User:Ngetunda 628/sandbox

Security Policy Implementation 1.1	Security Policy 1.1.1	Key Elements of security implementation 1.1.1.1	Security Accountability 1.1.1.2	Network service policies 1.1.1.3	System Policies 1.1.1.4	Physical security 1.1.1.5	Incident Handling and response 1.1.1.6	Behavior and acceptable use policies 1.1.1.7	Security Training 1.2	Implementation 1.2.1	Guidelines to proper Implementation 1.3	Intrusion detection 1.4	Access Control 1.4.1	Mandatory Access control 1.4.2	Discretionary Access Control 1.5	Physical Security 1.6	Reference A security Policy This is a document that covers the rules and practices that you want your staff to follow when working with e-mail, browsing the web, and accessing confidential data stored in your system. A security policy can help your organization reduce security breaches and data loss by helping employees follow through with safe and secure computing practices.8th Key Elements of Security Policy Implementation Security Accountability: Stipulate the security roles and responsibilities of general users, key staff, and management. Creating accountability in these three employee categories helps your organization understand and manage expectations and provides a foundation for enforcing all other ancillary policies and procedures. This section should also define various classes of data, such as internal, external, general, and confidential. Network service policy: Generate policies for secure remote access, IP address management and configuration, router and switch security procedures, and access list (ACL) stipulations. Indicate which key staffs need to review which change procedures before they are implemented. For example, your security team should review all proposed ACL changes before your network administrators implement the changes. Define your remote network access policies and your network intrusion detection systems in this section. System Policies: Define the host security configuration for all mission-critical operating systems and servers. Include which services should be running on which networks, account management policies, password management policies, messaging, database, anti-virus, host-based intrusion detection, and firewall policies. Physical Security: Define how buildings and card-key readers should be secured, where internal cameras should be installed, how visitors should be handled, and what inventory rules and regulations your shipping and receiving folks should follow. Though this might seem a bit afield of a discussion of IT security, remember that no organization is secure from attack unless it's physically secure too. Incident Handling and Response: Specify what procedures to follow in the event of a security breach or incident. Include policies such as how to evaluate a security incident, how the incident should be reported, how the problem should be eradicated, and what key personnel your organization should engage in the process. Behavior and acceptable use policy: Stipulate what type of behavior is expected of employees and your management team, and what forms and documents need to be read, reviewed, filled out, and followed. Employees should be required to read and sign the acceptable use policy so that management has the option to take disciplinary action in the event that the policy is violated Security Training: Define a security training plan for key staff who manages day-to-day security operations in order to sustain your security policy and keep your security staff current with the latest techniques.6th Implementation This is the process of moving an idea from concept to reality. In business, engineering and other fields, implementation refers to the building process rather than design process. Policy implementation is very difficult to achieve and most policies will either take a long time getting off the ground or not be implemented at all. 7th 1.	Create clear, meaningful policy statements. 2.	Identify the systems that contain relevant data that need to be connected to the controlling system. On Secure Perspective, add these machines to the system configuration list. 3.	Connect policy terms to digital assets. Be aware of the file system’s hierarchy and how this affects users’ access to files within directories. In Secure Perspective, map resources to data assets, actors to user profiles, and actions to system actions. 4.	Check current compliance. You may need to make adjustments on your system if it fails to comply with your policy. After applying patches or fixes, you might want to run a compliance check. 5.	Use problem prediction to determine whether your current processes could be affected by the application of your security policy. You may need to modify your policy if it interferes with essential system procedures. 6.	Use Secure Perspective to apply the policy. You can read the report for details and investigate any questionable failures. Undo the policy and make adjustments as necessary. 3rd Intrusion Detection The intrusion detection and prevention system (IDS) notifies you of attempts to hack into, disrupt, or deny service to the system. IDS also monitors for potential extrusions where your system might be used as the source of the attack. 4th Access Control Access control regulates the admission of users into trusted areas of the organization-both logical access to information system and physical access to the organization’s facilities. Access control is maintained by means of a collection of policies, programs to carry out those policies, and technology that enforce that policies.2nd Mandatory Access Control A mandatory access control (MACs) is as the name indicates, required and is structured and coordinated within a data classification scheme that rates each collection of information as well as each user. These ratings are often referred to as sensitivity or classification levels. When MACs are implemented, users and data owners have limited control over access to information resources. 2nd Discretionary Access control Discretionary Access control (DACs) are implemented at the discretionary or option of the data user. The ability to share Resources in a peer to peer configuration allow users to control and possible provide access to information or resources at their disposal. Users can allow general, unrestricted access, or they can allow specific individuals or a set of individuals to access these resources. 2nd Physical Securities Physical Security is protecting people, physical assets, and the workplace various threats, including fire, unauthorized access, and natural disasters. 2nd 1. The physical facility is usually the building, other structure, or vehicle housing the system and network components. Systems can be characterized, based upon their operating location, as static, mobile, or portable. Static systems are installed in structures at fixed locations. Mobile systems are installed in vehicles that perform the function of a structure, but not at a fixed location. Portable systems are not installed in fixed operating locations. They may be operated in wide variety of locations, including buildings or vehicles, or in the open. The physical characteristics of these structures and vehicles determine the level of such physical threats as fire, roof leaks, or unauthorized access. 2.The facility's general geographic operating location determines the characteristics of natural threats, which include earthquakes and flooding; man-made threats such as burglary, civil disorders, or interception of transmissions and emanations; and damaging nearby activities, including toxic chemical spills, explosions, fires, and electromagnetic interference from emitters, such as radars. 3. Supporting facilities are those services (both technical and human) that underpin the operation of the system. The system's operation usually depends on supporting facilities such as electric power, heating and air conditioning, and telecommunications. The failure or substandard performance of these facilities may interrupt operation of the system and may cause physical damage to system hardware or stored data. 5th

