Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Writing a comprehensive Network Policy

From: "Dixon, Wayne" <wcdixo () aurora lib il us>
Date: Wed, 23 Aug 2006 13:09:02 -0500
Chris,

Actually keeping to a 3 - 5 page policy length might possibly prohibit
the needs of the company, I wouldn't put any limitation on it.
Additionally, With the architecture, remember that it this is only
supposed to be a guideline, and not an end all be all... Example... Bad:
All routers should be Cisco 3800 with etc.... Better: All routers should
have the ability to provide full control over traffic limitation through
the use of access-lists....

Remember it's a non-technical document, that all users should be able to
understand.  

Additional items to possibly add are, actions to be taken when violating
the policy, possible steps to be taken against an employee for violation
of the policy...

Wayne
 


-----Original Message-----
From: Chris Hammer [mailto:CHammer () fcbnm com] 
Sent: Wednesday, August 23, 2006 9:55 AM
To: security-basics () securityfocus com
Subject: Writing a comprehensive Network Policy


  Hello,
 
 I am currently writing a network policy for our business. I am having
trouble figuring out exactly what I should put into it while meeting
these requirements:
 
1.) Should be a policy and not a procedure
 
2.) Keep the standard 3-5 page policy length
 
3.) Policy should cover network architecture including: routers,
switches, hubs, firewalls, etc....
 
Any examples or a general idea of where to start would be appreciated!
 
Cheers,
CH


------------------------------------------------------------------------
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence 
in Information Security. Our program offers unparalleled Infosec
management 
education and the case study affords you unmatched consulting
experience. 
Using interactive e-Learning technology, you can earn this esteemed
degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: