Security Basics mailing list archives
RE: Security policies - few questions!
From: "David A. Coursey" <dave () rootsec net>
Date: Tue, 5 Dec 2006 07:19:16 -0500
|-----Original Message----- |From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] |On Behalf Of Faheem SIDDIQUI |Sent: Saturday, December 02, 2006 12:24 AM |To: security-basics () securityfocus com |Subject: Security policies - few questions! | |Hi guys... | |So what are the enforcements/punishments usually written down in IS |Security policy or Acceptable Usage Policy, for non-compliance to it's |clauses. I mean, termination is a bit far fetched. I am looking for |something more on the monetary/ denial of IT services, front. | |...Also..what are the best practices in e-mail retention? In exchange |*tsk* environment, it's quite impossible to save emails of about 2000 |users on central server with regular backups. If user workstation |crashes, the mail goes too.The best IT Helpdesk can do is re-ghost |image. What else can be done apart from setting 'store mail on the |server' for top executives? | We do both of the things that you say are not possible where I work. Recently, someone was terminated for finding confidential documents and storing them in a hidden directory on their workstation. We are nowhere near the level of the drug industry but we do have a little industrial espionage going on that we need to protect ourselves from. Also, we have about 1500 users and we store all email on the server. SAN space is MUCH cheaper than lost work and my time to recover data. Then there is regulatory compliance to think of... sigh.
Attachment:
smime.p7s
Description:
Current thread:
- Auditing XP event security logs Gary Collis (Dec 01)
- RE: Auditing XP event security logs Ramki B (Dec 04)
- RE: Auditing XP event security logs Patrick Wade (Dec 04)
- Security policies - few questions! Faheem SIDDIQUI (Dec 04)
- RE: Security policies - few questions! Greg Jones (Dec 06)
- RE: Security policies - few questions! David A. Coursey (Dec 06)
- Re: Auditing XP event security logs Rob Creely (Dec 04)
- Re: Auditing XP event security logs Jon Wallace (Dec 04)
- <Possible follow-ups>
- Re: Auditing XP event security logs jws226 (Dec 04)
- RE: Auditing XP event security logs Kevin Taylor (Dec 04)