Customization for Success: Background

Most SD Elements clients incorporate their own security policies into SD Elements using customization features. Understanding how to map custom content to SD Elements is key to harnessing the full power of the product in the enterprise. Note that we cover most topics related to content customization in the Content Customization section.

A typical, large organization has many different layers of information security policies, standards, guidelines and other documents that overlap with SD Elements.

To begin with, we will define these terms according to the SANS Information Security Policy Template definitions:

A policy is typically a document that outlines specific requirements or rules that must be met. In the information/network security realm, policies are usually point-specific, covering a single area. For example, an "Acceptable Use" policy would cover the rules and regulations for appropriate use of the computing facilities.

A standard is typically a collection of system-specific or procedural-specific requirements that must be met by everyone. For example, you might have a standard that describes how to harden a Windows 8.1 workstation for placement on an external (DMZ) network. People must follow this standard exactly if they wish to install a Windows 8.1 workstation on an external network segment. In addition, a standard can be a technology selection, e.g. Company Name uses Tenable SecurityCenter for continuous monitoring, and supporting policies and procedures define how it is used.

A guideline is typically a collection of system specific or procedural specific "suggestions" for best practice. They are not requirements to be met, but are strongly recommended. Effective security policies make frequent references to standards and guidelines that exist within an organization.” 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request