This sets a baseline of acceptable use. If the behaviour that violates the business policy is detected on the network, it is possible that a security breach has occurred. understanding Security Policy Regulations And Standards. In this article, I want to talk about security policy regulations and standards in cyber security.
A comprehensive security policy has a number of benefits, including the following:
- Demonstrates an organization’s commitment to security
- Sets the rules for expected behavior
- Ensures consistency in system operations, software and hardware acquisition and use, and maintenance
- Defines the legal consequences of violations
- Gives security staff the backing of management
Security policies are used to inform users, staff, and managers of an organization’s requirements for protecting technology and information assets. A security policy also specifies the mechanisms that are needed to meet security requirements and provides a baseline from which to acquire, configure, and audit computer systems and networks for compliance.
The table lists policies that may be included in a security policy.
|Identification and authentication policy||Specifies authorized persons that can have access to network resources and identity verification procedures.|
|Password policies||Ensures passwords meet minimum requirements and are changed regularly.|
|Acceptable Use Policy (AUP)||Identifies network applications and uses that are acceptable to the organization. It may also identify ramifications if this policy is violated.|
|Remote access policy||Identifies how remote users can access a network and what is accessible via remote connectivity.|
|Network maintenance policy||Specifies network device operating systems and end user application update procedures.|
|Incident handling procedures||Describes how security incidents are handled.|
A BYOD security policy should be developed to accomplish the following:
- Specify the goals of the BYOD program.
- Identify which employees can bring their own devices.
- Identify which devices will be supported.
- Identify the level of access employees are granted when using personal devices.
- Describe the rights to access and activities permitted to security personnel on the device.
- Identify which regulations must be adhered to when using employee devices.
- Identify safeguards to put in place if a device is compromised.
The table lists BYOD security best practices to help mitigate BYOD vulnerabilities.
|Password-protected access||Use unique passwords for each device and account.|
|Manually control wireless connectivity||Turn off Wi-Fi and Bluetooth connectivity when not in use. Connect only to trusted networks.|
|Keep updated||Always keep the device OS and other software updated. Updated software often contains security patches to mitigate against the latest threats or exploits.|
|Back up data||Enable backup of the device in case it is lost or stolen.|
|Enable “Find my Device”||Subscribe to a device locator service with a remote wipe feature.|
|Provide antivirus software||Provide antivirus software for approved BYOD devices.|
|Use Mobile Device Management (MDM) software||MDM software enables IT, teams, to implement security settings and software configurations on all devices that connect to company networks.|