{"id":216,"date":"2009-03-24T16:00:38","date_gmt":"2009-03-24T21:00:38","guid":{"rendered":"http:\/\/www.webadminblog.com\/?p=216"},"modified":"2009-04-09T11:29:52","modified_gmt":"2009-04-09T16:29:52","slug":"security-policy-architecture-how-to-fix-your-current-disaster","status":"publish","type":"post","link":"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/24\/security-policy-architecture-how-to-fix-your-current-disaster\/","title":{"rendered":"Security Policy Architecture &#8211; How to fix your current disaster"},"content":{"rendered":"<p>One of the sessions that I attended during the day on the Tuesday of TRISC 2009 was by Doug Landoll from Lantego on &#8220;Security Policy Architecture&#8221;.\u00a0 The presentation was a very good overview of how to put good security policies in place that are easily auditable should that need arise and that are as comprehensive as necessary.\u00a0 The actual presentation slides are available <a href=\"http:\/\/trisc.org\/presentations\/Landoll_Policy_Disasters.pdf\" target=\"_blank\">here <\/a>and because he had some very good visual aids in his presentation, I&#8217;m going to just recommend that you check out the actual slides.\u00a0 My notes, however, are below just in case the slides ever get deleted for some reason:<\/p>\n<p><span style=\"text-decoration: underline;\"><strong>Importance of Security Policies<\/strong><\/span><\/p>\n<ul>\n<li>Govern expected behavior and process\n<ul>\n<li>Expected and prohibited behavior<\/li>\n<li>Security process<\/li>\n<\/ul>\n<\/li>\n<li>Establishes roles and responsibilities\n<ul>\n<li>Management &amp; oversight<\/li>\n<li>Execution<\/li>\n<\/ul>\n<\/li>\n<li>Define protection measures\n<ul>\n<li>Access controls<\/li>\n<li>Physical security measures<\/li>\n<li>Monitoring, audit, and oversight<\/li>\n<li>Response priorities<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"><strong>Hazards of Weak Security Policies<\/strong><\/span><\/p>\n<ul>\n<li>Unclear expected behavior\n<ul>\n<li>Personnel guess at what is allowable &amp; expected<\/li>\n<li>Minor \u201cinfractions\u201d \u2013 undefined &amp; unnoticed<\/li>\n<li>Leads to eroding culture of trust<\/li>\n<\/ul>\n<\/li>\n<li>Unclear roles and responsibilities\n<ul>\n<li>No oversight \u2013 administrator actions go unchecked<\/li>\n<li>No management \u2013 activities according to whim<\/li>\n<\/ul>\n<\/li>\n<li>Unclear protection measures\n<ul>\n<li>\u201cHeroes\u201d define network security<\/li>\n<li>Extremely tech-centric security posture<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"><strong>Security Architecture Mistakes<\/strong><\/span><\/p>\n<ul>\n<li>Mixed audience policies\n<ul>\n<li>Ex: Encryption policy\n<ul>\n<li>Use of encryption \u2013 users<\/li>\n<li>Selection of encryption algorithms \u2013 system owners<\/li>\n<li>Implementation of encryption \u2013 custodians<\/li>\n<li>Key escrow \u2013 system owners<\/li>\n<li>Oversight \u2013 auditors\/management<\/li>\n<\/ul>\n<\/li>\n<li>Ex: Security Updates\n<ul>\n<li>Do not block network updates \u2013 users<\/li>\n<li>Patch every Tuesday \u2013 admins<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Who is the audience?<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"><strong>Common Policy Architecture Mistakes<\/strong><\/span><\/p>\n<ul>\n<li>One topic = one policy<\/li>\n<li>Magic Policies\n<ul>\n<li> Templates<\/li>\n<li>Handbooks<\/li>\n<\/ul>\n<\/li>\n<li>Pros\n<ul>\n<li>Solves the \u201cblank piece of paper\u201d problem<\/li>\n<\/ul>\n<\/li>\n<li>Cons\n<ul>\n<li>Old<\/li>\n<li>No consideration for your environment, culture, or organization<\/li>\n<li>Discourages analysis<\/li>\n<li>No SME (Subject Matter Expert) involvement<\/li>\n<li>Thwarts adoption<\/li>\n<\/ul>\n<\/li>\n<li>Match policy to requirements\n<ul>\n<li>PCI Policy project<\/li>\n<li>HIPAA Policy project<\/li>\n<li>TAC 202 Policy project<\/li>\n<li>Etc<\/li>\n<\/ul>\n<\/li>\n<li>Problem\n<ul>\n<li>Requirements by controls<\/li>\n<li>Policies organized by audience &amp; topic<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"><strong>Clean Slate Approach<\/strong><\/span><\/p>\n<ol>\n<li>Assess what you have\n<ul>\n<li>Independent &amp; complete review process<\/li>\n<\/ul>\n<\/li>\n<li>Determine controls framework\n<ul>\n<li>COBIT, ISO 27001<\/li>\n<\/ul>\n<\/li>\n<li>Map in requirements\n<ul>\n<li>PCI DSS, HIPAA, TAC 202<\/li>\n<\/ul>\n<\/li>\n<li>Organize create policy statements\n<ul>\n<li>For each control (rows) and requirement (column)<\/li>\n<\/ul>\n<\/li>\n<li>Create policy architecture\n<ul>\n<li>According to audience &amp; topic<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p><span style=\"text-decoration: underline;\"><strong>Policy Assessment Approach<\/strong><\/span><\/p>\n<ul>\n<li>Step 1 (Essential Elements Checklist)<\/li>\n<li>Steps 2 (controls &amp; framework) &amp; 3 (map requirements)<\/li>\n<li>Steps 4 (policy statements) &amp; 5 (policy architecture)<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"><strong>Conclusion<\/strong><\/span><\/p>\n<ul>\n<li>Administrative Controls\n<ul>\n<li>Management, oversight, process<\/li>\n<li>Address organizational and insider issues<\/li>\n<\/ul>\n<\/li>\n<li>Lack of policy architecture\n<ul>\n<li>Leads to weak administrative controls<\/li>\n<li>Unplanned technology implementation\n<ul>\n<li>\u201cimplementation by appointment\u201d<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Ensure your controls are complete<\/li>\n<li>Reaction is NOT a strategy (Don\u2019t do it because a vendor called you or because an auditor said to do it)<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>One of the sessions that I attended during the day on the Tuesday of TRISC 2009 was by Doug Landoll from Lantego on &#8220;Security Policy Architecture&#8221;.