A network security policy is a generic document that outlines rules for computer network access, determines how policies are enforced and lays out some of the basic architecture of the company security/ network security environment. The document itself is usually several pages long and written by a committee. A security policy goes far beyond the simple idea of "keep the bad guys out". It's a very complex document, meant to govern data access, web-browsing habits, use of passwords and encryption, email attachments and more. It specifies these rules for individuals or groups of individuals throughout the company.
Security policy should keep the malicious users out and also exert control over potential risky users within your organization. The first step in creating a policy is to understand what information and services are available (and to which users), what the potential is for damage and whether any protection is already in place to prevent misuse.
In addition, the security policy should dictate a hierarchy of access permissions; that is, grant users access only to what is necessary for the completion of their work.
While writing the security document can be a major undertaking, a good start can be achieved by using a template. National Institute for Standards and Technology provides a security-policy guideline.
The policies could be expressed as a set of instructions that could be understood by special purpose network hardware dedicated for securing the network.
Famous quotes containing the words network, security and/or policy:
“How have I been able to live so long outside Nature without identifying myself with it? Everything lives, moves, everything corresponds; the magnetic rays, emanating either from myself or from others, cross the limitless chain of created things unimpeded; it is a transparent network that covers the world, and its slender threads communicate themselves by degrees to the planets and stars. Captive now upon earth, I commune with the chorus of the stars who share in my joys and sorrows.”
—Gérard De Nerval (1808–1855)
“Our security depends on the Allied Powers winning against aggressors. The Axis Powers intend to destroy democracy, it is anathema to them. We cannot provide that aid if the public are against it; therefore, it is our responsibility to persuade the public that aid to the victims of aggression is aid to American security. I expect the members of my administration to take every opportunity to speak to this issue wherever they are invited to address public forums in the weeks ahead.”
—Franklin D. Roosevelt (1882–1945)
“Will mankind never learn that policy is not morality,—that it never secures any moral right, but considers merely what is expedient? chooses the available candidate,—who is invariably the devil,—and what right have his constituents to be surprised, because the devil does not behave like an angel of light? What is wanted is men, not of policy, but of probity,—who recognize a higher law than the Constitution, or the decision of the majority.”
—Henry David Thoreau (1817–1862)