Security Basics mailing list archives

RE: How to distribute corporate policies

From: "Robert D. Holtz - Lists" <robert.d.holtz () gmail com>
Date: Fri, 13 Oct 2006 15:52:39 -0500

Make sure you have the blessings of HR and you have let your attorneys
stretch their suspenders.  

If you don't make the person sign something indicating that they have read
and understand the procedures and policies set forth in the document that
they have just read then you're just wasting your time.

If someone violates a policy and there is no proof that they knew about the
policy then you don't have much of a case.  You don't stand much of a chance
of going after them legally.  Sure, you can still fire them for whatever
reason, but the damage is already done if it has set the company back
fiscally.

HR should be the group to do the actual distribution.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Nick Duda
Sent: Thursday, October 12, 2006 11:59 AM
To: security-basics () securityfocus com
Subject: How to distribute corporate policies


I'm curious as to how other corporations distribute its InfoSec policies
to its employees. A task I will be faced with soon is distributing
(making known) corporate policies such as Acceptable Use, Password,
AntiVirus....etc. For them to abide by policy they need to know about
them. Should they also sign them? That would be a lot of paper, or
should they just be placed on an intranet type of setup to view.

If that's the case (intranet) what are methods of announcing them and
future new policies as they are written, email? I'm looking for opinions
and how others do this.
Regards,
Nick



---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

How to distribute corporate policies Nick Duda (Oct 13)
- RE: How to distribute corporate policies Robert D. Holtz - Lists (Oct 15)
- RE: How to distribute corporate policies {Scanned} Josh Redmond (Oct 15)
- <Possible follow-ups>
- Re: How to distribute corporate policies krymson (Oct 13)
- RE: How to distribute corporate policies Hagen, Eric (Oct 15)
- RE: How to distribute corporate policies Dickman, Jeff (Oct 15)