Perimeter security policy
As the saying goes, a chain is only as strong as its weakest link. This applies more than ever to cybersecurity implementations designed to protect organizations from malicious attacks, intruders and vulnerabilities.
While security principles should apply throughout the organization, locking down the perimeter and ensuring only necessary connections get through is an especially critical goal. Whether traffic is going from outside to inside or vice versa, having a strong, comprehensive and reliable perimeter security policy is integral to securing organizational data and the employees who use it to do their jobs and conduct company business.
The purpose of this policy is to provide guidelines for securing the organization’s network perimeter. This policy can be customized as needed to fit the needs of your organization.
From the policy
All employees, whether full-time, part-time, contract workers, consultants, part-time staff, interns and temporary workers and other personnel are covered by this policy. It also applies to all company-owned equipment, employee-owned equipment used to conduct company business or material related thereto.
There are no exceptions to this policy except where permitted in writing by the IT and/or Security departments.
PERIMETER SECURITY POLICY DETAILS
The first order of business should be to define what constitutes the environment perimeter and proceed with the steps below accordingly. Generally this will entail a dedicated set of redundant firewalls behind which all company workstations, servers and network devices will operate.