Académique Documents
Professionnel Documents
Culture Documents
POLICY,PRCEDURES AND
PRACTICES
Prepared by : Vjetha
Bhat
vijetha v bhat
03/10/17 canara_college_mangaluru 1
security policy
A security policy is a formal statement of the
rules by which people with access to an
organization's technology and information
assets must abide, to ensure the security of
these assets.
It provides a framework for making specific
decisions such as which defense mechanisms
to use and how to configure services.
Basis for developing secure programming
guidelines and procedures, for users and
system administrators to follow.
vijetha v bhat
03/10/17 canara_college_mangaluru 2
A security policy generally covers the following
aspects:
High-level description of the technical
environment-of the site, the legal environment, the
authority of the policy, and the basic philosophy to
be used when interpreting the policy.
Risk analysis to identify the site's .
Guidelines for system administrators on how to
manage the systems.
vijetha v bhat
03/10/17 canara_college_mangaluru 3
Definition of acceptable use for users .
Guidelines for reacting to a site compromise .
A successful security policy involves many
contributing factors like management commitment,
technological support for enforcing the policy,
effective dissemination of the policy, and the security
awareness of all users.
vijetha v bhat
03/10/17 canara_college_mangaluru 4
Management assigns responsibility for security and ensures
of data.
vijetha v bhat
03/10/17 canara_college_mangaluru 5
Security Related Procedures
Procedures are specific steps to be followed,
regularly.
vijetha v bhat
03/10/17 canara_college_mangaluru 8
SITE SECURITY
A site is any organization that has network-related resources
like host computers that users use routers, terminal servers,
PCs, or other devices that are connected to internet.
vijetha v bhat
03/10/17 canara_college_mangaluru 9
Separation of Services
A site may wish to provide many services to its
users, some of which may be external.
The services may have different levels of access
needs and models of trust.
Services which are essential to the security or
smooth operation of a site would be better off being
placed on a dedicated machine with very limited
access, rather than on a machine that is used for
providing greater accessibility and other services
that may be prone to security lapses.
vijetha v bhat
03/10/17 canara_college_mangaluru 10
There are two conflicting, underlying philosophies that
can be adopted when defining a security plan.
site policy.
vijetha v bhat
03/10/17 canara_college_mangaluru 12
THANK YOU
vijetha v bhat
03/10/17 canara_college_mangaluru 13