Policies and Procedures
Every company should have written policies to effectively enable security on their computer networks. The policies should have the approval of the highest-ranking security or IT officer within the company, and they should address all aspects of the company network. Procedures should also be in place to determine the appropriate course of action if there is a security breach. And all network administrators absolutely need to be thoroughly trained on all policies and procedures—no weak links.
All of this might sound a bit militaristic in nature, but it’s truly necessary. Speaking of the military, though, the U.S. Department of Defense (DoD) has some really good standards; it wouldn’t hurt to keep them in mind when you’re setting up the security policies for your own network.
 |
You can find the evaluation criteria for the DoD computer standards at https://csrc.nist.gov/csrc/media/publications/conference-paper/1998/10/08/proceedings-of... |
