Security is often referred to as an overlay to a network topology. While security methods provide protection for access and infrastructure, these methods should be the result of a carefully defined security policy. An effective security policy integrates well-known protection methods into a network in a way that meets both security standards and the goals of the entity being secured.
An information security policy builds the foundation for a secure network, but it must be seen as valuable to an entity. The selling point for a security policy is showing how it maps to key business drivers.
Read the rest of this article on Network Computing.