Outline for a Successful Security Program

Do you need a Security Program? As technology advances, companies are finding out they require a network security program. This paper is meant to give the reader an outline and high level view of security topics to examine when creating a network security program. This paper is broken into fifteen sections related to security. It has been my experience that most security programs will have to give some attention to each of these sections in order to be successful. Some of the topics I will discuss include: security policies, firewalls, intrusion detection systems, documentation and disaster recovery. Explaining each of these topics in great detail is beyond the scope of this paper. You can find more in-depth papers on any of these sections in the Sans reading room located at http://www.sans.org/rr. Every security program is different, so there is no definite order in which these sections should be addressed. However, I will try to start with the topics that are usually dealt with in the beginning stages of many security programs.