Submit Search
Upload
Ethical Hacking Security Policies Module
•
1 like
•
1,369 views
AI-enhanced title
Vi Tính Hoàng Nam
Follow
Ce hv6 module 49 creating security policies
Read less
Read more
Technology
Report
Share
Report
Share
1 of 52
Download now
Download to read offline
Recommended
Ce Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering Techniques
Kislaychd
Ce hv6 module 45 privacy on the internet
Ce hv6 module 45 privacy on the internet
Vi Tính Hoàng Nam
Ce hv6 module 52 hacking rss and atom
Ce hv6 module 52 hacking rss and atom
Vi Tính Hoàng Nam
Ce hv6 module 48 corporate espionage by insiders
Ce hv6 module 48 corporate espionage by insiders
Vi Tính Hoàng Nam
Ce hv6 module 62 case studies
Ce hv6 module 62 case studies
Vi Tính Hoàng Nam
Ce hv6 module 55 preventing data loss
Ce hv6 module 55 preventing data loss
Vi Tính Hoàng Nam
Ce hv6 module 46 securing laptop computers
Ce hv6 module 46 securing laptop computers
Vi Tính Hoàng Nam
Ceh v5 module 08 denial of service
Ceh v5 module 08 denial of service
Vi Tính Hoàng Nam
Recommended
Ce Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering Techniques
Kislaychd
Ce hv6 module 45 privacy on the internet
Ce hv6 module 45 privacy on the internet
Vi Tính Hoàng Nam
Ce hv6 module 52 hacking rss and atom
Ce hv6 module 52 hacking rss and atom
Vi Tính Hoàng Nam
Ce hv6 module 48 corporate espionage by insiders
Ce hv6 module 48 corporate espionage by insiders
Vi Tính Hoàng Nam
Ce hv6 module 62 case studies
Ce hv6 module 62 case studies
Vi Tính Hoàng Nam
Ce hv6 module 55 preventing data loss
Ce hv6 module 55 preventing data loss
Vi Tính Hoàng Nam
Ce hv6 module 46 securing laptop computers
Ce hv6 module 46 securing laptop computers
Vi Tính Hoàng Nam
Ceh v5 module 08 denial of service
Ceh v5 module 08 denial of service
Vi Tính Hoàng Nam
Ceh v5 module 17 physical security
Ceh v5 module 17 physical security
Vi Tính Hoàng Nam
Ce hv6 module 61 threats and countermeasures
Ce hv6 module 61 threats and countermeasures
Vi Tính Hoàng Nam
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hacking
Vi Tính Hoàng Nam
Ceh v5 module 16 virus and worms
Ceh v5 module 16 virus and worms
Vi Tính Hoàng Nam
Ce hv6 module 58 credit card frauds
Ce hv6 module 58 credit card frauds
Vi Tính Hoàng Nam
File000119
File000119
Desmond Devendran
File000139
File000139
Desmond Devendran
Ce hv6 module 41 hacking usb devices
Ce hv6 module 41 hacking usb devices
Vi Tính Hoàng Nam
Ceh v5 module 00 student introduction
Ceh v5 module 00 student introduction
Vi Tính Hoàng Nam
Ceh v5 module 02 footprinting
Ceh v5 module 02 footprinting
Vi Tính Hoàng Nam
Chapter 2 Malware and Social Engineering Attacks
Chapter 2 Malware and Social Engineering Attacks
Dr. Ahmed Al Zaidy
File000171
File000171
Desmond Devendran
Chapter 5 Networking and Server Attacks
Chapter 5 Networking and Server Attacks
Dr. Ahmed Al Zaidy
Week 12
Week 12
Joey Pierce
Network security - Defense in Depth
Network security - Defense in Depth
Dilum Bandara
Outpost networksecurity
Outpost networksecurity
ehsangha
Ccna+sec+ch01+ +overview+security
Ccna+sec+ch01+ +overview+security
mysoria
File000170
File000170
Desmond Devendran
System monitoring and network intrusion using DDS and CEP
System monitoring and network intrusion using DDS and CEP
Gerardo Pardo-Castellote
File000175
File000175
Desmond Devendran
File000169
File000169
Desmond Devendran
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
McKonly & Asbury, LLP
More Related Content
What's hot
Ceh v5 module 17 physical security
Ceh v5 module 17 physical security
Vi Tính Hoàng Nam
Ce hv6 module 61 threats and countermeasures
Ce hv6 module 61 threats and countermeasures
Vi Tính Hoàng Nam
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hacking
Vi Tính Hoàng Nam
Ceh v5 module 16 virus and worms
Ceh v5 module 16 virus and worms
Vi Tính Hoàng Nam
Ce hv6 module 58 credit card frauds
Ce hv6 module 58 credit card frauds
