Network Security Policy
A company's Network Security Policy is by nature one of its most technical policies, as it deals with the specifics of IT Security implementation. This policy covers such topics as: use of antivirus software, server patch management, default installations of systems, vulnerability management, logging, network segmentation, router/firewall/switch security, and much more. This policy is the longest and most in-depth policy offered by EZSecurityPolicy.com.
The Network Security Policy will provide the practical mechanisms to support the company's comprehensive set of security policies. This policy purposely avoids being overly-specific in order to provide some latitude in implementation and management strategies.
A Network Security Policy developed with the EZSecurityPolicy.com application will include the following detailed sections:
1. Overview
2. Purpose
3. Scope
4. Policy
4.1. Network Device Passwords
4.1.1. Password Construction
4.1.2. Failed Logons
4.1.3. Change Requirements
4.1.4. Password Policy Enforcement
4.1.5. Admin Password Guidelines
4.2. Logging
4.2.1. Application Servers
4.2.2. Network Devices
4.2.3. Critical Devices
4.2.4. Log Management
4.2.5. Log Review
4.2.6. Log Retention
4.3. Firewalls
4.3.1. Configuration
4.3.2. Outbound/Egress Traffic Filtering
4.4. Networking Hardware
4.5. Network Servers
4.6. Intrusion Detection/Intrusion Prevention
4.7. Security Testing
4.7.1. By Internal Resources
4.7.2. By a Third party
4.8. Disposal of IT Assets
4.9. Network Compartmentalization
4.9.1. Higher-Risk Networks
4.9.2. Externally-Accessible Systems
4.9.3. Internal Networks
4.10. Network Documentation
4.11. Antivirus/Anti-Malware
4.12. Software Use Policy
4.13. Maintenance Windows/Scheduled Downtime
4.14. Change Management
4.15. Suspected Security Incidents
4.16. Redundancy
4.17. Manufacturer Support Contracts
4.18. Security Policy Compliance
4.18.1 Security Program Manager
4.18.2 Security Training
4.18.3 Security Policy Review
4.19. Applicability of Other Policies
5. Enforcement
6. Definitions
7. Revision History
Available in the Gold Package only, this is a policy that is intended to be used by technical staff and management only.
Your custom Network Security Policy will be delivered immediately upon completion of the wizard via email, as both a PDF and an RTF file. RTF files are editable in all major word processing programs, including Microsoft Word.
Our security policies were written based on a cohesive and integrated approach using security best practices stemming from the C-I-A triad of confidentiality, integrity, and availability. This approach aligns with both real-world and industry standard-based objectives, resulting in an invaluable resource for your security policy management. A Network Security Policy developed with the EZSecurityPolicy.com wizard will provide the foundation for a realistic, practical implementation of your IT security policy program.
Please contact us if you have any questions about this policy.
EZSecurityPolicy.com has delivered thousands of IT Security Policies to companies from 5 to 50,000 employees. The management of EZSecurityPolicy.com has over 20 years of successful experience in the field of information security.