Re: Re Where to find a example security policy?

["Andy W" <jawiggy () rcn com>]

Brian,

Seeing that I am from Massachusetts, I would not have been much fun watching
football or any other sport for that matter ( check the box scores...not a
fun Sunday all around! )

Yes, getting good legal advice is paramount to getting this to fly right.  I
have seen quite a few polices that would not hold water if they ever saw the
light of a court room. Sadly, way to may companies throw together the
polices cheaply, only to have them bite them in the butt later on down the
line.

I will let you know off line in regards to a product that I am very aware of
that helps with the education piece. Basically what it does is when the user
boots up their PC and log onto the network, on a scheduled bases a browser
window opens with an abstract of a policy. The user need to agree or
disagree with the policy in order to gain access to the network. Then that
info is brought back to an encrypted database where it will be stored till
the time it is needed.  There is allot more to it than that but this is more
than likely not the place to go into such a product.

As far as the Overly book is concerned, it is in print and in fact I have a
copy sitting right beside me. You can get it at many on-line book stores
including Barnes & Noble. I have a few of them sitting around the office, so
if you like I more than likely can get my hands on one for you. (Even though
you are from NYC!) ;c )

Best,

Andy


----- Original Message -----
From: "Brian Ford" <brford () cisco com>
To: "Andy W" <jawiggy () rcn com>
Cc: <aturner () vicinity com>; <firewall-wizards () nfr net>
Sent: Monday, September 25, 2000 2:23 PM
Subject: Re: Re [fw-wiz] Where to find a example security policy?


> Andy,
>
> Ahh.  We should have joined forces Sunday.  I had my one kid running
around with 7 cousins of various ages and genders.  I just gave up on doing
anything electronic and watched some Olympics and football (J E T S, Jets,
Jets, Jets!).
> I totally agree with your call for the legal assessment.  It's a
requirement and not a nice to have.  I've seen a couple of dismissals turned
around here in the New York area over the past 12-18 months due to
inadequate legal advice.
> If you already have a (technically) well educated work force in place,
your advice would work well.  Education, continuing and otherwise is vital
to making this work.
> Was the Overly book published recently?  I saw a reference to a book with
a similar title recently (at FatBrain.com) but it had not actually been
published yet.
> And again, you've made an excellent point (i.e. "keep plugging away").
One of the toughest parts of developing a security policy seems to be
getting started.
> Regards,
>
> Brian




_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards