Computer Security Fundamentals by Chuck Easttom Chapter 10 Security Policies * © 2016 Pearson, Inc. Chapter 10 Computer Security Policies * Chapter 10 ObjectivesRecognize the importance of security policiesUnderstand the various policies and the rationale for themKnow what elements go into good policiesCreate policies for network administrationEvaluate and improve existing policies © 2016 Pearson, Inc. Chapter 10 Computer Security Policies * Explain what cyber terrorism is and how it has been used in some actual cases. Understand the basics of information warfare. Have a working knowledge of some plausible cyber terrorism scenarios. Have an appreciation for the dangers posed by cyber terrorism. © 2016 Pearson, Inc. Chapter 10 Computer Security Policies * Introduction Technology by itself cannot solve all network security problems. © 2016 Pearson, Inc. Chapter 10 Computer Security Policies * Cyber terrorism, according to the definition of the FBI: Premeditated, politically motivated attack against information, computer systems, computer programs, and data that results in violence against noncombatant targets by subnational groups or clandestine agents. Typically, loss of life in a cyber attack would be less than in a bombing attack. © 2016 Pearson, Inc. Chapter 10 Computer Security Policies * Introduction (cont.)Virus software won't prevent a user from manually opening an attachment and releasing a virus.A technologically secured network is still vulnerable if former employees (perhaps some unhappy with the company) still have working passwords. Or if passwords are simply put on Post-it notes on computer monitors.A server is not secure if it is in a room that nearly everyone in the company has access to.Your network is not secure if end users are vulnerable to social engineering. © 2016 Pearson, Inc. Chapter 10 Computer Security Policies * All these could lead to significant deaths: train wrecks, hospital deaths, loss of air traffic control resulting in plane crashes, and so forth. © 2016 Pearson, Inc. Chapter 10 Computer Security Policies * What Is a Policy?A security policy is a document that defines how an organization deals with some aspect of security. There can be policies regarding end-user behavior, IT response to incidents, or policies for specific issues and incidents. © 2016 Pearson, Inc. Chapter 10 Computer Security Policies * All these could lead to significant deaths: train wrecks, hospital deaths, loss of air traffic control resulting in plane crashes, and so forth. © 2016 Pearson, Inc. Chapter 10 Computer Security Policies * Defining User PoliciesPasswordsInternet useE-mail attachmentsInstalling/uninstalling softwareInstant messagingDesktop configuration © 2016 Pearson, Inc. Chapter 10 Computer Security Policies * All these could lead to significant deaths: tr.