Most people in the security field agree that good security policies are necessary to keep intruders out and keep the users along with the information on their network safe. The best way to do this is to have some kind of written security policy. This policy should be made available for anyone to see and read so they have a better understanding on what their part is when it comes to information security. To think that security professionals can handle this task alone would be foolish, it is up to everyone to have good security practices and follow then at all times.
To fully protect any network there are some key areas that should be looked at keenly to see if security procedures are being followed or if a security person will need to take a closer look at:
1. Security Accountability – often times too many there is always confusion about who is going to be responsible for what.
When it comes to matters of security there should be a clear outline on who is responsible for what area. This will ensure that people know who to go to when there is a security related incident and can also help to make sure that area of responsibility is taken care of and not being neglected. R. .ine what is considered acceptable use and non-acceptable use. After reading this document every user should be required to sign and acknowledge they understand what the document has outlined for them.
5. Training – Because we as people tend to forget things there should be training provided to each employee. The training should be conducted when a person first joins the organizations along with refresher courses offered every quarter.
Finally security policies should form the foundation of your organization while providing a detailed outline on what should be expected to secure your network. Policies must be effective enough to secure your network but not so restrictive that it will impede your users from doing anything. Having an effective security policy in place will help to reduce any kind of attacks that may be encountered on an unprotected network.