ccna certification dallas tx

ccna certification dallas tx.document that evolves as needs change. A comprehensive security strategy can provide the following benefits. Demonstrates an organization's commitment to achieving security. Establishes rules for expected behavior. Ensures consistency in system operations, hardware and software acquisition and use, and maintenance. Defines the legal consequences of violations. Provide management support for security personnel. A security policy informs users, employees, and managers of an organization's requirements for protecting technology and information assets. A security policy also defines the mechanisms needed to meet security requirements.It also defines the mechanisms needed to meet security requirements and provides a baseline from which computer systems and networks can be acquired, configured, and audited for compliance. A security policy may contain the following elements. Identification and authentication policy: specifies authorized persons who can access network resources and authentication protocols. Password policy: ensures that passwords meet minimum requirements and that they need to be changed periodically. Acceptable user policy: Identifies the web applications and their usage that are acceptable to the first organization. If the policy is violated, italso identifies the appropriate consequences if the policy is violated. Remote Access Policy: Identifies how remote users can access a network and what can be accessed through a remote connection. Network Maintenance Policy: Specifies the upgrade protocols for network device operating systems and end-user applications. Event handlers: Describes how security events are handled. One of the most common security policy components is the acceptable/appropriate usepolicy (AUP), which defines what users can do on various system components.This component defines what users can and cannot do on various system components. This includes the types of traffic that are allowed on the network. AUPs should be as clear as possible to avoid misunderstandings. For example, the AUP may list Web sites, newsgroups, or bandwidth-hungry applications that are prohibited from accessing company computers or from the company network o10.7.1.3 Audience of the Security PolicyThe audience for a security policy is any person with access to the network. Internal audiences include different people, such as managers and supervisors, departments and business units, technicians, and staff. External audiences are also different groups, including partners, customers, vendors, consultants, and contractors. For a large organization, it is possible that one document will not meet the needs of all audiences. The goal here is to ensure that the different information security policy documents are aligned with the needs of the target audience.The audience determines the content of the policy. For example, it may not be necessary to describe why something is necessary in a policy that is intended for technical people. It may be assumed that technicians already know why a particular requirement is included. Managers may not be interested in the technical aspects of why a particular requirement is needed; instead, they would prefer to see an outline of the presentation or the principles that support the requirement. Employees often ask for more information explaining why a particular safety rule is necessary. They are often better able to comply with the rules if they understand the reasons for their development.10.7.2 Structure of the safety policy10.7.2.1 Hierarchy of Security PoliciesMost companies use a series of policy documents to meet their broad and varied needs. These documents are often divided into a hierarchical structure.