Vi Tính Hoàng Nam
File000119
File000119
Desmond Devendran
File000139
File000139
Desmond Devendran
Ce hv6 module 41 hacking usb devices
Ce hv6 module 41 hacking usb devices
Vi Tính Hoàng Nam
Ceh v5 module 00 student introduction
Ceh v5 module 00 student introduction
Vi Tính Hoàng Nam
Ceh v5 module 02 footprinting
Ceh v5 module 02 footprinting
Vi Tính Hoàng Nam
Chapter 2 Malware and Social Engineering Attacks
Chapter 2 Malware and Social Engineering Attacks
Dr. Ahmed Al Zaidy
File000171
File000171
Desmond Devendran
Chapter 5 Networking and Server Attacks
Chapter 5 Networking and Server Attacks
Dr. Ahmed Al Zaidy
Week 12
Week 12
Joey Pierce
Network security - Defense in Depth
Network security - Defense in Depth
Dilum Bandara
Outpost networksecurity
Outpost networksecurity
ehsangha
Ccna+sec+ch01+ +overview+security
Ccna+sec+ch01+ +overview+security
mysoria
File000170
File000170
Desmond Devendran
System monitoring and network intrusion using DDS and CEP
System monitoring and network intrusion using DDS and CEP
Gerardo Pardo-Castellote
File000175
File000175
Desmond Devendran
What's hot
(20)
Ceh v5 module 17 physical security
Ceh v5 module 17 physical security
Ce hv6 module 61 threats and countermeasures
Ce hv6 module 61 threats and countermeasures
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 16 virus and worms
Ceh v5 module 16 virus and worms
Ce hv6 module 58 credit card frauds
Ce hv6 module 58 credit card frauds
File000119
File000119
File000139
File000139
Ce hv6 module 41 hacking usb devices
Ce hv6 module 41 hacking usb devices
Ceh v5 module 00 student introduction
Ceh v5 module 00 student introduction
Ceh v5 module 02 footprinting
Ceh v5 module 02 footprinting
Chapter 2 Malware and Social Engineering Attacks
Chapter 2 Malware and Social Engineering Attacks
File000171
File000171
Chapter 5 Networking and Server Attacks
Chapter 5 Networking and Server Attacks
Week 12
Week 12
Network security - Defense in Depth
Network security - Defense in Depth
Outpost networksecurity
Outpost networksecurity
Ccna+sec+ch01+ +overview+security
Ccna+sec+ch01+ +overview+security
File000170
File000170
System monitoring and network intrusion using DDS and CEP
System monitoring and network intrusion using DDS and CEP
File000175
File000175
Similar to Ethical Hacking Security Policies Module
File000169
File000169
Desmond Devendran
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
McKonly & Asbury, LLP
Info.ppt
Info.ppt
MuhammadJunaid838607
D1 security and risk management v1.62
D1 security and risk management v1.62
AlliedConSapCourses
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
kevlekalakala
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)
Kirti Ahirrao
What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?
IT Governance Ltd
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Tripwire
Meletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information security
Meletis Belsis MPhil/MRes/BSc
Information Security Blueprint
Information Security Blueprint
Zefren Edior
7 Habits of Highly Secure Organizations
7 Habits of Highly Secure Organizations
HelpSystems
Jason r mc kinney halfday
Jason r mc kinney halfday
Jason Mckinney-Halfday
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
elmuhammadmuhammad
12 security policies
12 security policies
Saqib Raza
Topic11
Topic11
Anne Starr
Implementing AppSec Policies with TeamMentor
Implementing AppSec Policies with TeamMentor
tmbainjr131
Network security, change control, outsourcing
Network security, change control, outsourcing
Nicholas Davis
Introduction to information security
Introduction to information security
Kumawat Dharmpal
01Introduction to Information Security.ppt
01Introduction to Information Security.ppt
it160320737038
How to Create Plan-of-Action to Secure Critical Information
How to Create Plan-of-Action to Secure Critical Information
Koenig Solutions Ltd.
Similar to Ethical Hacking Security Policies Module
(20)
File000169
File000169
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
Info.ppt
Info.ppt
D1 security and risk management v1.62
D1 security and risk management v1.62
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)
What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Meletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information security
Information Security Blueprint
Information Security Blueprint
7 Habits of Highly Secure Organizations
7 Habits of Highly Secure Organizations
Jason r mc kinney halfday
Jason r mc kinney halfday
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
12 security policies
12 security policies
Topic11
Topic11
Implementing AppSec Policies with TeamMentor
Implementing AppSec Policies with TeamMentor
Network security, change control, outsourcing
Network security, change control, outsourcing
Introduction to information security
Introduction to information security
01Introduction to Information Security.ppt
01Introduction to Information Security.ppt
How to Create Plan-of-Action to Secure Critical Information
How to Create Plan-of-Action to Secure Critical Information
More from Vi Tính Hoàng Nam
CATALOGUE QUESTEK (Tiếng Việt)
CATALOGUE QUESTEK (Tiếng Việt)
Vi Tính Hoàng Nam
CATALOG KBVISION (Tiếng Việt)
CATALOG KBVISION (Tiếng Việt)
Vi Tính Hoàng Nam
Catalogue 2015
Catalogue 2015
Vi Tính Hoàng Nam
Tl wr740 n-v4_user_guide_1910010682_vn
Tl wr740 n-v4_user_guide_1910010682_vn
Vi Tính Hoàng Nam
CATALOGUE CAMERA GIÁM SÁT
CATALOGUE CAMERA GIÁM SÁT
Vi Tính Hoàng Nam
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
Vi Tính Hoàng Nam
Các loại cáp mạng
Các loại cáp mạng
Vi Tính Hoàng Nam
Catalogue 10-2014-new
Catalogue 10-2014-new
Vi Tính Hoàng Nam
Qtx 6404
Qtx 6404
Vi Tính Hoàng Nam
Camera QTX-1210
Camera QTX-1210
Vi Tính Hoàng Nam
Brochua đầu ghi hình QTD-6100 Series
Brochua đầu ghi hình QTD-6100 Series
Vi Tính Hoàng Nam
NSRT: Dụng cụ tháo đầu báo
NSRT: Dụng cụ tháo đầu báo
Vi Tính Hoàng Nam
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
Vi Tính Hoàng Nam
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
Vi Tính Hoàng Nam
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
Vi Tính Hoàng Nam
HRA-1000: Hiển thị phụ cho TT HCP-1008E
HRA-1000: Hiển thị phụ cho TT HCP-1008E
Vi Tính Hoàng Nam
RPP-ABW: TT báo cháy 10-20 kênh
RPP-ABW: TT báo cháy 10-20 kênh
Vi Tính Hoàng Nam
RPP-ECW: TT báo cháy 3-5 kênh
RPP-ECW: TT báo cháy 3-5 kênh
Vi Tính Hoàng Nam
HCP-1008E: TT báo cháy 8-24 kênh
HCP-1008E: TT báo cháy 8-24 kênh
Vi Tính Hoàng Nam
HCV-2/4/8: TT báo cháy 2,4,8 kênh
HCV-2/4/8: TT báo cháy 2,4,8 kênh
Vi Tính Hoàng Nam
More from Vi Tính Hoàng Nam
(20)
CATALOGUE QUESTEK (Tiếng Việt)
CATALOGUE QUESTEK (Tiếng Việt)
CATALOG KBVISION (Tiếng Việt)
CATALOG KBVISION (Tiếng Việt)
Catalogue 2015
Catalogue 2015
Tl wr740 n-v4_user_guide_1910010682_vn
Tl wr740 n-v4_user_guide_1910010682_vn
CATALOGUE CAMERA GIÁM SÁT
CATALOGUE CAMERA GIÁM SÁT
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
Các loại cáp mạng
Các loại cáp mạng
Catalogue 10-2014-new
Catalogue 10-2014-new
Qtx 6404
Qtx 6404
Camera QTX-1210
Camera QTX-1210
Brochua đầu ghi hình QTD-6100 Series
Brochua đầu ghi hình QTD-6100 Series
NSRT: Dụng cụ tháo đầu báo
NSRT: Dụng cụ tháo đầu báo
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
HRA-1000: Hiển thị phụ cho TT HCP-1008E
HRA-1000: Hiển thị phụ cho TT HCP-1008E
RPP-ABW: TT báo cháy 10-20 kênh
RPP-ABW: TT báo cháy 10-20 kênh
RPP-ECW: TT báo cháy 3-5 kênh
RPP-ECW: TT báo cháy 3-5 kênh
HCP-1008E: TT báo cháy 8-24 kênh
HCP-1008E: TT báo cháy 8-24 kênh
HCV-2/4/8: TT báo cháy 2,4,8 kênh
HCV-2/4/8: TT báo cháy 2,4,8 kênh
Recently uploaded
Slack Application Development 101 Slides
Slack Application Development 101 Slides
praypatel2
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
Pooja Nehwal
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Sinan KOZAK
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
BookNet Canada
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Alan Dix
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
The transition to renewables in India.pdf
The transition to renewables in India.pdf
Competition Advisory Services (India) LLP
