Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Where to find a example security policy?

From: Tommy Ward <tommy () securify com>
Date: Fri, 22 Sep 2000 17:53:02 -0700
It is a little dated now, but one good reference is provided by NIST, thanks to
us taxpayers.

http://csrc.nist.gov/isptg/

This does address some of the initial risk assessment which Maddy mentioned,
which is of course a reasonable thing to do if you want to produce policy
which is useful for guiding your security program.  If on the other hand, you
just want to produce a nice document which so you can show the auditors
that you have a policy, the fastest way to do it is to either buy a
commercial template, or to use RFC 2196.

Good luck.....Tommy


At 11:40 PM 9/21/2000 +0800, Maddy wrote:

I have not gone through the recommendations that you guys put up but I
am just wondering if there should be a prior phase of security risk
analysis and assessment before the sample security policy is even looked
at.


*******************************************************************************
Tommy Ward V.P. eServices Fulfillment 
650-812-9400 x4120                               tommy () securify com

                              <http://www.securify.com>


_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: