While reading a book today (It was Network Security Architectures) I came across these ten questions and found them really helpful and worth sharing.
Whenever we talk about IT security or designing security policies, we look toward the professionals certified in this domain but these are few questions which can really help anybody in rethinking about the security policies -
So, here we go -
- What method of security policy enforcement would be most effective at ensuring that employees have the latest version of virus-scanning software?
- What would be the best way to represent a policy for WLAN access in your organization? Should it be done through a policy, standard, or guideline?
- If you don't have the resources to track busy mailing lists such as BugTraq, is there an easier way to keep track of the high-profile attacks and vulnerabilities of which you should be aware?
- What are some ways to keep track of security best practices as they evolve?
- Outline your organization's primary business needs. Are there any unique aspects of your organization that would require a different approach to security?
- Put yourself in the shoes of a resourceful attacker. What damage could such a person with lots of free time and patience do to your organization's network? Would it matter where the attacker was located on the network?
- Based on your answers to questions 5 and 6, what is your organization's greatest weakness in terms of network security? Is there something that should be changed right away?
- Find and read your company's security policies (assuming they exist). Do they directly aid you in designing your security system? What policies are missing? When is the last time policies were updated? If you were in charge of rewriting the policies, would you make significant changes or only minor tweaks?
- Is there an area in your own network where the user community is somehow avoiding the security decisions that have been made?
- Role-play the scenario of your website being defaced. How would your organization respond to the incident? How would you resolve the desire to catch the attacker with your desire to get the website back up and running?
Looking for more on Security, Read these posts -
Key security policies for the Internet Routers - Read This
Cisco - Secure Architecture for Enterprise (SAFE) - Simplified - Read This
Secure Architecture for Enterprise (SAFE) - For Sales & Pre-Sales - Read This
Found it useful, Consider sharing it with your friends -