Lecture 4-1

As it needs to be revised and updated, regularly or on-demand.

It sets high-level expectation to guide decisions and achieve outcomes. It is for all participants so it cannot be too technical. It must be enforced by a proper authority.

A security policy is a set of rules and criteria that outline how to protect information and ensure secure system behavior. It defines the objectives and constraints for a security program.

Security policies should include industry standards, procedures and guidelines, these are necessary to avoid information risk in daily operations, and a well-defined scope that states whether the policy applies to a certain group of people or everyone reading it including contractors.

The standard document must provide enough technical details to give an accurate and detailed explanation of requirements to the relevant personnel such as security engineers or security management officers.

Guidelines must be aligned with the policy and standard documents. Guidelines are usually written to give more specific details with practical examples such as best practices.

Policies: Think of "Policies" as the "What" and "Why" — What needs to be done and why it's important. Procedures: Think of "Procedures" as the "How" — How to accomplish the policy. Standards: Think of "Standards" as the "Musts" — Specific rules that must be followed. Guidelines: Think of "Guidelines" as the "Suggestions" — Advice that can help but isn't mandatory.

The training will be conducted in line with the company's and let them know the consequences of not following them, give them real world examples of the dangers of security breach, give them well written text and rich visual elements as training materials and let them go through practices. For example, the user can interact with the computer to identify spear phishing or a fake social media campaign.

Group Policy is a feature that centrally controls the working environment of user accounts and computer accounts. It was created to overcome the problem with the Windows registry Registry is similar to a login script that stores program and system settings. A change in registry is permanent. If the user has a new job title, a different registry is needed. Group policy makes this change easy: Group policy is able to reverse any previous configuration made for that user.

When a policy enforcement is based on a network architecture, what servers an organization has, how the information flows, where the information is stored, who has and who should have data access should be considered.

Domain: A collection of Objects within Active Directory network. OUs (Organizational Units): A subdomain which is a container for Objects. Using OUs, an administrator can create hierarchy that reflects the structure of the organization. Group Policy Object (GPO): A collection of settings that define what a system will look like and how it will behave for a defined group of users.

1. Limit Control Panel Access:

   • Prevents non-admin users from changing system settings.

2. Disable LAN Manager Hash Storage:

   • Prevents pass-the-hash attacks by not storing vulnerable hash types.

3. Restrict Command Prompt Access:

   • Prevents users from running high-level commands that could bypass security measures.

4. Disable Forced System Restarts:

   • Protects against losing important settings and unsaved work.

5. Block Removable Media Drives:

   • Prevents the use of DVDs and CDs, which are prone to malware and viruses.

6. Restrict Software Installations:

   • Prevents the installation of potentially harmful applications.

7. Disable Guest Account:

   • Stops attackers from using the guest account to access the computer.

8. Increase Minimum Password Length:

   • Admin passwords: at least 15 characters.
   • Regular user passwords: at least 12 characters.

9. Reduce Maximum Password Age:

   • Require password changes every 42 days.

10. Disable Anonymous SID Enumeration:

• Prevents users from identifying important system users and groups through SID queries.