You were hired as the manager for network services at a medium-sized firm. This firm has 3 offices in 3 American cities. Recently, the firm upgraded its network environment to an infrastructure that supports converged solutions. The infrastructure now delivers voice, data, video, and wireless solutions. Upon assuming the role of network manager, you started reviewing the documentation and policies in place for the environment to ensure that everything is in place for the upcoming audit. You notice that a formal network security policy is nonexistent. You need one. The current network environment and services are listed below:
- The environment hosts a customer services database.
- The e-mail service is available, with each user having his or her own mailbox.
- There is a sales team of 20 staff. They work remotely using laptops.
- A routed voice network exists between offices.
- Web services are available to clients on the Internet.
- Wireless services cover public areas and conferences rooms.
Considering the network environment, services, and solutions that are supported, develop a network security policy of 3–4 pages for the environment.
- Give consideration to each service, and recommend protection measures.
- Risk mitigation is of extreme importance.
- Confidentiality and integrity are important factors of network security. However, it should not affect availability.