RE: Building a Company Computer Use/Security Policy

["dave kleiman" <dave () isecureu com>]

Samuel,

Here are a few places to get you started.  You might want to join the
security-management () securityfocus com mailing group, since policy and
procedures is the exact topic covered there.

http://www.sans.org/rr/whitepapers/policyissues/

http://www.sans.org/resources/policies/

http://www.securitydocs.com/Security_Policies/Sample_Policies


Regards,

____________________________________________
Dave Kleiman, CISSP, ISSMP, CISM, CIFI, MCSE

www.SecurityBreachResponse.com


-----Original Message-----
From: Samuel S. Kempf [mailto:samk () rjpromotions com]
Sent: Sunday, January 16, 2005 19:33
To: security-basics () securityfocus com
Subject: Building a Company Computer Use/Security Policy

I've recently taken over the position of I.T. Director for a mid-sized
company that has no IT policy of any sort currently in place, aside from a
vague mention in the no compete agreement about not giving proprietary data
to other companies. One of my prime initiatives at the moment is to
implement such a policy, something I've never been responsible for before.
Can anyone point me to sites/articles on how to do this? Or, better yet,
does anyone know of such a policy available online that I could use as a
basis for my company? Any suggestions are most welcome.

Samuel S. Kempf