Network security planning is a very essential process for every big and small organization these days. With increasing dependence on network and internet for every operation from inventory to billing and sales, it is very important that you have proper policies in place to guard against network attacks which can practically become business continuity issues. If it seems too complex to you to start, here is a list of items that a thoroughly prepared policy will address. The main goals of network security are confidentiality, integrity and availability. The exact implementation of these policies will depend on your specific business goals.
Acceptable Use Policy – Inappropriate usage of company resources can expose your company to various kinds of risks, hence it is important to define a use policy which outlines the acceptable use of network resources of your company. It lists down what kind of activities are allowed in your network and which ones are not. It also specifies the consequences of violations of the set policies and guidelines and actions that can be taken in case of non-compliance.
E-mail and Communication related policies – These policies are designed to minimize risks that enter your network through emails and other sources of communication. The aim is to make users aware of what is deemed as acceptable and unacceptable use of its email system. These policies should detail the protection processes for the company’s communication system in its entirety, including its data and hardware.
Antivirus policy – This policy is designed to protect company resources against attacks from viruses, worms, trojan horses and other malware. This policy defines the anti-virus programs to be run on various network resources, how often scans are to be done, what is to be done to prevent or remove malware programs. It also lists what kind of files or data should be blocked from entering the network.
Identity Policy – The purpose of this policy is to protect the network from unauthorized users. It regulates how a new user can be added to the network and what kind of access rights can be assigned to each user. It can also list guidelines to proactively enforce access policies and detect violations, if any.
Password Policy – This policy is set to enhance security by the use of strong and difficult to decode passwords. A poorly set password may result in unauthorized exploitation of resources and data leakage. This policy should define a standard for generating strong passwords, how to protect the passwords, how often to change the passwords and how frequently old passwords can be reused.
Encryption Policy – This policy is expected to provide guidance about which encryption technology to use and how to use it effectively. It is meant to safeguard data not just during communication but also during storage.
Remote Access Policy – With the increase in the number of mobile workforce, this policy has become more important than ever. This policy defines how to use company’s network resources while being away. This covers policies related to setting up virtual private networks, encryption mechanisms for connecting to internal network remotely. It may also list the consequences of the misuse of this access.
Guest Access Policy – This policy outlines the access rights that a guest can have over company’s network resources. This is meant for businesses where customers, vendors or consultants often visit company offices.
Network security is a continuous effort. The implementation of these policies need frequent updates with changing times and increasing risks. The priority of the policies listed above may vary based on the nature of your business.
Need help creating your specific Security Policy Plan – Contact Us.