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
null - The Open Security Community
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
null - The Open Security Community
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Enjoy Anytime
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
Pixlogix Infotech
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
null - The Open Security Community
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
AndikSusilo4
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
LBM Solutions
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Allon Mureinik
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Michael W. Hawkins
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Hyundai Motor Group
Recently uploaded
(20)
Slack Application Development 101 Slides
Slack Application Development 101 Slides
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
The transition to renewables in India.pdf
The transition to renewables in India.pdf
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Ethical Hacking Security Policies Module
1.
Ethical Hacking C tCountermeasures Version
6 Mod le XLIXModule XLIX Creating Security Policies
2.
News EC-Council Copyright © byEC-CouncilAll
Rights Reserved. Reproduction is Strictly Prohibited Source: http://www.darkreading.com/
3.
Module Objective This module
will familiarizes you with: • Security Policies • Key Elements of Security Policy • Role of Security Policy • Classification of Security Policy • Configurations of Security Policy • Types of Security Policies E mail Security Policy• E-mail Security Policy • Software Security Policy • Points to Remember While Writing a Security Policy EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited
4.
Module Flow Classification of
Security Security Policies E-mail Security Policy Classification of Security Policy Key Elements of Security P li Configurations of Security P li Software Security Policy Policy Policy Role of Security Policy Types of Security Policies Points to Remember While Writing a Security Polic EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited Policy
5.
Security Policies Security policies
are the foundation of the security infrastructurey p y A security policy is a document or set of documents that describes the security controls that will be implemented in the company at a high levelp p y g Without them, you cannot protect your company from possible lawsuits, lost revenue, bad publicity, and basic security attacks Policies are not technology specific and do three things for a company: • Reduce or eliminate legal liability to employees and third parties • Protect confidential, proprietary information from theft, h d d l d f EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited misuse, unauthorized disclosure, or modification • Prevent waste of company computing resources
6.
Key Elements of
Security Policy Clear communication Brief and clear information Defined scope and applicability Enforceable by lawEnforceable by law Recognizes areas of responsibility Sufficient guidance Top management involvement EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited
7.
Defining the Purpose
and Goals of Security Policyof Security Policy Purpose of Security Policy • To maintain an outline for the management and administration of network security p y y • To reduce risks caused by: • Illegal use of the system resource • Loss of sensitive, confidential data, and potential property • Differentiate the user’s access rights Goals of Security Policy • Protection of organization’s computing resources • Elimination of strong legal liability from employees or third parties EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited • Ensuring customers’ integrity and preventing unauthorized modifications of the data
8.
Role of Security
Policy Suggests the safety measures to be followed in anSuggests the safety measures to be followed in an organization Provides set of protocols to the administrator on • How the users work together with their systems? • How those systems should be configured? H t t h th t i tt k d?• How to react when the system is attacked? • When susceptibilities are found? EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited
9.
