Educause Security Discussion mailing list archives
Institutional Security Policies
From: Ced Bennett <Ced.Bennett () STANFORD EDU>
Date: Mon, 26 Aug 2002 06:25:52 -0700
Colleagues: I'm (very early) in the process of re-writing Stanford's institutional information security policies. Of course, I've been looking at colleague institution web sites searching for different approaches to the challenge. I've now got a couple of questions - one at each end of the spectrum - regarding an approach. I'm looking for an overarching statement of information security from which everything else derives. I would be the "motherhood and apple pie" portion of the policies and would contain some basic principles that most would agree with as well. Do any of you have such statements that you're willing to share (or can you point me at the web page that already contains such statements? At the other end of the spectrum, at what point do you continue to write policies (or standards and practices) that are specific and detailed (which protocols are ok and not, what are required practices, etc) and where do you publish those. And how much institutional policy-writing process do you require for those more specific policies. Almost all of us publish a Usage Policy which seems to be aimed primarily at individual users of the network and computers. But where do you put the details about how large, institutional systems must behave (I can easily imagine that these rules are not published to the world via the www). I'm posting this question to both the security list and the CPL list. My apologies to those of you who use both. Thank you, Ced Bennett ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Cedric Bennett Ph: 650/723-0728 Fax: 650/723-2011 Director of Information Security Services Information Technology Systems & Services Stanford University Polya Hall, Room 103 255 Panama Street Stanford, CA 94305-3055 Ced.Bennett () Stanford edu ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- Institutional Security Policies Ced Bennett (Aug 26)
- <Possible follow-ups>
- Re: Institutional Security Policies Gene Spafford (Aug 26)
- Re: Institutional Security Policies Jere Retzer (Aug 26)
- Re: Institutional Security Policies Doug Dunwoody (Aug 26)
- Re: Institutional Security Policies Gene Spafford (Aug 26)
- Re: Institutional Security Policies Bruhn, Mark S. (Aug 26)
- Re: Institutional Security Policies Jere Retzer (Aug 26)
- Re: Institutional Security Policies Gene Spafford (Aug 26)
- Re: Institutional Security Policies Jere Retzer (Aug 26)
- Re: Institutional Security Policies Alex Campoe (Aug 26)
- Institutional Security Policies Ced Bennett (Aug 28)