University IT Security: Network Security Policies and Implementation

Verified

Added on 2022/11/15

AI Summary

This report comprehensively examines network security policies and their implementation within organizations. It begins by discussing network security system design, emphasizing the importance of protecting intellectual property through strategies like end-to-end encryption and VLAN implementation. The report then details the elements of a robust security policy, including identifying needs, assigning responsibilities, gathering data, drafting policies, and consulting stakeholders. It stresses the significance of training plans for employees, including regular updates on threats and specialized training like PhishMe. Hardware security is also addressed, highlighting the need to protect physical systems. Penetration testing and the role of law enforcement agencies are discussed, along with the advantages of implementing security policies. The report concludes by emphasizing the ongoing nature of network security and the importance of continuous improvement to protect organizational data and maintain a secure environment.

Running head: - INFORMATION TECHNOLOGY SECURITY
NETWORK SECURITY POLICIES
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1INFORMATION TECHNOLOGY SECURITY
Abstract
In the paper one of the important aspect is discussed which is the network security system
and the different policies related to the security system. Irrespective of the size of the security
system it is mandatory to focus upon the security system of the organization. the policies are
the structures which helps in setting a standard for the organization. The policies when
implemented within the organization it is important that the employees are well trained.
However, the network security policies are one of the important aspect playing key role
within the organization.

2INFORMATION TECHNOLOGY SECURITY
Table of Contents
Introduction................................................................................................................................3
Network Security System Design Implemented Within the Organization................................3
Elements of the Policy...............................................................................................................4
Training Plan..............................................................................................................................4
Security related to the Hardware................................................................................................5
Penetrating Testing.....................................................................................................................6
Law Enforcement Agencies.......................................................................................................6
Network Security Policy............................................................................................................7
Advantages of the Security Policies...........................................................................................7
Conclusion..................................................................................................................................8
References..................................................................................................................................9

3INFORMATION TECHNOLOGY SECURITY
Introduction
In order to maintain and protect the different types of intellectual properties the
organization are trying to implement different network policies and strategies. The strategies
and the policies will help the organization by safeguarding the various data, which is stored in
the system of the organization (Peltier, 2016). The data and the strategies need to protect so
that different parties are not able to misuse the data or rather utilize the data for their own
purpose. There are various types of intellectual property within the organization. The
invention, which is made in different field, is generally the outcome of the strategies of the
inventors. The different types are copyrights, trade secrets, patents and trademarks. The trade
secrets are the type of intellectual property, which helps in protecting the secret information
of the organization. The patents are the intellectual property required to protect the functional
features of the organization. The copyrights are the property that protects the works of the
different authors. The trademarks help in protecting the brand of the organization. In order to
protect the different types of intellectual property and the network different design and
policies are implemented within the organization. However, the paper discusses the design
that need to implemented, the different training plan, the various policies related with the
design and protection of the network of the organization.
Network Security System Design Implemented Within the Organization
A design is proposed within the organization so that the network security system can
be easily implemented within the organization. The main aim of implementing such system is
to keep all the data secure and protect the overall intellectual properties of the organization.
However, the network security can be stated as one of the area of the computer science,
which mainly focuses on securing the different layer of the network infrastructure (Manshaei
et al., 2013). The design will help in planning the different infrastructure and the different

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4INFORMATION TECHNOLOGY SECURITY
methods that is required to prevent the issues that might arise within the security system. The
end-to-end encryption need to be implemented in the system as one of the network security
strategy. There are no specific rules related with the network security design. All the
situations will be completely different. VLAN is also a type of design, which is implemented
within the organization. It is one of the best network security solution that can be
implemented within the system (Yu et al., 2015).
Elements of the Policy
There are different policies that is required to design the network security within the
organization. The policies comprise of carious steps, which is one of the important step that is
required to be implemented in the system. The designing of the different network security
requires implementation of various policies. The policy helps in identifying the various need,
and gathering different information, the consulting and reviewing of the various policies
(Scott-Hayward, O’Callaghan & Sezer, 2013). The first step is the identification of the need.
The organization require to continuously accessing all the activities, the responsibilities and
the external environment involved within the organization. The second step is the
identification of the leader who will be taking up the responsibilities. The third step will
involve the gathering of all the data required to maintain the network security system. The
fourth step is the draft policy, which ensures that all the complexity related with the policies
are discussed. The last step involves consulting with the stakeholders so that all the policies
can be easily implemented related to the network security system.
Training Plan
There is different training plan, which is important before the implementation of the
network security policies. The new employees related with the network security must be well
trained. The new hires within the organization need to be trained well and the employees

