protect data crossing public networks and connected systems. Apply network management tools and procedures to guarantee controls are systematically applied and services are optimized. Dividing Operation and Development Facilities Dividing of operation, development, and test systems reduces the risk of illegal alteration or access. To operate properly, each type of computing network requires a known and secure environment. Guidelines for dividing facilities are: Operate operational and development software on different areas, or in different directories. Separate production activities from development and testing activities Avoid using the same logon activities, passwords and display menus for both test and operational systems to reduce the risk of accidental logon and other errors. Describe and document the process for shifting software from development to operational status. Such transfers should involve management approval (Singapore IT Security Techno Portal, 2002). References Avolio, F. M., & Fallin, S. (2007). Producing Your Network Security Policy. Watch Guard. Retrieved from http://www.watchguard.com/docs/whitepaper/securitypolicy_wp.pdf Singapore IT Security Techno Portal. (2002). How to develop a Network Security Policy. Windowsecurity.com. Retrieved from http://www.windowsecurity.com/whitepapers/How_to_develop_a_Network_Security_Policy_.html Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Configuring Files, NTFS, and Backups Assignment”, n.d.)
Configuring Files, NTFS, and Backups Assignment. Retrieved from https://studentshare.org/information-technology/1604367-configuring-files-ntfs-and-backups
(Configuring Files, NTFS, and Backups Assignment)
Configuring Files, NTFS, and Backups Assignment. https://studentshare.org/information-technology/1604367-configuring-files-ntfs-and-backups.
“Configuring Files, NTFS, and Backups Assignment”, n.d. https://studentshare.org/information-technology/1604367-configuring-files-ntfs-and-backups.
  • Cited: 0 times

CHECK THESE SAMPLES OF Successful Implementation of Network Security Policies

Best Practices for Network Security is the Topic

In order to have an understanding of network security, this paper will discuss the best practices for network security.... In order to have an understanding of network security, this paper will discuss the best practices for network security.... Users need to know how and what to ensure network security (Convery, 2004).... Due to rapid technological advancements, network security is faced with new challenges frequently and this can significantly compromise the privacy and security of users....
11 Pages (2750 words) Essay

Networking Security and Administration

The paper "Networking Security and Administration" tells us about security policies and Server Systems.... Integrating the other company's existing network infrastructure into my organization's one requires several network and security issues.... hellip; Integrating the security infrastructure of two organizations involves several complex policy administration, engineering, implementation, and managerial tasks.... o prevent this bottleneck in security I plan to use VPN....
6 Pages (1500 words) Essay

Information Security Issues

A successful organization not only relies on finding innovative solutions or products but also on the effective implementation of those solutions.... hellip; As the technology enhanced it brought in some technological issues such as Information security Risk.... The security Risks involved with the various information systems need to be addressed in order to better the performance of the organization in the dynamic global market.... The management of Information security Risks and to implement various methodologies to mitigate the security risks is a growing challenge in the filed of Information technology....
11 Pages (2750 words) Essay

The Use of Policy-Based Network Management

Policy-based network management has come out as a novel paradigm for managing network, particularly for QoS and security.... The profit of policy-based management will cultivate as network systems turn out to be extra intricate and offer additional services like QoS and security service (Westerinen et al, 2001).... The paper "The Use of Policy-Based network Management" highlights that network management market has developed over time with the growth of software and hardware resolutions that has facilitated administrators to sustain and follow the status of enterprise networks....
9 Pages (2250 words) Research Paper

The Primary Objectives of Information Security

esigning an information security policy is the first and the foremost step towards the implementation of information security (Peltier, 2004).... This coursework "The Primary Objectives of Information security" focuses on the objectives of the protection of information from a wide variety of threats, such as, getting accessed by unauthorized persons, disclosed, sold or destroyed, without the consent of the owner of the information.... nbsp;… Information security is becoming one of the most important concerns in almost every profession and every field of life....
6 Pages (1500 words) Coursework

Global Finance Inc Security Policy

The desired security policy proposal is important to the organization in that it outlines the various steps and procedures that the GFI community and the management should follow to formulate policies that regulate how resources and technologies are used.... This case study "Global Finance Inc security Policy" gives a detailed composition of GFI security policy, its formulation and the implementation process.... The security policy contains a set of principles proposed and adopted by the organization as a guideline to determine the course of action....
10 Pages (2500 words) Case Study

Authenticating iOS Devices to Join the Active Directory Domain

nbsp;The technology offers invaluable tools with which we can establish network systems that deliver services to its users with unparalleled convenience and security.... Fortunately, technology offers invaluable tools with which we can establish network systems that deliver services to its users with unparalleled convenience and security.... Closely associated with this is the Lightweight Directory Access Protocol (LDAP) which will be employed to utilize its security and access features....
10 Pages (2500 words) Literature review

Transcorp Company System Security

The IT support team will see to the implemetation of the following measures or steps in the process of implementing personal security in the organization:Develop a security policy- The IT support team shall establish information security policies and practices with the aim of ensuring uninterrrupted security of the personal information in the company.... The team will also ensure that a security audit is conducted once a year, security policies are revied periodically, passwords are changed everytime an employee leaves the organization....
8 Pages (2000 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us