©dr. respickius casmir network security best practices – session 2 by dr. respickius casmir

©Dr. Respickius Casmir

Network Security Best Practices – Session 2

By

Dr. Respickius Casmir


Outline

Introduction to IT Security Best Practices The Security Team Security Policy Enforceability Minimum Security Requirements


Introduction to Security Best Practices

Best practices in network security are more about the what and why of securing the organization's information assets than about the how.

The IT Security Policy is a formal definition of an organization's stance on security, meaning what is allowed and what is not allowed.


Introduction to Security Best Practices (2)

Policy statements, in particular "Acceptable Use" statements, define users' roles and responsibilities and can be stated as general high-level statements that cover all network systems and data within the organization. The statements should include acceptable use of systems and data for ALL categories of USERS including the system administrator.



The intent of this policy is to clearly define the purpose, providing guidelines and responsibilities. The policy should also identify specific actions that could be taken in response to a violation of security policy, including disciplinary action. Put it in print and post it on the walls.



Security awareness training is a MUST to make the policy enforceable.

All employees must be aware of the security policy and if possible every employee sign on a copy of the acceptable-use statement.


The Security Team

The security team needs to be a cross-functional team with participants from every operational area. The team is responsible for policy awareness and enforcement as well as being informed on the technical aspects of the security architecture. The team is also responsible for responding to security breaches and reporting to senior management. .


The Security Team (2)

The security team should also be responsible for approving security changes, or alternatively, a security team member should sit on the change management team. Monitoring the security of the network, creating an incident response process that includes being part of the restoration team when a loss occurs – they are all responsibilities of the security team.


Security Policy Enforceability

In order for a policy to be enforceable, it needs to be

Consistent with other corporate policies Accepted by the network support staff as well

as the appropriate levels of management Enforceable using existing network

equipment and procedures Compliant with local and national laws.


Minimum Security Requirements

1. Software patch updates 2. Anti-virus software 3. Host-based firewall software 4. Passwords 5. No unencrypted authentication 6. No unauthenticated email relays 7. No unauthenticated proxy services 8. Physical security 9. Unnecessary services


Conclusion

Remember that it is impossible to completely secure distributed systems. The goal is to create security awareness and implement security mechanisms, minimize risk and maximize the use of technology.


Thank You!

Dr. Respickius Casmir

[email protected]

©dr. respickius casmir network security best practices – session 2 by dr. respickius casmir

Documents