Implementing the policy
After you have defined your needs for a security policy, you can use Secure Perspective to implement that policy. Use the tips in this topic to help you get started writing a security policy with Secure Perspective.
To implement a security policy, do the complete the
following actions:
- Enter the data types that you identified into Secure Perspective as Resources.
- Enter the roles that you identified into Secure Perspective as Actors.
- Enter the data interactions that you identified into Secure Perspective as Actions.
- Create clear, meaningful policy statements.
- Identify the systems that contain relevant data that need to be connected to the controlling system. On Secure Perspective, add these machines to the system configuration list.
- Connect policy terms to digital assets. Be aware of the file system’s hierarchy and how this affects users’ access to files within directories. In Secure Perspective, map resources to data assets, actors to user profiles, and actions to system actions.
- Check current compliance. You may need to make adjustments on your system if it fails to comply with your policy. After applying patches or fixes, you might want to run a compliance check.
- Use problem prediction to determine whether your current processes could be affected by the application of your security policy. You may need to modify your policy if it interferes with essential system procedures.
- Use Secure Perspective to apply the policy. You can read the report for details and investigate any questionable failures. Undo the policy and make adjustments as necessary.
Restriction: Secure Perspective uses authorization lists
to secure objects. The maximum number of files and members that can be secured
by a single resource term is 2 097 104. If you apply a policy when more than
2 097 104 items (files added to the sum of the members in those files) are
mapped to a term, the application of the policy to will fail. An error message
is shown on the display screen. Alternatively, you can divide
the objects mapped to the term to two or more terms, modify the policy accordingly,
and apply the policy again.