Module 2 - Creating a plan for network security. This module describes the importance of security policies and procedures in a security design, and explains how a security design team must include representation from various members of the organization. The module also introduces the Microsoft Solutions Framework (MSF) process model, which provides a comprehensive framework that can be used to create a security design. | Module 2: Creating a Plan for Network Security Overview Introduction to Security Policies Defining a Process for Designing Network Security Creating a Security Design Team Lesson: Introduction to Security Policies What Are Security Policies? Types of Security Policies Common Reasons That Security Policies Fail Guidelines for Creating Policies and Procedures What Are Security Policies? Security policies are documents that explain how an organization implements security Security is enforced through: Policies Administrative Policies Technical Policies Physical Policies Procedures Procedures Describe how to comply with policies Are detailed steps that support policy implementation Types of Security Policies Policies Standard Implemented throughout an organization Required for all users Often enforced by hardware or software Recommended Implemented in specific parts of the organization May be optional for some users Common Reasons That Security Policies Fail Policies that fail are often: Not enforced Difficult to read or find Outdated Too vague Too strict Not supported by management Guidelines for Creating Policies and Procedures Guidelines: Create clear and concise policies Create simple procedures for each policy Obtain support from all levels of management Ensure that users can find and use policies Ensure that policies do not disrupt business continuity Use technology when possible to enforce policies Enforce consequences for policy violations Create incentives for compliance Lesson: Defining a Process for Designing Security Introduction to Microsoft Solutions Framework The Planning Phase for Network Security The Building Phase for Network Security The Managing Phase for Network Security Practice: Match the Design Task to the MSF Phase Planning Managing Building Is a suite of models, principles, and guidelines to build and deploy distributed enterprise systems Helps ensure a comprehensive design Provides a framework to design network security Introduction to . | Module 2: Creating a Plan for Network Security Overview Introduction to Security Policies Defining a Process for Designing Network Security Creating a Security Design Team Lesson: Introduction to Security Policies What Are Security Policies? Types of Security Policies Common Reasons That Security Policies Fail Guidelines for Creating Policies and Procedures What Are Security Policies? Security policies are documents that explain how an organization implements security Security is enforced through: Policies Administrative Policies Technical Policies Physical Policies Procedures Procedures Describe how to comply with policies Are detailed steps that support policy implementation Types of Security Policies Policies Standard Implemented throughout an organization Required for all users Often enforced by hardware or software Recommended Implemented in specific parts of the organization May be optional for some users Common Reasons That Security Policies Fail Policies that fail are .