RE: Need help with security policies.

["Paul Marsh" <pmarsh () nmefdn org>]

SANS is a great resource http://www.sans.org/resources/policies/

Thanx, Paul

-----Original Message-----
From: Gettin Phunky [mailto:phunkodelic () gmail com]
Sent: Tuesday, October 11, 2005 8:20 PM
To: security-basics () securityfocus com
Subject: Need help with security policies.

I work for a mid size company with about 500 employees and run a network
of 200+ nodes.  I have thus far written a "general usage policy" for all
my users.  It entails general network usage, email usage, hacking stuff
(software, systems, hardware), and there general IT rights.  It was
written in terms of protecting the company form legal issues and to
inform the user of their system rights and what will happen should those
rights be violated.  It was reviewed and signed off on by managment.
Now all employees who start employement read it and sign it stating they
have read and understand it.

With that being said I am looking at writing general polices for the
company and was wondering where to start.  What type of polices, what
framework (document template), and content should be included.  Is what
I have done already enough?  I don't want to go too deep as we are only
a medium size company with an IT department of three people, but at the
same time I feel we are lacking something

Any advice would be greatly appreciated

Thanks!



The information in this transmittal (including attachments, if any) is privileged and confidential and is intended only 
for the recipient(s) listed above. Any review, use, disclosure, distribution or copying of this transmittal is 
prohibited except by or on behalf of the intended recipient. If you have received this transmittal in error, please 
notify me immediately by reply email and destroy all copies of the transmittal. Thank you.