security needs to be defined preferably using a Security Policy. The
security policy document is a comprehensive document covering areas of
security preparation, prevention, and response.
preparation include creating of usage policy statements, risk analysis,
and security team formation. The risk analysis should identify the risks
to your network resources including physical devices, and data. The
classification of risks is done ( e.g. low risk components, high
risk components etc.) and appropriate security measures taken. Next step
in security policy preparation is establishing the access levels such as
super admin, admin, backup operator, user etc. By assigning appropriate
resource access levels restricts access to critical resources only to
authorized personnel. Firewalls, proxy servers, gateways, and email
servers need to be given highest levels of security.
The security policy team is responsible for
implementation of security provisions. The security provisions typically
include the following:
proxy servers, or gateway configuration
Control Lists (ACLs) formation and implementation
configuration and monitoring
hot fixes to software of various devices, operating systems, and
and restore procedures
Should any security breach occurs, a response should be
implemented by the security team. A security response consists of
identifying the security violation, implementation of remedial action,
review, and documentation. Typical steps include the following:
the violation and prevent further spread
evidence of the violation before initiating a corrective action.
Otherwise, the evidence may be lost, and you would not be able to
identify the origin of the violation.
local police or government agencies and report if necessary
the system for remedial action, and document.
Once the security violation is investigated and documented, restore the
system according to the accepted restoration procedure.