Security Basics mailing list archives
RE: Security Policy-Please help
From: Jaymz Ringler <adminjaymz () sperrytv com>
Date: 06 Aug 2003 13:57:17 -0500
I've been writing custom security policies and have done lots of research on the internet about it. I'v also reviewed lots of company policies which are currently in place. In my mind, the first thing to do of course is convince management that they need a policy. This is the easiest step. Every business owner/exec will jump at the opportunity to gain control over their company. Especially if it's going to reduce risk, and save money due to lost production time of employees and cut down on IT staff expenditures. When beginning to write the policy, the first thing I start with is defining the company's assets. This kind of makes the rest fall into place. Bandwidth, computers, servers, routers, software, user accounts, domain name space, reputation (for email server relay and spam lists), customer data/info, employee data/info, share holder info/data. etc. etc. These things will all be defined and should have their own place within the policy and what measures are going to be taken to protect them. They should also be given a rank of privacy. from publicly obtained information to top secret. Implemeting a written policy is a big nasty monster. Writing one is even worse. Good Luck. Almost forgot. "The Art of Decption" by Kevin Mitnick has a very good write up in the back of the book about building written security policies... --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Security Policy-Please help Kampanellis Ioannis (Aug 06)
- RE: Security Policy-Please help Kenneth W. Kubiak (Aug 06)
- Re: Security Policy-Please help Bennett Todd (Aug 06)
- Re: Security Policy-Please help J. Lambrecht (Aug 07)
- <Possible follow-ups>
- RE: Security Policy-Please help Jason Armstrong (Aug 06)
- RE: Security Policy-Please help Jaymz Ringler (Aug 06)
- RE: Security Policy-Please help kevin (Aug 12)
- RE: Security Policy-Please help dmwidger (Aug 06)
- RE: Security Policy-Please help Jaymz Ringler (Aug 06)