To most organizations, the security policy is a document that outlines how information and systems should be protected, but the policy is rarely enforced or even enforceable. The security policy as a document is valuable for several reasons including regulatory and audit requirements. However, ignorance of the policy guidelines (or even ignorance of the policy’s existence) puts organizations at risk. The security policy is a high-level document made up of other policies and procedures that protect specific information and systems.
This chapter covers the following topics:
Need for a security policy
Components of a security policy
Policy application in Cisco Security Agent (CSA)
Policies included for basic operating system functions ...