A policy is a formal statement on proper behavior for individual employees and groups of employees. Join Lisa Bock as she reviews best practices to create appropriate and realistic security policies, including organization and content, components and categories of security policies, and implementing security policies.
- [Voiceover] Once a security plan is in place,…policies are then written to implement controls.…Whereby, a guideline is more of a recommendation…of best practices,…a policy is a formal statement on proper behavior…and outlines the rules for either individual employees…or groups of employees throughout the company…and controls how the policies are implemented…in the form of procedures,…which are the step-by-step instructions…on how to do something.…Security policies define how the assets are protected,…and set rules for conduct for anyone or anything…that interacts with the assets.…
Policies are designed to protect the infrastructure,…yet should not be so cumbersome…as to interfere with work.…A security policy helps maintain a structure…for the management and administration…of the security of the network.…The policy should only allow authorized access…to the system resources.…When creating a policy,…the first step is to ask what information…and assets needs protected.…Assets are tangible and intangible items…that can be assigned a value.…
Security expert Lisa Bock starts with an overview of ethical hacking and the role of the ethical hacker. She reviews the kinds of threats networks face, and introduces the five phases of ethical hacking, from reconnaissance to covering your tracks. She also covers penetration-testing techniques and tools. The materials map directly to the "Introduction to Ethical Hacking" competency from the CEH Body of Knowledge, and provide an excellent jumping off point for the next courses in this series.
Note: Our Ethical Hacking series will map to the 18 parts of the EC-Council's certification exam. Find more courses in the series on Lisa's author page.
- Ethical hacking principles
- Managing incidents
- Creating security policies
- Protecting data
- Conducting penetration testing
- Hacking in phases