Educause Security Discussion mailing list archives
Re: FW: process for creating Information security policies and guidelines
From: Matthew Gracie <graciem () CANISIUS EDU>
Date: Mon, 12 Sep 2011 10:05:16 -0400
On 09/12/2011 06:00 AM, Valdis Kletnieks wrote:
Also beware any such flowchart that doesn't result in a policy that includes "We have authorized the use of a baseball bat on recalcitrant users".
As always, listen to Valdis. He speaks wisdom. Actually writing the policies is the easy part; sites like SANS have plenty of samples to draw from, and higher ed in general is open enough to share this sort of thing publicly. Check out some peer institutions, read through their policies, see how they're doing things. While taking one policy is "plagiarism", stealing bits and pieces from everyone counts as "research". The hardest part, by far, is getting buy-in from the upper echelons that need to approve the policies. Make sure you've got that first. -- Matt Gracie (716) 888-8378 Information Security Administrator graciem () canisius edu Canisius College ITS Buffalo, NY http://www2.canisius.edu/~graciem/graciem_public_key.gpg
Current thread:
- FW: process for creating Information security policies and guidelines Mohamed Elhindi (Sep 11)
- Re: FW: process for creating Information security policies and guidelines Barrett, Bruce R. (Sep 11)
- Re: FW: process for creating Information security policies and guidelines James Farr '05 (Sep 12)
- Re: FW: process for creating Information security policies and guidelines Sarazen, Daniel (Sep 12)
- Re: FW: process for creating Information security policies and guidelines James Farr '05 (Sep 12)
- Re: FW: process for creating Information security policies and guidelines Valdis Kletnieks (Sep 12)
- Re: FW: process for creating Information security policies and guidelines Matthew Gracie (Sep 12)
- Re: FW: process for creating Information security policies and guidelines Drew Perry (Sep 12)
- Re: FW: process for creating Information security policies and guidelines Valdis Kletnieks (Sep 12)
- Re: FW: process for creating Information security policies and guidelines A. Harry Williams (Sep 12)
- Re: FW: process for creating Information security policies and guidelines Matthew Gracie (Sep 12)
- Re: FW: process for creating Information security policies and guidelines Barrett, Bruce R. (Sep 11)