5INFORMATION TECHNOLOGY SECURITY
must be trained related to the network security training. This training will help in laying a
foundation within the organization. It is important for the management to ensure that all the
skills of the employees are well known by the organization so that the necessary changes can
be made within the organization. There must be regular update with all the latest threats in
the network security system (Son et al., 2013). The regular updates related with the latest
version helps the organization and the employees to know the different network policies well.
The training related with the cyber security helps the IT team of the organization. PhishMe is
a method were the employees are taught about the different phishing attacks so that they are
aware about it. However, training related with the network policy is important.
Security related to the Hardware
Hardware security is also one of the important part within the organization. The
vulnerability related with the hardware need to be protected. The hardware security can be
implemented within the system as the device is used to scan and monitor the different traffic
involved within the network (Almorsy, Grundy & Müller, 2016). The term hardware security
is related with the different protection of the physical systems from different virus. Protecting
the hardware is one of the important aspects in the physical system. It adds reliability within
the network security system. There are two types of security which is essential in the
network security system. The types are software and hardware security. Software security
provides barriers and different cyber tools protects the different programs and the files
present in the network security system. The hardware security which is present in the system
protects the different machine and the network security system. In order to protect the
hardware various policies is implemented so that there is no risk involved in the organization.

6INFORMATION TECHNOLOGY SECURITY
Penetrating Testing
Penetrating test is also known as the pen test, which helps and protect the security. It
is a protection that check the system from the different vulnerabilities. In the system, the test
is used to protect the application and checks the various security levels (Tan, Blake &
Dustdar, 2016). There are various stages involved in the penetration test. The first stage is
planning and reconnaissance where the goals is determined and all the information is
gathered. The second stage is scanning. Scanning tools are very important aspect in the
penetrating test. The third stage is the gaining of access and discover the different
vulnerabilities (Liu et al., 2014). The fourth stage is maintaining the access, where the access
is maintained. The last stage is the analysis and WAF configuration where the outcome is
configured and the testing is performed before the implementation of the network security
system. The penetrating test is both internal and external. The external targets the checking of
the assets present in the company. However, the internal testing access and check all the
application involved within the system.
Law Enforcement Agencies
There are different agencies that are actually looking after the implemented policies
within the organization. There are number of different types of police which are there who
make sure that all the policies are followed. There is special jurisdiction present worldwide
that checks the policies are well maintained and obeyed by different global organization (Tan
et al., 2013). There are special police acting as the jurisdiction body which are working in
different departments giving services as the local authorities. There are experts present in the
agencies team which give suggestion. They are the advisor at the global level communicating
with different experts of the technologies. There are different challenges which is noticed in
the network security system. The agencies help the employees and the organization in
situations where the policies are not obeyed and is violated.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7INFORMATION TECHNOLOGY SECURITY
Network Security Policy
It is necessary for the organization to implement different security plan. The plan
follows certain top to down approach. The policy which is associated with the security is high
level document which is well defined by the organization keeping in concern the aim,
security details and responsibilities (Ahmad et al., 2015). It is a type of formal document
which is important in order to make sure that all the computer network and the network is
secured. The protection is both internally and externally. There are different types of legal
access that can be used by different organization to access the network and in order to modify
such characteristics the network security policies are implemented. There is certain standard
which is well defined which is the set of obligatory rules and regulations required to fulfil the
goals and objectives of the organization. The policies generally states that the company must
maintain a system or environment free from malware. It gives a strict instruction that all the
computer implemented within the organization need to be free from antivirus. However, a
baseline need to be created within the organization (Wang et al., 2013).
Advantages of the Security Policies
Irrespective of the size of the organization the network security policy is mandatory.
Security policies ensures that the organization achieves the success and is secure from all the
cyber security strategies and it is same from the attackers and hackers (Singhal et al., 2013).
It helps in identifying the different rules and methods that all the organization requires. The
policies related with the security governs the different practices within the organization which
is related with protecting the physical and the information technology assets. The documents
which is related with the security policies helps in the security awareness, and aim in
protecting the information technology requirements. The policies need to be more accurate
and up to date. The policies need to be realistic and all the goals and strategies need to be
well defined. There is different punishment which varies from country to country depending

