Chapter 7. Design and Implementation of the Corporate Security Policy

The design and implementation of a corporate security policy is site specific. After you have identified the critical assets and analyzed the risks, it is time to design the policy by defining the guidelines and procedures to be followed by corporate personnel.

To be effective, the procedures should be concise and to the point. Don't write a large cumbersome document few people will actually read. A short document of fewer than 10 pages should suffice as a start. Technical implementation details should not be included because they can change over time. If a corporate network infrastructure is already in place, you might have to modify the existing ad-hoc security procedures to ...

Get Designing Network Security Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.