Writing Information Security Policies
Marcus Ranum, father of the firewall, defines a firewall as “the implementation of your Internet security policy”. Ranum states that if you haven’t got a security policy, you haven’t got a firewall. Instead, you’ve got a thing that’s sort of doing something, but you don’t know what it’s trying to do because no one has told you what it should do. Ranum’s observation is supported by the fact that while computer security is not so new, the publication of Writing Information Security Policies didn’t happen until late 2001.