Reference 1) https://en.wikipedia.org/wiki/security_management

2) E.Whitman, M., & Mattord, H. J. (2014). Management of Information Security. Stamford: Cengage Learning. 3)http://pic.dhe.ibm.com/infocenter/iseries/v7r1m0/index.jsp?topic=%2Frzauf%2Frzaufimplement.htm. (Implementing policy). Retrieved May 31, 2014, from pic.dhe.ibm.com/infocenter/iseries/v7r1m0/index.jsp?topic=%2Frzauf%2Frzaufimplement.htm: http://pic.dhe.ibm.com/infocenter/iseries/v7r1m0/index.jsp?topic=%2Frzauf%2Frzaufimplement.htm 4) http://pic.dhe.ibm.com/inforcenter/iseries/v7r1m0/opic/rzaub/rzaubki... (n.d.). Intrusion Detection. Retrieved June 4, 2014, from pic.dhe.ibm.com/inforcenter/iseries/v7r1m0/opic/rzaub/rzaubki...: http://pic.dhe.ibm.com/inforcenter/iseries/v7r1m0/opic/rzaub/rzaubki... 5) National Institute of Standards and Technology. (n.d.). Physical and environmental Security. Retrieved June 4, 2014, from http://csrc.nist.gov/publications/nistpubs/800-12/800-12-html/chapter15.html: http://csrc.nist.gov/publications/nistpubs/800-12/800-12-html/chapter15.html 6) Taylor, L. (2001, February 16). Seven elements of highly effective security policies. Retrieved May 31, 2014, from www.zdnet.com: http://www.zdnet.com/news/seven-elements-of-highly-effective-security-policies/297286 7) www.boundless.com/political-science/domestic-policy/policy-making-process/policy. (n.d.). Policy Implementation. Retrieved May 31, 2014, from www.boundless.com/political-science/domestic-policy/policy-making-process/policy: http://www.boundless.com/political-science/domestic-policy/policy-making-process/policy 8) www.staysmartonline.gov.au. (n.d.). Implement Security Policies. Retrieved May 31, 2014, from www.staysmartonline.gov.au/business/implement_security_policies: http://www.staysmartonline.gov.au/business/implement_security_policies