2. Security Policy
• In business, a security policy is a document that
states in writing how a company plans to protect
the company's physical and information
technology (IT) assets.
• A security policy is often considered to be a "living
document", meaning that the document is never
finished, but is continuously updated as technology
and employee requirements change.
Copyrights By Tanveer Malik
3. Security Policy
• A company's security policy may include an
acceptable use policy.
• A description of how the company plans to
educate its employees about protecting the
company's assets.
• An explanation of how security measurements
will be carried out and enforced.
Copyrights By Tanveer Malik
4. Security Policy
• A procedure for evaluating the effectiveness of
the security policy to ensure that necessary
corrections will be made.
• A Security policy is a definition of what it means
to be secure for a system, organization or other
entity.
• If it is important to be secure, then it is important
to be sure all of the security policy is enforced by
mechanisms that are strong enough.
Copyrights By Tanveer Malik
5. Security Policy
• Access Control (AC) is the selective restriction
of access to a place or other resource. The act
of accessing may mean consuming, entering,
or using. Permission to access a resource is
called authorization.
• A computer security policy defines the goals
and elements of an organization's computer
systems
Copyrights By Tanveer Malik
6. Security Policy
• The definition can be highly formal or
informal.
• Security policies are enforced by organization-
al policies or security mechanisms.
• A technical implementation defines whether
a computer system is secure or insecure.
Copyrights By Tanveer Malik
7. Security Policy
• A user account policy is a document which
outlines the requirements for requesting and
maintaining an account on computer systems
or networks.
• It is very important for large sites where users
typically have accounts on many systems.
• Some sites have users read and sign an
account policy as part of the account request
process.
Copyrights By Tanveer Malik
8. Security Policy
• A Network Security policy is a generic
document that outlines rules for computer
network access, determines how policies are
enforced and lays out some of the basic
architecture of the company security/ network
security environment.
• The document itself is usually several pages
long and written by a committee.
Copyrights By Tanveer Malik
10. Policy Content
• Should state who has the authority to approve
account requests.
• Should state who is allowed to use the
resources (e.g., employees or students only)
• Should state any citizenship/resident
requirements.
• Should state if users are allowed to share
accounts or if users are allowed to have
multiple accounts on a single host.
Copyrights By Tanveer Malik
11. Policy Content
• Should state the users’ rights and
responsibilities.
• Should state when the account should be
disabled and archived.
• Should state how long the account can remain
inactive before it is disabled.
• Should state password construction and aging
rules.
Copyrights By Tanveer Malik
12. Security Policy
• For locating SP on windows other then
Windows 7.
• Open Local Security Policy:
click Start, type, secpol.msc.
Checkout All Security Policies
Copyrights By Tanveer Malik