Security Basics mailing list archives
RE: How to distribute corporate policies
From: "Dickman, Jeff" <Jeff.Dickman () sunmed com>
Date: Fri, 13 Oct 2006 15:35:26 -0600
We currently use three steps in releasing policies to our company. 1. Publish to Intranet 2. e-mail distribution to applicable employees 3. physical (and documented) training as necessary for applicable employees The degree of notification depends on how the policy applies to the employees. For example some policies, such as a Firewall policy, employees have no input into this and cannot even change the settings on their software firewalls. They would not even receive notification of this policy. However, IT does have the capability to control this, so all of IT would receive this policy via email and the Network Admins who control the firewall and enterprise management software would sit through a training to ensure they understand the policy. Jeff Dickman GIAC Certified ISO-17799 Specialist NOTE: The views expressed in this message are my own and not necessarily the views of my employer. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Nick Duda Sent: Thursday, October 12, 2006 9:59 AM To: security-basics () securityfocus com Subject: How to distribute corporate policies I'm curious as to how other corporations distribute its InfoSec policies to its employees. A task I will be faced with soon is distributing (making known) corporate policies such as Acceptable Use, Password, AntiVirus....etc. For them to abide by policy they need to know about them. Should they also sign them? That would be a lot of paper, or should they just be placed on an intranet type of setup to view. If that's the case (intranet) what are methods of announcing them and future new policies as they are written, email? I'm looking for opinions and how others do this. Regards, Nick --------------------- Confidentiality note The information in this email and any attachment may contain confidential and proprietary information of VistaPrint and/or its affiliates and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, you are hereby notified that any review, reliance or distribution by others or forwarding without express permission is strictly prohibited and may cause liability. In case you have received this message due to an error in transmission, please notify the sender immediately and delete this email and any attachment from your system. --------------------- ------------------------------------------------------------------------ --- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- How to distribute corporate policies Nick Duda (Oct 13)
- RE: How to distribute corporate policies Robert D. Holtz - Lists (Oct 15)
- RE: How to distribute corporate policies {Scanned} Josh Redmond (Oct 15)
- <Possible follow-ups>
- Re: How to distribute corporate policies krymson (Oct 13)
- RE: How to distribute corporate policies Hagen, Eric (Oct 15)
- RE: How to distribute corporate policies Dickman, Jeff (Oct 15)