Midterms was last week, and for one of my classes I had to write a mockup Risk Analysis and really generic Security Policy for a fake company. The point is during the Security policy part I was thinking about a network user policy that would be interesting to see. Basically the idea would be to have a security policy that gave users the ability to help diagnose security issues. Within reasonable restrictions though as to not be damaging to the network. So getting admin permission would obviously be part of the policy, but given the opportunity to mess a little with their workstation while they are working and see if there are major vulnerabilities would be ok. The idea is that the IT staff are not usually the only computer knowledgeable people to work at a company. Also I think a lot of employees probably think of network security with a bit of disdain and extra steps to take get work done etc. So bringing them onboard in different parts of the security policy creation, and the network security management would probably be good all around.
Bookmark/Search this post with: |
|||
