A security policy is a generic document that outlines rules for computer network access, determines how policies are enforced and lays out some of the basic architecture of the company security environment.
Generating Policies for Defense in Depth This paper documents our experience defining and coordinating the network communication policies for a DiD enabled system. Defense technologies from the network layer to the application layer were deployed to address potential threats from a sophisticated attacker. Each layer, to the greatest extent, repeated the logical network communication rules of layers below it.
Introduction to Security Policies, Part One: An Overview of Policies This is the first in a series of four articles devoted to discussing about how information security policies can be used as an active part of an organization's efforts to protect its valuable information assets. In a world that is essentially technology driven
Introduction to Security Policies, Part Three: Structuring Security Policies This is the third in a four-part overview of security policies. In the first article, we looked at what policies are and what they can achieve. In the second article, we looked at the organizational support required to implement security policies successfully. In this installment, we shall discuss how to develop and structure a security policy.
Experiences with Password Policies This article has been written based on my own experiences while performing penetration testing and security audits for large and small organizations domestic and abroad. This article is targeted at providing a better understanding of the weaknesses that often surrounds the choice and change of passwords on both administrative and technical levels, and gives ideas on how to reduce such risks.
Vulnerability Assessment Policy In order to increase the security posture of (COMPANY) and mitigate the threat of security related vulnerabilities (COMPANY) will conduct periodic Vulnerability Assessments. Vulnerability Assessments will assist in the discovery of security vulnerabilities, determine the threat of these vulnerabilities, and assist in decreasing the risk of these security vulnerabilities.
Actions
Category Stats