Believe it or not, best practices in network security begin with a top-down policy. Policy begins with understanding what it is you need to protect and what it is you need to protect against. The levels of responsibility need to be understood, and that implies that security is everyone’s job, as each employee understands how he or she contributes to the organization. Best practices in network security are more about the what and why of securing the organization’s information assets than about the how. The security policy is a formal definition of an organization’s stance on security, meaning what is allowed and what is not allowed. IT executives and managers faced with a myriad of technology choices become quickly overwhelmed at the daunting task of securing the enterprise. It is possible to unmuddy the waters by starting with a three-step framework that will aid in establishing a “best practices” network security program: Prepare, organize and execute. Let’s take a look at each piece of this framework in more depth. Full Story