Defining a site security policy is one of the basic building blocks of designing an enterprise network. It is as critical as defining bandwidth requirements or redundancy needs. RFC 2196, The Site Security Handbook, defines a site security policy as follows:
A security policy is a formal statement of rules by which people who are given access to an organization's technology and information assets must abide.
The policy should be formed with representation from key corporate individuals: management members who have budget and policy authority, technical staff who know what can and cannot be supported, and legal personnel who know the legal ramifications of various policy choices.
Benefits of creating ...