\u00a0 The presentation was a very good overview of how to put good security policies in place that are easily auditable should that need arise and that are as comprehensive [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[222],"tags":[239,238,622],"class_list":["post-216","post","type-post","status-publish","format-standard","hentry","category-texas-regional-infrastructure-security-conference-2009","tag-architecture","tag-policy","tag-security"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.10 - aioseo.com -->\n\t<meta name=\"description\" content=\"One of the sessions that I attended during the day on the Tuesday of TRISC 2009 was by Doug Landoll from Lantego on &quot;Security Policy Architecture&quot;. The presentation was a very good overview of how to put good security policies in place that are easily auditable should that need arise and that are as comprehensive\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"Josh\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/24\/security-policy-architecture-how-to-fix-your-current-disaster\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.10\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Web Admin Blog | Real Web Admins.  Real World Experience.\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"Security Policy Architecture \u2013 How to fix your current disaster | Web Admin Blog\" \/>\n\t\t<meta property=\"og:description\" content=\"One of the sessions that I attended during the day on the Tuesday of TRISC 2009 was by Doug Landoll from Lantego on &quot;Security Policy Architecture&quot;. The presentation was a very good overview of how to put good security policies in place that are easily auditable should that need arise and that are as comprehensive\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/24\/security-policy-architecture-how-to-fix-your-current-disaster\/\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2009-03-24T21:00:38+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2009-04-09T16:29:52+00:00\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:title\" content=\"Security Policy Architecture \u2013 How to fix your current disaster | Web Admin Blog\" \/>\n\t\t<meta name=\"twitter:description\" content=\"One of the sessions that I attended during the day on the Tuesday of TRISC 2009 was by Doug Landoll from Lantego on &quot;Security Policy Architecture&quot;. The presentation was a very good overview of how to put good security policies in place that are easily auditable should that need arise and that are as comprehensive\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2009\\\/03\\\/24\\\/security-policy-architecture-how-to-fix-your-current-disaster\\\/#article\",\"name\":\"Security Policy Architecture \\u2013 How to fix your current disaster | Web Admin Blog\",\"headline\":\"Security Policy Architecture &#8211; How to fix your current disaster\",\"author\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/author\\\/jsokol\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/#organization\"},\"datePublished\":\"2009-03-24T16:00:38-05:00\",\"dateModified\":\"2009-04-09T11:29:52-05:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2009\\\/03\\\/24\\\/security-policy-architecture-how-to-fix-your-current-disaster\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2009\\\/03\\\/24\\\/security-policy-architecture-how-to-fix-your-current-disaster\\\/#webpage\"},\"articleSection\":\"TRISC 2009, architecture, policy, Security\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2009\\\/03\\\/24\\\/security-policy-architecture-how-to-fix-your-current-disaster\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.webadminblog.com\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/conferences\\\/#listItem\",\"name\":\"Conferences\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/conferences\\\/#listItem\",\"position\":2,\"name\":\"Conferences\",\"item\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/conferences\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/conferences\\\/texas-regional-infrastructure-security-conference-2009\\\/#listItem\",\"name\":\"TRISC 2009\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/conferences\\\/texas-regional-infrastructure-security-conference-2009\\\/#listItem\",\"position\":3,\"name\":\"TRISC 2009\",\"item\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/conferences\\\/texas-regional-infrastructure-security-conference-2009\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2009\\\/03\\\/24\\\/security-policy-architecture-how-to-fix-your-current-disaster\\\/#listItem\",\"name\":\"Security Policy Architecture &#8211; How to fix your current disaster\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/conferences\\\/#listItem\",\"name\":\"Conferences\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2009\\\/03\\\/24\\\/security-policy-architecture-how-to-fix-your-current-disaster\\\/#listItem\",\"position\":4,\"name\":\"Security Policy Architecture &#8211; How to fix your current disaster\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/conferences\\\/texas-regional-infrastructure-security-conference-2009\\\/#listItem\",\"name\":\"TRISC 2009\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/#organization\",\"name\":\"Web Admin Blog\",\"description\":\"Real Web Admins.  