1©2012 check point software technologies ltd. squashing politics with policy

1©2012 Check Point Software Technologies Ltd.

Squashing Politics with Policy


Agenda

1 Challenges

Foundation for acceptable security2

Why it helps3

Questions / Discussion4

[Restricted] ONLY for designated groups and individuals


Why do we need security controls?

Protect company and client sensitive information

Protect company image

Save the company money

Protect critical applications that make your company money

Protect critical applications that provide services to the public


Agenda

1 Challenges

2

Why it helps3


Foundation for acceptable security


Challenges with implementing security

Users don’t like change

Users don’t like the idea of freedoms being taken away

Users can feel accused if they are told they are doing something insecure

Security controls can break applications or functions in your IT infrastructure

Security requirements can slow down projects


Agenda

1 Challenges


Why it helps3




Develop your Security Policy

Develop Standard Operating Procedures

Develop Implementation and Test Plans

Develop an Approval Process for Policy Exceptions

Develop Procedure for Post Mortem and Root Cause Analysis



Develop your security policy

SHOULD BE THE FOUNDATION OF SECURITY IN YOUR ORGANIZATION

Get this vetted by appropriate parties to be distributed and signed by everyone in your organization

– HR (Especially for web content filtering!!)– Management– CIO, CISO, CTO, Director, etc.

Policy violations must have consequences


From Scratch?!?!...I don’t have time!

Plenty of free resources sans.org/security-resources/



Develop an approval process for policy exceptions

When exceptions must be made to the policy– Communicate the risk

– Keep a record of someone ELSE accepting the risk. – Someone in your direct chain of reports or someone

designated to accept risk (like a compliance dept.)– Document the exception



Develop Standard Operating Procedures

Things that you do on a daily basis for Due Diligence

These practices are usually more specific to your group within the company

SOPs will change as security threat landscape evolves

Get this vetted and signed by your manager



A thorough test plan will increase the probability of a successful deployment thus increasing user acceptance

Require testing of critical business applications or functions– By business units responsible for such applications

Always include a rollback plan and time to execute the rollback plan

Develop implementation and test plans



Doing this will:– Keep relevant facts of significant outages (Audit, Manager’s

report, etc.)– Avoid misdiagnosis and discourage those from doing it in the

future

Develop Procedure for Post Mortem and Root Cause Analysis


Agenda

1 Challenges


Why it helps3



Why it helps

Increase user acceptance of security

Increase confidence in security controls

Increase user security awareness

Minimize impact of implementing controls

Will breed a professional and happy work environment with more unity among teams


Agenda

1 Challenges


Why it helps3



Questions?

1©2012 check point software technologies ltd. squashing politics with policy

Documents