8INFORMATION TECHNOLOGY SECURITY
on the crime. However, it can be stated that the network related policies is important part of
the organization (Yang et al., 2015).
Conclusion
It can be concluded that there are different challenges related to network security.
Providing a secure network within the organization is one of the main priority of the
management. It is one of the greater challenges and it is necessary to provide a secure
environment in the organization. There are different network security administrators who
look after the various network policies implemented within the organization (Sezer et al.,
2013). The security approach related to the network need to have a proper guideline. Once a
certain level of security is achieved within the organization the managers continue their work
in maintaining the policies related with the network security system. The network security
and the related policies is one of the dynamic process which helps in improving the overall
work process of the system and give rise to different opportunities for the improvement of the
organization.

9INFORMATION TECHNOLOGY SECURITY
References
Ahmad, I., Namal, S., Ylianttila, M., & Gurtov, A. (2015). Security in software defined
networks: A survey. IEEE Communications Surveys & Tutorials, 17(4), 2317-2346.
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Liu, Y., Wang, L., Duy, T. T., Elkashlan, M., & Duong, T. Q. (2014). Relay selection for
security enhancement in cognitive relay networks. IEEE Wireless Communications
Letters, 4(1), 46-49.
Manshaei, M. H., Zhu, Q., Alpcan, T., Bacşar, T., & Hubaux, J. P. (2013). Game theory
meets network security and privacy. ACM Computing Surveys (CSUR), 45(3), 25.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Scott-Hayward, S., O'Callaghan, G., & Sezer, S. (2013, November). SDN security: A survey.
In 2013 IEEE SDN For Future Networks and Services (SDN4FNS) (pp. 1-7). IEEE.
Sezer, S., Scott-Hayward, S., Chouhan, P. K., Fraser, B., Lake, D., Finnegan, J., ... & Rao, N.
(2013). Are we ready for SDN? Implementation challenges for software-defined
networks. IEEE Communications Magazine, 51(7), 36-43.
Singhal, M., Chandrasekhar, S., Ge, T., Sandhu, R., Krishnan, R., Ahn, G. J., & Bertino, E.
(2013). Collaboration in multicloud computing environments: Framework and
security issues. Computer, 46(2), 76-84.
Son, S., Shin, S., Yegneswaran, V., Porras, P. A., & Gu, G. (2013, June). Model checking
invariant security properties in OpenFlow. In ICC (pp. 1974-1979).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

10INFORMATION TECHNOLOGY SECURITY
Tan, W., Blake & Dustdar, S. (2016). Social-network-sourced big data analytics. IEEE
Internet Computing, (5), 119-229.
Tan, W., Blake, M. B., Saleh, I., & Dustdar, S. (2013). Social-network-sourced big data
analytics. IEEE Internet Computing, (5), 62-69.
Wang, L., Jajodia, S., Singhal, A., Cheng, P., & Noel, S. (2013). k-zero day safety: A
network security metric for measuring the risk of unknown vulnerabilities. IEEE
Transactions on Dependable and Secure Computing, 11(1), 30-44.
Yang, N., Wang, L., Geraci, G., Elkashlan, M., Yuan, J., & Di Renzo, M. (2015).
Safeguarding 5G wireless communication networks using physical layer
security. IEEE Communications Magazine, 53(4), 20-27.
Yu, T., Sekar, V., Seshan, S., Agarwal, Y., & Xu, C. (2015, November). Handling a trillion
(unfixable) flaws on a billion devices: Rethinking network security for the internet-of-
things. In Proceedings of the 14th ACM Workshop on Hot Topics in Networks (p. 5).
ACM.