Real World Experience.\",\"url\":\"https:\\\/\\\/www.webadminblog.com\\\/\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/author\\\/jsokol\\\/#author\",\"url\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/author\\\/jsokol\\\/\",\"name\":\"Josh\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2009\\\/03\\\/24\\\/security-policy-architecture-how-to-fix-your-current-disaster\\\/#authorImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/17951f69795527f90a4e9cb75ad6c9b3?s=96&d=identicon&r=pg\",\"width\":96,\"height\":96,\"caption\":\"Josh\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2009\\\/03\\\/24\\\/security-policy-architecture-how-to-fix-your-current-disaster\\\/#webpage\",\"url\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2009\\\/03\\\/24\\\/security-policy-architecture-how-to-fix-your-current-disaster\\\/\",\"name\":\"Security Policy Architecture \\u2013 How to fix your current disaster | Web Admin Blog\",\"description\":\"One of the sessions that I attended during the day on the Tuesday of TRISC 2009 was by Doug Landoll from Lantego on \\\"Security Policy Architecture\\\". The presentation was a very good overview of how to put good security policies in place that are easily auditable should that need arise and that are as comprehensive\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2009\\\/03\\\/24\\\/security-policy-architecture-how-to-fix-your-current-disaster\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/author\\\/jsokol\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/author\\\/jsokol\\\/#author\"},\"datePublished\":\"2009-03-24T16:00:38-05:00\",\"dateModified\":\"2009-04-09T11:29:52-05:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/#website\",\"url\":\"https:\\\/\\\/www.webadminblog.com\\\/\",\"name\":\"Web Admin Blog\",\"description\":\"Real Web Admins.  Real World Experience.\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"Security Policy Architecture \u2013 How to fix your current disaster | Web Admin Blog","description":"One of the sessions that I attended during the day on the Tuesday of TRISC 2009 was by Doug Landoll from Lantego on \"Security Policy Architecture\". The presentation was a very good overview of how to put good security policies in place that are easily auditable should that need arise and that are as comprehensive","canonical_url":"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/24\/security-policy-architecture-how-to-fix-your-current-disaster\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/24\/security-policy-architecture-how-to-fix-your-current-disaster\/#article","name":"Security Policy Architecture \u2013 How to fix your current disaster | Web Admin Blog","headline":"Security Policy Architecture &#8211; How to fix your current disaster","author":{"@id":"https:\/\/www.webadminblog.com\/index.php\/author\/jsokol\/#author"},"publisher":{"@id":"https:\/\/www.webadminblog.com\/#organization"},"datePublished":"2009-03-24T16:00:38-05:00","dateModified":"2009-04-09T11:29:52-05:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/24\/security-policy-architecture-how-to-fix-your-current-disaster\/#webpage"},"isPartOf":{"@id":"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/24\/security-policy-architecture-how-to-fix-your-current-disaster\/#webpage"},"articleSection":"TRISC 2009, architecture, policy, Security"},{"@type":"BreadcrumbList","@id":"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/24\/security-policy-architecture-how-to-fix-your-current-disaster\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com#listItem","position":1,"name":"Home","item":"https:\/\/www.webadminblog.com","nextItem":{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/#listItem","name":"Conferences"}},{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/#listItem","position":2,"name":"Conferences","item":"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/","nextItem":{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/texas-regional-infrastructure-security-conference-2009\/#listItem","name":"TRISC 2009"},"previousItem":{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/texas-regional-infrastructure-security-conference-2009\/#listItem","position":3,"name":"TRISC 2009","item":"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/texas-regional-infrastructure-security-conference-2009\/","nextItem":{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/24\/security-policy-architecture-how-to-fix-your-current-disaster\/#listItem","name":"Security Policy Architecture &#8211; How to fix your current disaster"},"previousItem":{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/#listItem","name":"Conferences"}},{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/24\/security-policy-architecture-how-to-fix-your-current-disaster\/#listItem","position":4,"name":"Security Policy Architecture &#8211; How to fix your current disaster","previousItem":{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/texas-regional-infrastructure-security-conference-2009\/#listItem","name":"TRISC 2009"}}]},{"@type":"Organization","@id":"https:\/\/www.webadminblog.com\/#organization","name":"Web Admin Blog","description":"Real Web Admins.  Real World Experience.","url":"https:\/\/www.webadminblog.com\/"},{"@type":"Person","@id":"https:\/\/www.webadminblog.com\/index.php\/author\/jsokol\/#author","url":"https:\/\/www.webadminblog.com\/index.php\/author\/jsokol\/","name":"Josh","image":{"@type":"ImageObject","@id":"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/24\/security-policy-architecture-how-to-fix-your-current-disaster\/#authorImage","url":"https:\/\/secure.gravatar.com\/avatar\/17951f69795527f90a4e9cb75ad6c9b3?s=96&d=identicon&r=pg","width":96,"height":96,"caption":"Josh"}},{"@type":"WebPage","@id":"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/24\/security-policy-architecture-how-to-fix-your-current-disaster\/#webpage","url":"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/24\/security-policy-architecture-how-to-fix-your-current-disaster\/","name":"Security Policy Architecture \u2013 How to fix your current disaster | Web Admin Blog","description":"One of the sessions that I attended during the day on the Tuesday of TRISC 2009 was by Doug Landoll from Lantego on \"Security Policy Architecture\". The presentation was a very good overview of how to put good security policies in place that are easily auditable should that need arise and that are as comprehensive","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/www.webadminblog.com\/#website"},"breadcrumb":{"@id":"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/24\/security-policy-architecture-how-to-fix-your-current-disaster\/#breadcrumblist"},"author":{"@id":"https:\/\/www.webadminblog.com\/index.php\/author\/jsokol\/#author"},"creator":{"@id":"https:\/\/www.webadminblog.com\/index.php\/author\/jsokol\/#author"},"datePublished":"2009-03-24T16:00:38-05:00","dateModified":"2009-04-09T11:29:52-05:00"},{"@type":"WebSite","@id":"https:\/\/www.webadminblog.com\/#website","url":"https:\/\/www.webadminblog.com\/","name":"Web Admin Blog","description":"Real Web Admins.  Real World Experience.","inLanguage":"en-US","publisher":{"@id":"https:\/\/www.webadminblog.com\/#organization"}}]},"og:locale":"en_US","og:site_name":"Web Admin Blog | Real Web Admins.  Real World Experience.","og:type":"article","og:title":"Security Policy Architecture \u2013 How to fix your current disaster | Web Admin Blog","og:description":"One of the sessions that I attended during the day on the Tuesday of TRISC 2009 was by Doug Landoll from Lantego on &quot;Security Policy Architecture&quot;. The presentation was a very good overview of how to put good security policies in place that are easily auditable should that need arise and that are as comprehensive","og:url":"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/24\/security-policy-architecture-how-to-fix-your-current-disaster\/","article:published_time":"2009-03-24T21:00:38+00:00","article:modified_time":"2009-04-09T16:29:52+00:00","twitter:card":"summary_large_image","twitter:title":"Security Policy Architecture \u2013 How to fix your current disaster | Web Admin Blog","twitter:description":"One of the sessions that I attended during the day on the Tuesday of TRISC 2009 was by Doug Landoll from Lantego on &quot;Security Policy Architecture&quot;. The presentation was a very good overview of how to put good security policies in place that are easily auditable should that need arise and that are as comprehensive"},"aioseo_meta_data":{"post_id":"216","title":null,"description":null,"keywords":null,"keyphrases":null,"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":null,"og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":null,"robots_max_videopreview":null,"robots_max_imagepreview":"large","priority":null,"frequency":null,"local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":null,"created":"2025-01-03 22:52:37","updated":"2025-07-17 07:12:36","seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/www.webadminblog.com\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/\" title=\"Conferences\">Conferences<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/texas-regional-infrastructure-security-conference-2009\/\" title=\"TRISC 2009\">TRISC 2009<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tSecurity Policy Architecture \u2013 How to fix your current disaster\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/www.webadminblog.com"},{"label":"Conferences","link":"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/"},{"label":"TRISC 2009","link":"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/texas-regional-infrastructure-security-conference-2009\/"},{"label":"Security Policy Architecture &#8211; How to fix your current disaster","link":"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/24\/security-policy-architecture-how-to-fix-your-current-disaster\/"}],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pfI0c-3u","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/216","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/comments?post=216"}],"version-history":[{"count":1,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/216\/revisions"}],"predecessor-version":[{"id":217,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/216\/revisions\/217"}],"wp:attachment":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/media?parent=216"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/categories?post=216"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/tags?post=216"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}