Chapter 6. Writing a Corporate Security Policy

In This Chapter

• Understanding the elements of a good security policy

• Working with a security policy's lifecycle

• Using standards for your security policies

• Writing your first security policy

In this chapter, we look at the many elements that you might want to include in your corporate security policies. You must cover a variety of areas, many of which have a direct impact on the goals of your NAC implementation. This chapter also shows you some example security policies and covers some best practices that can ensure everyone in the organization — from IT administrators to end users — adopts and follows your security policies. Following these best practices up front makes planning your NAC implementation easier and ensures that the implementation follows the broader goals of your organization as closely as possible.

A good security policy charts the course of security across your entire company. NAC might be a crucial element of that policy, but the broader corporate security policy has many different pieces, and many of them affect your NAC rollout. Before you start down the path of deployment, you need to know what your goals are for NAC — and the security policy that your team has in place drives those goals.