In today's distributed, global, mobile-network environment the need for information risk management in organizations has never been greater. Information security is ultimately the responsibility of senior management and all companies do require a sound security policy. A common security problem in many organizations is that users can easily connect infected or compromised machines into the network and cause important damage. To effectively defend the network against such threats network administrators need to implement policies that ensure that each device connecting to a network is as secure as possible. The logical solution is to prevent or block the access for unauthorized entities that do not comply with a defined security policy.
- Think of the security policy specifics that you would expect to be in a good security policy framework suitable for your company.
- As a CSO in your company, you are responsible for the implementation of a Network Access Control system. What general configuration would suit your needs? What specific functions need to be added? What Network Access Enforcement methods you consider the most appropriate?
- Discuss if you can ever protect a facility 100% given all the security tools available.