Re: Building a Company Computer Use/Security Policy

[Daniel Marques <dancmarques () gmail com>]

Friends,

I was reading an article this weekend, and there's something that Ii
would like to share with you...

It was about the 7799 and the COBIT, who's the best choice.

I think that both are great. So, a good practice is: study 7799 AND
COBIT, then apply the study's results.

I believe we can use this practice in our topic... And not forgetting
that Security Policies must be Business focused, so different
companies means different policies!

That's all folks!

--Dan


On Wed, 19 Jan 2005 18:14:32 -0000, James McGee <james () infosec co im> wrote:
> There is a very good checklist for 7799 on SANS, which is basically the
> standard...
>
> Or, try COBIT, some useful stuff there too
>
> -----Original Message-----
> From: Danux [mailto:danuxx () gmail com]
> Sent: 19 January 2005 00:09
> To: security-basics () securityfocus com
> Subject: Re: Building a Company Computer Use/Security Policy
>
> Hi list, you know, im trying to implement some kind of security issues on my
> network but i would like to consult BS7799 or ISO17799 but as you know we
> have to pay for it.
> So... Do you know where can i download a versión of these documents without
> paying? No matter if they are older version, you know is only for
> educational purposes.
>
> Thankxs
>
> On Tue, 18 Jan 2005 13:58:00 -0200, Daniel Marques <dancmarques () gmail com>
> wrote:
> > Samuel,
> >
> > The Sams Reading Room (sans.org/rr) has a lot of good stuff. I have a
> > very nice article here, but it's in portuguese.
> >
> > I can translate and send it, if you want to...
> >
> > -- Daniel
> >
> > On Mon, 17 Jan 2005 13:31:32 -0500, Glenn Sieb <ges () wingfoot org> wrote:
> > > Samuel S. Kempf said the following on 1/16/2005 7:33 PM:
> > >
> > > > I've recently taken over the position of I.T. Director for a
> > > > mid-sized company that has no IT policy of any sort currently in
> > > > place, aside from a vague mention in the no compete agreement
> > > > about not giving proprietary data to other companies. One of my
> > > > prime initiatives at the moment is to implement such a policy,
> > > > something I've never been responsible for before. Can anyone point
> > > > me to sites/articles on how to do this? Or, better yet, does
> > > > anyone know of such a policy available online that I could use as
> > > > a basis for my company? Any suggestions are most welcome.
> > >
> > > Might I suggest a copy of Tom Limconcelli & Christine Hogan's <A
> > > HREF="http://www.amazon.com/exec/obidos/asin/0201702711/wingfoot-20";
> > > TARGET="_blank">The Practice of System and Network
> > > Administration</A>--he covers creating security policies and such.
> > >
> > > It's an amazing reference book--it's been on my shelf since it was
> > > published! :)
> > >
> > > Best,
> > > --Glenn
> > >
> > > --
> > > "They that can give up essential liberty to obtain a little
> > > temporary safety deserve neither liberty nor safety."
> > >          ~Benjamin Franklin, Historical Review of Pennsylvania, 1759
>
> --
> Danux