Question Details

INFA 620 Session 5 Discussion
Devising Security Policy and Network Access Control
In today's distributed, global, mobile-network environment the need for information risk management in organizations has never been greater. Information security is ultimately the responsibility of senior management and all companies do require a sound security policy. A common security problem in many organizations is that users can easily connect infected or compromised machines into the network and cause important damage. To effectively defend the network against such threats network administrators need to implement policies that ensure that each device connecting to a network is as secure as possible. The logical solution is to prevent or block the access for unauthorized entities that do not comply with a defined security policy.
The purpose of this conference topic is to understand the importance of security policy and network access control in every company. Read through Chapter 5.1-5.3 of Stallings textbook and Session 5 Notes and become familiar with the basic principles of network access control that may be successfully applied in the vast majority of cases.
________________________________________
Assignment:
Post a concise answer discussing the following topics:
•	Think of the security policy specifics that you would expect to be in a good security policy framework suitable for your company.
•	As a CSO in your company, you are responsible for the implementation of a Network Access Control system. What general configuration would suit your needs? What specific functions need to be added? What Network Access Enforcement methods you consider the most appropriate?
•	Discuss if you can ever protect a facility 100% given all the security tools available.
Post your answer as a reply to this conference topic. When you finished posting, consult your colleagues' responses and engage in a debate.