The Security Audit
Security vs Performance
Effective network administration involves more than just penetration
testing. The best practice involves knowing the needs or your organization
and how it relies on availability of its information. It wouldn’t
be practical to impose such strict restriction on accessing systems or
applications that your users just end up working against you. They will
eventually circumvent any security controls you’ve put place only
to make they’re job easier. Attempting to weaken controls to provide
users with an easy to use environment may compromise the security of the
network. Where should the line be drawn? This is where the auditing technique
used comes to play. Using a risk-based assessment can provide a clear
representation of where to find the middle ground.
|
| Policy Templates from Sans Institute |
Acceptable Encryption
Acceptable Use
Analog Line
Anti-virus Guidelines
Application Service Providers
Aquisition Assessment
Audit
Automatically Forwarded Email
DB Credentials
Dial-in Access
DMZ Lab Security
Ethics
Extranet
Information Sensitivity
|
Internal Lab Security
Internet DMZ Equipment
Lab Anti-Virus
Password
Remote Access
Risk Assessment
Router Security
Server Security
Third Party Agreement
Virtual Private Network
Wireless Communication
From SuperHac
Computer Forensic Investigative Analysis Report |
List of Policy Templates included on the CD from the
SANS Institute. |
|
