Security Policy Guidelines

Mohamed Hamdi, National Digital Certification Agency, Tunisia

Noureddine Boudriga, National Digital Certification Agency, Tunisia

Mohammad S. Obaidat, Monmouth University, NJ, USA

Introduction

Security Policy Fundamentals

Security Policy Definition

SP Classes

Security Policy Objectives

Policy Requirements

SP Components

Security Policy Life Cycle

Cost-Effectiveness: The Risk Analysis Process

Integrating Risk Analysis Process into the SP Life Cycle

Risk Analysis Steps

Writing Efficiency: The Development Process

SP and the Documentation Hierarchy

Language and Validation

SP Development Phases

Mathematical Models

Multilevel Security Policies

Security Awareness Program: The Publication Process

Documenting the SP

Distributing the SP

Training the Staff

Cost-Effectiveness of the Awareness Process

Security Policy Reassessment: The Auditing Process

Collecting Relevant Data

Assessing the SP Efficiency

Updating the SP

Legal Aspects

Glossary

Cross References

References

Further Reading

INTRODUCTION

Because computer system technologies are rapidly spreading from academic research to industrial applications, many security issues have been raised. This need for security is driven by the increasingly large proportion of losses caused to the enterprises by various security incidents. Security attacks may disturb the operation of the system, entail loss of secrets and privacy, and become a risk to the national security and economy. Several studies, such as the CSI/FBI survey ...