So what is a security policy? To put it simply, it is actually a formal set of rules which individuals of an organization must comply as long as they have access to the organization's information assets and properties. For example, individuals must not use the organization's information assets in an unethical manner. The security policy also involves four major factors: secure,monitor,test and improve.
Secure
So how does the factor secure contribute to the security policy? Well, by securing the network, we are actually implementing security on the network to prevent or stop unethical activities from taking place to protect the organization's information assets. Such technologies can include encryption of data to protect it and implementing a firewall to monitor the data traffic.
Monitor
Monitor involve detecting violations of the security policy. This can be done through actions such as system auditing. That way, we can ensure that the network is at least protected from harm.
Test
"I told you to pen-test the system, not the pen!"
Alright, enough with the jokes. So how do you know if your network is protected from networking threats? You test it! This can be done through methods such as penetration testing the organization's network to dig up security loopholes in the network. Auditing also helps to check that every part of the network is in place and safe.Improve
And finally, improve. After we test our network system, we use the information obtained from the results of testing to make room for more improvements so that more security issues can be addressed.Looks like its the end of another post again. Once again, have a nice day and thank you for reading
Nice interesting blog you've got, Eden! Great mixture of humor and useful information into this post!
ReplyDeleteYou can also include authentication and vulnerability patching to secure your networking.
In addition , you can adjust the security policy as security vulnerabilities and risks are identified.
I believe that what you've posted is about network security policy. However, there are other security policies such as computer security policy and information protection policy.
Computer security policy basically defines the goals and elements of an organization's computer systems.
Information protection policy basically means a document which provides guidelines to users on the processing, storage and transmission of sensitive information.
I like the picture thing you got going on here. It's better to have more pictures to illustrate your point instead of long posts of plain text.
ReplyDeleteHowever, it did not explained policies enough in general. You can expand more about the other types of policies that are implemented in companies and organizations and I'm sure even with that much content, you could make the post interesting by your humorous images. :)
God use of pictures and humor to keep your reader's attention instead of just a boring post. However, there were some parts that were not clearly explained as it was generalized. Maybe you could explain more about policies such as the computer security policy and the information protection policy. Overall, good effort.
ReplyDeleteOh my God Eden. Of all people, i never would have thought you'd have a great sense of humour.
ReplyDeleteI really liked it that you didnt just copy and paste information from the internet or just paraphrased it.With the way you explained it, i finally manage to understand the topics better and for your post on common network attacks, i liked it that you used yoru own scenarios and nothing really IT related! It really helps commoners who no knowledge of IT at all to understand about IT better. I can't wait to read your next post! Have a great day! :)