Who should attend: System and network managers chartered with defining or enforcing site security policies; IT professionals or auditors interested in Internet-related security policies.

What you will learn: A common-sense overview of security policy and related issues.

How can you secure your network if you can't secure your people? As much as 80% of the security incidents recorded are "inside jobs" or the result of deliberate action by insiders. The preferred way of dealing with the insider problem is to define a set of policies and guidelines that foster a useful security mindset. This course provides a common-sense overview of security policy and related issues, how to perform a risk assessment, and how to build a policy that covers all the bases without going overboard. Topics include:

- Risk assessment

• Risk mitigation
• Determining acceptable risk

• Acceptable use
• Security maintenance
• Publications policies
• Damage/spin control policies

Marcus J. Ranum is CEO of Network Flight Recorder, Inc. He is the principal author of several major Internet firewall products, including the DEC SEAL, the TIS Gauntlet, and the TIS Internet Firewall Toolkit. Marcus has been managing UNIX systems and network security for over 13 years, including configuring and managing whitehouse.gov. He is a co-author of the Web Security Sourcebook.

Tutorials at-a-Glance     Tutorial Instructors