Provide a short statement that will can as a security policy

Provide a short statement that will can as a security policy for an organization, explaining how to manage domains with differing trust levels. This statement should be 100% original.

Solution

Most companies choose their own secutiry management standards instead of adopting one. which means across differnt organizations the effective security standards is unlikely to be consistent and effective.

However, by accepting a recommended approach to enterprise security architecture, corporate security programs may become more consistent and effective.

A security policy is a formal set of the rules by which people who are given access to an organization\'s technology and information assets must abide.

Elements of Enterprise Security Architecture:

1)Policy
2)Security Domains
3)Trust Levels
4)Tiered Networks

Here we will discuss about Trust levels

-->Experience performing security risk assessments will reveal that there are several gray
areas of trust, otherwise referred to as variances.
-->A variance is a condition in which a domain is trusted under certain conditions
-->The trust relationships provide confidentiality and integrity for the authentication and
authorization processes used to connect users to resources in security domains.
-->Trust levels are a standard level of autentication and are used to evaluate the security needs of each domain and determine what kind of authentication and authorization must be used to permit connections to a domain.
--> Trust level are elements in another data domain, which eliminates the need for a second authentication
and authorization process
--> Trust levels enable a security domain to use authentication at the required trust level.

Trust level calssificaton:

   Trust levels specify the minimum requirements for authentication and authorization based
on the requested information or resource and the transport path from the user domain to
the requested domain.

1)Level three: This relates to pubic information, so can be considered not trusted, which needs not authentication or authorization.

2)Level two : This relates to proprietary information. so an user ID and password are mandatory for authentication and authorization.

3)Level one : This relates to private information, so can be considered to be trusted. for authentication tokens with personal identification numbers or digital certificates are required,the data is encrypted before being transmitted.