5.4.1 Security Policy
When creating Security Policy, the first order of business is determining who needs access. The principle of least privilege, in which each user is given the minimum access and network privileges needed to do their job, is the commonly accepted practice.
Management has concerns about data protection. Legal cares about keeping the company out of court. The technical folks have to implement the policies, and users fear policies will impact their ability to get work done. In addition to our coverage of the topic, some management-level information on the types of information you might want in your corporate security policy can be found in the Enterprise Directory and Security Implementation Guide429 by Carrington et al.
429. Carrington, Charles, Timothy Speed, Juanita Ellis and Steffano Korper, Enterprise Directory and Security Implementation Guide, Academic Press, August, 2002, http://www.nerdbooks.com/item.html?id=0121604527
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.