Classification of Security
Policy User PolicyUser Policy • Defines what kind of user is using the network • Defines the limitations that are applied on users to secure the network • Password Management Policy • Protects the user account with a secure password IT Policy D i d f IT d t t t k th t k d t bl• Designed for IT department to keep the network secure and stable • Following are the three different IT policies: • Backup Policies • Server configuration, patch update, and modification policies Fi ll P li i EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited • Firewall Policies
10.
Classification of Security
Policy (cont’d)(cont d) General PoliciesGeneral Policies • Defines the responsibility for general business purposes • The following are different general policies: • High Level Program Policy B i C i i Pl• Business Continuity Plans • Crisis Management • Disaster Recovery P t P liPartner Policy • Policy that is defined among a group of partners EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited
11.
Classification of Security
Policy (cont’d)(cont d) Issue Specific Policies • Recognize specific areas of concern and describe the organization's status for top level management • Involve revision and up gradation of policies from time to time, as changes in technology and related activities take place frequentlygy p q y I St t t Components: • Issue Statement • Statement of the Organization's Position • Applicability • Roles and Responsibilities • Points of Contact• Points of Contact • Physical security • Personnel Security • Communications Security • Administrative Security EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited y • Risk Management • System Management
12.
Design of Security
Policy Guidelines should cover the following points as policy structure:structure: Detailed description of the policy issues Description about the status of the policy A li bili f h li h iApplicability of the policy to the environment Functionalities of those affected by the policy Compatibility level of the policy is necessary EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited End-consequences of non-compliance
13.
Contents of Security
Policy High level Security Requirements • This statement features the requirement of a system to implement security policies that include discipline security, safeguard security, procedural security, and assurance security • Focuses on security disciplines, safeguards, procedures, continuity of operations, and documentation Policy Description based on requirement operations, and documentation D fi h l ibili i d f i f i li Security concept of operation • Defines the roles, responsibilities, and functions of a security policy Allocation of security enforcement to architecture elements EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited • Provides a computer system architecture allocation to each system of the program
14.
Configurations of Security
Policy Provides a way to configure services that are installed and available depending on Role-Based Service Configuration • Provides a way to configure services that are installed and available depending on the server’s role and other features Network Security • Designed to configure inbound ports using Windows Firewall Registry Settings • Designed to configure protocols used to communicate with computers on the network Audit Policy • Designed to configure the auditing of the server based on auditing objectives Audit Policy Internet Information Service EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited • Designed to configure the security feature of Internet Information Services (IIS) Internet Information Service
15.
Implementing Security Policies Implementation
follows after building, revision, and updating ofImplementation follows after building, revision, and updating of the security policy Final version must be made available to all of the staff members in the organization For effective implementation, there must be rotation of the job so that data must not be handled by few people Proper security awareness program, cooperation, and coordination EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited p y p g , p , among employees is required
16.
Types of Security
Policies Promiscuous Policy Permissive Policy Prudent Policy Paranoid Policy Acceptable-Use Policy User-Account Policy Remote-Access Policy Information-Protection Policy Firewall-Management Policy Special-Access Policy Network-Connection Policy Business-Partner Policy O h I P li i EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited Other Important Policies
17.
Promiscuous Policy No Restrictions
on Internet/Remote d l k k d i i h No Restrictions on Internet/Remote Access • Good luck to your network administrator, you have our blessings... EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited
18.
Permissive Policy K d
i / k bl k dKnown dangerous services/attacks blocked Policy begins wide open Known holes plugged, known dangers stopped Impossible to keep up with current exploits; administrators always play catch-up EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited
19.
Prudent Policy Provides maximum
security while allowing known buty g necessary dangers All services are blocked nothing is allowedAll services are blocked, nothing is allowed Safe/necessary services are enabled individuallySafe/necessary services are enabled individually Nonessential services/procedures that cannot be made safe are not allowed Everything is logged EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited Everything is logged
20.
Paranoid Policy No Internet
Users find ways Everything is forbidden No Internet connection, or severely limited I t t Users find ways around overly severe t i tiInternet usage restrictions EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited
21.
Acceptable-Use Policy Should users
read and copy files that are not their own but are accessible to them? Should users modify files that they have write access to but are not their own? Should users make copies of system configuration files (for example, /etc/passwd and SAM) for their own personal use or to provide to other people? Should users be allowed to use .rhosts files? Which entries are acceptable? Should users be allowed to share accounts? EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited Should users have the ability to make copies of copyrighted software?
