Educause Security Discussion mailing list archives
Re: Best practice: IT polices and standards
From: "Dr. Wole Akpose" <wole.akpose () MORGAN EDU>
Date: Sun, 3 Oct 2010 09:37:37 -0400
I noticed you did not ask specifically for IT Security policy. We developed a policy and procedure for handling policy, standards etc development. Here’s the link to the document http://www.morgan.edu/Documents/Information%20Technology/OSCPolicies-Approved.pdf We are currently working on an update to our security policy to address current realities. I can send you a copy of the draft of that document if you wish. Wole Akpose From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Hugh Burley Sent: Thursday, September 30, 2010 5:53 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Best practice: IT polices and standards We are required to comply with an institutional Policy Development and Approval Policy. http://www.tru.ca/__shared/assets/policydevelopmentapproval6000.pdf which is quite cumbersome. This has lead me to develop standards rather than policy for the majority of the University's Information Security controls. Overall, the standards development and ratification process is much simpler, less time consuming and the resulting information is more accessible. http://www.tru.ca/its/infosecurity/Standards.html The key was developing a Board level Information Security program policy http://www.tru.ca/__shared/assets/brd16-115788.pdf that mandates adherence to procedures set by the CIO within a governance structure presented by the Information Security Committee. Regards, Hugh Burley Thompson Rivers University ITS - Senior Technology Coordinator Information Security Officer BCCOL - 222D 250-852-6351
Nick Recchia <nprecchia () USFCA EDU> 9/30/2010 11:10 AM >>>
Hello Folks, My department is currently planning to revamp our IT Policies. We lack consistency and I am striving to create a cohesive and uniform style for all IT polices and standards (current and new). There are varying ways University IT Policies are configured and structured - some very detailed and others not - I was wondering if any of you have a Policy template you find successful and would be willing to share your template. Further, perhaps you'd also be willing to share your interpretation of why you find your format success? I am currently considering to appropriate Cornell University's style, but some aspects may be beyond our departmental abilities - note, we do not have a University Policy Office. Please feel free to contact me direct. Thank you for your time. Sincerely, Nick -- Nicholas Recchia Security Administrator ITS - Security Services <http://infosec.usfca.edu> infosec.usfca.edu
Current thread:
- Re: Best practice: IT polices and standards Dr. Wole Akpose (Oct 03)