Security Basics mailing list archives
RE: Writing a comprehensive Network Policy
From: "Dixon, Wayne" <wcdixo () aurora lib il us>
Date: Wed, 23 Aug 2006 13:09:02 -0500
Chris, Actually keeping to a 3 - 5 page policy length might possibly prohibit the needs of the company, I wouldn't put any limitation on it. Additionally, With the architecture, remember that it this is only supposed to be a guideline, and not an end all be all... Example... Bad: All routers should be Cisco 3800 with etc.... Better: All routers should have the ability to provide full control over traffic limitation through the use of access-lists.... Remember it's a non-technical document, that all users should be able to understand. Additional items to possibly add are, actions to be taken when violating the policy, possible steps to be taken against an employee for violation of the policy... Wayne -----Original Message----- From: Chris Hammer [mailto:CHammer () fcbnm com] Sent: Wednesday, August 23, 2006 9:55 AM To: security-basics () securityfocus com Subject: Writing a comprehensive Network Policy Hello, I am currently writing a network policy for our business. I am having trouble figuring out exactly what I should put into it while meeting these requirements: 1.) Should be a policy and not a procedure 2.) Keep the standard 3-5 page policy length 3.) Policy should cover network architecture including: routers, switches, hubs, firewalls, etc.... Any examples or a general idea of where to start would be appreciated! Cheers, CH ------------------------------------------------------------------------ --- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Writing a comprehensive Network Policy Chris Hammer (Aug 23)
- RE: Writing a comprehensive Network Policy Cort Boecking (Aug 24)
- RE: Writing a comprehensive Network Policy Greg Merideth (Aug 24)
- Re: Writing a comprehensive Network Policy Kurt Buff (Aug 24)
- RE: Writing a comprehensive Network Policy Dixon, Wayne (Aug 24)
- RE: Writing a comprehensive Network Policy Robert D. Holtz - Lists (Aug 24)
- Re: Writing a comprehensive Network Policy Prabhushankar Kumara Barathi (Aug 24)
- Re: Writing a comprehensive Network Policy List Spam (Aug 24)
- Re: Writing a comprehensive Network Policy Alcides (Aug 24)
- RE: Writing a comprehensive Network Policy rolando_ruiz (Aug 25)
- <Possible follow-ups>
- Re: Writing a comprehensive Network Policy revnic (Aug 24)
- RE: Writing a comprehensive Network Policy Cort Boecking (Aug 24)