22.
User-Account Policy Who has
the authority to approve account requests?y pp q Who (employees, spouses, children, company visitors, for instance) are allowed to use the computing resources? May users have multiple accounts on a single system? May users share accounts? What are the users' rights and responsibilities? EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited When should an account be disabled and archived?
23.
Remote-Access Policy Who is
allowed to have remote access? What specific methods (such as cable modem/DSL or dial-up) does the company support?p y pp Are dial-out modems allowed on the internal network? Are there any extra requirements, such as mandatory anti-virus and security software, on the remote system? May other members of a household use the company network? EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited Do any restrictions exist on what data may be accessed remotely?
24.
Information-Protection Policy What are
the sensitivity levels of information?What are the sensitivity levels of information? Who may have access to sensitive information?Who may have access to sensitive information? How is sensitive information stored and transmitted?How is sensitive information stored and transmitted? What levels of sensitive information may be printed in publicW at eve s o se s t ve o at o ay be p ted pub c printers? How should sensitive information be deleted from storage media EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited How should sensitive information be deleted from storage media (paper shredding, scrubbing hard drives, and degaussing disks)?
25.
Firewall-Management Policy Who has
access to the firewall systems?Who has access to the firewall systems? Who should receive requests to make a change to the firewallq g configuration? Who may approve requests to make a change to the firewally pp q g configuration? Wh h fi ll fi i l d li ?Who may see the firewall configuration rules and access lists? EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited How often should the firewall configuration be reviewed?
26.
Special-Access Policy Who should
receive requests for special access?Who should receive requests for special access? Who may approve requests for special access?Who may approve requests for special access? What are the password rules for special access accounts?What are the password rules for special-access accounts? H ft d h d?How often are passwords changed? What are the reasons or situations that would lead to revocation of EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited What are the reasons or situations that would lead to revocation of special-access privileges?
27.
Network-Connection Policy Who may
install new resources on the network?Who may install new resources on the network? Who must approve the installation of new devices?Who must approve the installation of new devices? Who must be notified that new devices are being added to theg network? Wh h ld d t t k h ?Who should document network changes? Are there any security requirements for the new devices being EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited Are there any security requirements for the new devices being added to the network?
28.
Business-Partner Policy Is it
mandatory for a company required toy p y q have a written security policy? Should each company have a firewall or other perimeter security device? How will one communicate (virtual private networking [VPN] over the Internet, leased line, and so forth)?, ) How will access to the partner's resources be EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited requested?
29.
Other Important Policies A
wireless network policy, which helps to secure wireless networks, includes which devices are allowed to be connected, what security measures should be followed, and so forth A lab policy discusses how to protect the internal network from the insecurities of a test lab The best option is to keep the test lab on a completely separate Internet connection and without connecting it in any way to the internal corporate network EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited
30.
Policy Statements The policy
is really only as good as the policy statements that it contains. Policy statements must be written in a very clear and formal style Good examples of policy statements are: statements must be written in a very clear and formal style • All computers must have antivirus protection activated to provide real- time, continuous protection • All servers must be configured with the minimum of services to perform their designated functionstheir designated functions • All access to data will be based on a valid business need and subject to a formal approval process • All computer software must always be purchased by the IT department in accordance with the organization’s procurement policyaccordance with the organization s procurement policy • A copy of the backup and restoration media must be kept with the off-site backups • While using the Internet, no person is allowed to abuse, defame, stalk, harass or threaten any other person or violate local or international legal EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited harass, or threaten any other person or violate local or international legal rights
31.
Basic Document Set
of Information Security Policiesy EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited
32.
E-mail Security Policy An
e mail security policy is created to govern the proper usage ofAn e-mail security policy is created to govern the proper usage of corporate e-mail Things that should be in an email security policy: • Define prohibited use • If personal use is allowed, it needs to be defined • Employees should know if their emails are reviewed and/or archivedand/or archived • What types of email should be kept and how long • When to encrypt email • Consequences of violating email security policy EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited
33.
