A Professional Internet Security Provider

Timely Security Issues HIPAA Compliance Small Business IT Safety Solutions SNMP and DHCP Web Worms Honeypots SOAP/XML Interfaces Service Offerings Custom VPN Work Security Certification Policy Facilitation Intrusion Detection Systems Integration Other Services Products and Partners Security Toolkit Spam Control Custom Software Partners Resource Library Internet Security Corporation About Us

Network Security Policy Why a Security Policy? Do I Need One? A Network Security Policy is part of a more general Security Policy that consists of practices, processes, and conventions to ensure that a network or a portion of a network is secure from improper entry. If you're not worried about security, you probably don't need to formalize it, but you will end up with a default policy, regardless. Different levels of security are optimal for different purposes, for example, home security is cheaper and allows much more convenience than nuclear missile silo security. This policy is generally negotiated between your stakeholders, who may have differing priorities for and needs from their shared network resources. For example: suppose it has been prior broadband division policy to allow all broadband customers complete freedom of Internet services, including hosting their own web sites. However we are now faced with code red and Nimda network traffic, and now we need to get all of the stakeholders to recognize each others' needs and agree to recognize the need to regulate users' network requests. What will the new policy be? We can facilitate in a correct and helpful manner to arrive at a feasible solution. How can ISC Help? Internet Security Corporation can provide an experienced facilitator to arbitrate between differing priorities and needs, and make technical and security clarifications for your stakeholders. This makes it easier to attain both consensus, and technical feasibility and specificity. Our consultants are experienced with both business consulting and systems integration process. What are the deliverables? You get a report that outlines the stakeholders in your organization, what their needs and interests are, and what the issues are that drive the policy. The policy document itself may contain any of the following, depending on your needs: network definition, network services policy, intrusion detection methods and policies, perimeter security specification, machine addition and replacement procedures, Authentication, password, and resource access policies, software update procedures and precautions, standard backup and recovery procedures, file encryption conventions, web site content and data security conventions, virus and intrusion recovery procedures security policy update and enforcement process detailed systems administration process documentation The security policy decision can take place instantaneously, or can take years to fine-tune for a large organization with a complex network and many disparate and changing services. The policy can be very simple if simple very high or low security solutions are desired, or can require extensive description if many services are desired, but retaining high security. We typically impose a minimal fixed-bid charge to prepare a detailed proposal tailored to your company, or we can charge an hourly rate for less structured consulting.

---

webmaster@internet-security-corp.com

Last modified: Thu Jun 27 18:54:24 PDT 2002