As of the start of this blog, I am in my second course for my Masters of Science in Cybersecurity. This is an archived posting from the first course.
Topic – LAN Security Policy Function
Select one and only one security policy function related to LANs and provide more detail.
From March 30, 2012.
Drawing from Vacca's list of criticals functions of a good security policy, I will discuss the value and details of appointing "a security administrator who is conversant with users' demands and on a continual basis is prepared to accommodate the user community's needs" (2009, pg 152).
An easy to overlook, but vitally important phrase in there is a security administrator. The idea of a single point of failure may seem repulsive, and having a backup contingency in place is a good idea, but having a single point of security configuration minimizes the chances of multiple changes invalidating the security from each other. Having just one administrator guarantees that the entire security administrative team is always kept up to date on changes and incidents of note.
Familiarity with users' demands is absolutely vital for the administrator because a failure to address, not necessarily comply but at least address, users' demands will result in the user attempting to enact what they feel is needed themselves. If users do not have it explained to them why their demands cannot be met, then the actions they take will cause security or stability issues. For instance, when users demand to have access to streaming media even though policy denies it, if the administrator doesn't address that demand and explain that streaming media is banned due to stability concerns related to the enormous amount of bandwidth it uses, then the users avoid the block on Youtube with a proxy and strain the availability of the network due to bandwidth consumption.
The security administrator needs to be constantly prepared to accommodate the user community's needs, because those needs could be indicative of a network incident. If users begin reporting issues to the help desk, "with a complaint about his or her computer, the network, or an Internet connection, the user’s problem may turn out to be related to a bigger problem, such as a hacker, denial-of-service attack, or a virus" (Whitman & Mattord, 2010).
Whitman, M. E., Mattord, H. J. (2010). Management of Information Security. Retrieved from www.sis.pitt.edu/~jjoshi/IS2820/Spring06/chapter05.doc
Vacca, J. R. (2009). Computer and Information Security Handbook. Burlington, MA: Morgan Kaufmann.
No comments:
Post a Comment