Chapter Summary

This chapter discussed what many view as simply paperwork when, in reality, a security policy reflects your company’s commitment to security. It included key concepts in writing a security policy, such as determining who and what to trust and who to involve in the writing and crafting of a security policy.

This chapter also presented a variety of sample security policies. These security policies reflect the current trends and major areas upon which companies can improve.

Specifically, these areas include what is considered acceptable use of corporate IT resources, how to ensure that you have effective passwords, when and how to use VPNs, and what restrictions to use when connecting your corporate network to a business partner’s network.

Chapter 3, “Processes and Procedures,” discusses the use of technologies that have evolved to support and enhance network security. Many of these technologies are used today without you understanding when or where they operate. After reading this chapter, you should understand the benefits of these technologies, where they operate, and some of their associated risks.