Best Practices for
Creating E-mail Security PoliciesSecurity Policies Employees should know the rights granted to them byEmployees should know the rights granted to them by organization in respect of privacy in personal e-mails transmitted across the organization’s system and network Employees should not open an e-mail or attached files without ensuring that the content appears to be genuine Conditional and sensitive information should not be transmitted by e-mail, unless it is secured by encryption or any other secure techniquesother secure techniques Employees should be familiar with general good e-mail policies such as, the need to save, store file e-mail with business EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited contents same as storage of letters, and other traditional e- mails
34.
User Identification and
Passwords PolicyPolicy Each user is allocated an individual user name and password Requests for new computer accounts and for termination of existing computer accounts must be formally authorized to the IT Help Desk/relevant IT resource by the relevant manager Staff must notify the IT Help Desk/relevant IT resource when moving to a new position or location within "Company Name“ Line management must notify staff about changes, that might EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited g y g , g affect security
35.
User Identification and
Passwords Policy (cont’d)Policy (cont d) All user accounts should have the following password settings: • Minimum password length of 8 characters • A combination of alpha, numeric, and punctuation should be usedshould be used • Users are forced to change their passwords every (insert number) days • Users cannot repeat passwords A t l k d ft (i t b ) i t• Accounts are locked after (insert number) incorrect login attempts EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited
36.
Software Security Policy Software
must not be copied removed or transferred to anySoftware must not be copied, removed, or transferred to any third party or non- organizational equipment Only software that has been authorized by the IT Department must be used on PCs and notebook computers connected to the "Company Name" IT network Downloading of any executable files (.exe) or software from the Internet must be prohibited without written authorization from the IT Department/relevant IT resourcefrom the IT Department/relevant IT resource Regular reviews of desktop software should be undertaken and the presence of unauthorized software should be EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited and the presence of unauthorized software should be investigated
37.
Software Licence Policy Copyright
stipulations governing vendor-supplied software must be observed at all times Software that is acquired on a trial basis must be used inSoftware that is acquired on a trial basis must be used in accordance with the vendor's copyright instructions All software developed within Company is the property of the Company and must not be copied or distributed without prior written authorization from the IT Department EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited
38.
Points to Remember
While Writing a Security PolicyWriting a Security Policy Designing the best possible Security Policy for the network Stakeholders of the organization must aid the security professional in steering policy developmentprofessional in steering policy development P li d l t t b d i d d d ti lPolicy development must be devised and processed entirely by the security professional and it should be expanded only with the stakeholders’ input EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited
39.
S l P
li iSample Policies EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited
40.
Remote Access Policy EC-Council Copyright
© byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited Source: http://www.watchguard.com/
41.
Wireless Security Policy EC-Council Copyright
© byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited
42.
Wireless Security Policy
(cont’d) EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited Source: http://www.watchguard.com/
43.
E-mail Security Policy EC-Council Copyright
© byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited Source: http://www.watchguard.com/
44.
E-mail and Internet
Usage PoliciesPolicies EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited
45.
Personal Computer Acceptable Use
PolicyUse Policy EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited Source: http://www.watchguard.com/
46.
Firewall Management policy EC-Council Copyright
© byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited Source: http://www.state.tn.us/
47.
Internet Acceptable Use
Policy EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited Source: http://www.ruskwig.com/
48.
User Identification and
Password PolicyPolicy EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited Source: http://www.enterprise-ireland.com/
49.
Software Licence Policy EC-Council Copyright
© byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited Source: http://www.enterprise-ireland.com/
50.
Summary Security Policy is
a set of objectives and rules of behavior for users and d i i t tadministrators Prudent Policy provides maximum security while allowing known but necessary dangersg Security Policy suggests the safety measures to be followed in an organization Security Policy Implementation follows after building, revision, and updating of the security policy A wireless network policy helps to secure wireless networks, including which devices are allowed to be connected, what security measures should be followed A il i li i d h f EC-Council Copyright © byEC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited An e-mail security policy is created to govern the proper usage of corporate e- mail
51.
EC-Council Copyright © byEC-CouncilAll
Rights Reserved. Reproduction is Strictly Prohibited
52.
EC-Council Copyright © byEC-CouncilAll
Rights Reserved. Reproduction is Strictly Prohibited
Download now