Educause Security Discussion mailing list archives
Re: Sample Policies
From: James H Moore <jhmfa () RIT EDU>
Date: Tue, 27 Jun 2006 10:35:22 -0400
We have standards mandated by a higher level policy. The standards are at: http://security.rit.edu/standards/ (and I will be submitting them to Educause) Our actual high level policy is at: http://www.rit.edu/~620www/Manual/sectionC/C81.html We do standards because we learned from our governance structure that they wanted to set the general direction, but leave the details to a parallel structure with campus wide representation. One other thing that we do is produce "Plain English Guides" that are intended to capture the spirit of the standard but are easily read, contain examples, etc. We can then say to people that they can read it in 10 minutes and understand 80% of what is in the standards. They are listed with the standards at the link above. Jim - - - - Jim Moore, CISSP, IAM Information Security Officer Rochester Institute of Technology 13 Lomb Memorial Drive Rochester, NY 14623-5603 (585) 475-5406 (office) (585) 475-4122 (lab) (585) 475-7950 (fax) "We will have a chance when we are as efficient at communicating information security best practices, as hackers and criminals are at sharing attack information" - Peter Presidio -----Original Message----- From: Colleen Keller [mailto:ckeller () EDUCAUSE EDU] Sent: Tuesday, June 27, 2006 10:11 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Sample Policies Hi Charlie If EDUCAUSE has any sample policies specific to your topics below, they would be here, under Security Policies. http://www.educause.edu/SecurityPolicies/645?Parent_ID=117 Colleen Keller EDUCAUSE -----Original Message----- From: Charles L. Bombard [mailto:BombardC () CCV EDU] Sent: Monday, June 26, 2006 11:39 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Sample Policies I was wondering if there is anyone out there who is able/willing to share some of your written security policies. In particular I am looking for policies on: -Event logging (both windows and Linux). -Use of file/disk encryption. -System hardening. -Charlie ========================================== Charles Bombard LAN/Systems Administrator Community College of Vermont 119 Pearl Street Burlington, VT 05401 802.657.4234 bombardc () ccv edu PRIVACY & CONFIDENTIALITY NOTICE: This message is for the designated recipient only and may contain privileged, confidential, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of an email received in error is prohibited.
Current thread:
- Sample Policies Charles L. Bombard (Jun 26)
- <Possible follow-ups>
- Re: Sample Policies Cheek, Leigh (Jun 26)
- Re: Sample Policies Charles L. Bombard (Jun 26)
- Re: Sample Policies Charles L. Bombard (Jun 26)
- Re: Sample Policies Brad Judy (Jun 26)
- Re: Sample Policies Joe Barron (Jun 26)
- Re: Sample Policies Colleen Keller (Jun 27)
- Re: Sample Policies Jeff McCabe (Jun 27)
- Re: Sample Policies James H Moore (Jun 27)