Structure and Contents of SECURITY POLICIES
Security Policy Structure
- Detailed description of the policy issue.
- Description about the status of the policy.
- Applicability of the policy to the environment.
- Functionalities of those affected by the policy.
- Compatibility level of the policy is necessary.
- End-consequences of non-compilance
Contents of Security Policy
- High-level security requirements:Requirement of a system to implement security policy
- Policy description:Focuses on security disciplines, safeguards, procedures, continuity of operation, and documentation
- Security concept of operation:
Defines the roles, responsibilities, and functions of security policy - Allocation of security enforcement to architecture elements:
Provides a computer system architecture allocation to each system of the program
Types of SECURITY POLICIES
Promiscuous Policy
- No restriction on internet or remote access
Permissive Policy
- Policy begins wide open and only known dangerous services/attacks blocked, which makes it difficult to keep up with current exploits
Prudent Policy
- It Provides maximum security while allowing known but necessary dangers
- It blocks all services and only safe/necessary services are enabled individually; everything is logged
Paranoid Policy
- It forbids everything no internet connection or severely limited internet usage
No comments:
Post a Comment