Chapter 5 - 03 - Learn to Design and Develop Security Policies PDF
Document Details
Uploaded by barrejamesteacher
null
Tags
Summary
This document discusses the key elements and contents of a security policy. It details communication, scope, enforceability, responsibilities, and sufficient guidance needed for effective policy design.
Full Transcript
Certified Cybersecurity Technician Network Security Controls — Administrative Controls Exam 212-82 Key Elements of Security Policy Brief and Clear Information ey Sufficient Guidance e ——fe— a et & Enforceable by Law @ Clear Communication Defined Scope and Applicability i 8 Recognizes Areas of Respon...
Certified Cybersecurity Technician Network Security Controls — Administrative Controls Exam 212-82 Key Elements of Security Policy Brief and Clear Information ey Sufficient Guidance e ——fe— a et & Enforceable by Law @ Clear Communication Defined Scope and Applicability i 8 Recognizes Areas of Responsibility Key Elements of Security Policy = Clear Communication: Communication must be clear when designing a security policy. A communication gap leads to undesirable results. At the same time, some policies may be infeasible for users or a network. Keep communication channels clear. = Brief and Clear Information: Any information provided to developers regarding the creation of the network policy must be clear and understandable. Failure to do so would hamper network security expectations. = Defined Scope and Applicability: The scope identifies the items that must be covered, hidden, protected, or public, and how to secure them. The network policy addresses a wide range of issues from physical to personal security. » Enforceable by Law: The security policy must be enforceable by law. Penalties should be imposed in the event of a policy breach. Penalties for a violation must be addressed when the policy is created. = Recognizes Areas of Responsibility: The network policy responsibilities of employees, the organization, and third parties. = Sufficient Guidance: A good network policy must have proper references to other policies; this helps guide and redefine the scope and the objectives of the policy. Module 05 Page 558 must recognize the Certified Cybersecurity Technician Copyright © by EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Administrative Controls Exam 212-82 Contents of a Security Policy WJ Security conceptof operation
