PaulDotCom mailing list archives

Re: Security Starts With Policies

From: alec <alec () atomd com>
Date: Tue, 01 Mar 2011 11:19:57 -0500

Try SANS for modular templates:
http://www.sans.org/security-resources/policies/

As we used to say in the desktop publishing world: a good design oftenstarts with copying someone else's good design.


-Alec

On 03/01/2011 09:08 AM, Michael Lubinski wrote:

I realize this is a huge question and most of the times unanswerable.
Building a policy structure for a company, then implementing it from the
ground up, is a huge undertaking and has me a bit overwhelmed. Bit by
bit I guess.

On Tue, Mar 1, 2011 at 7:53 AM, Chesmore, Michael [DAS]
<Michael.Chesmore () iowa gov <mailto:Michael.Chesmore () iowa gov>> wrote:

    Wow, huge question….

    Not sure that this will be all that helpful but there is a pretty
    good book on Security Metrics called “Security Metrics, Replacing
    Fear, Uncertainty and Doubt” by Andrew Jaquith

    I like the ideas in it but liking ideas and implementing them are
    worlds apart sometimes.

    Mike

    *From:*pauldotcom-bounces () mail pauldotcom com
    <mailto:pauldotcom-bounces () mail pauldotcom com>
    [mailto:pauldotcom-bounces () mail pauldotcom com
    <mailto:pauldotcom-bounces () mail pauldotcom com>] *On Behalf Of
    *Michael Lubinski
    *Sent:* Monday, February 28, 2011 2:10 PM
    *To:* Pauldotcom () mail pauldotcom com
    <mailto:Pauldotcom () mail pauldotcom com>
    *Subject:* [Pauldotcom] Security Starts With Policies

    As it stands many think that security starts with solid policies and
    procedures. Every good policy and procedure will have a scope. I am
    in the midst of taking an organization and applying some best
    practices with some audit requirements. How do you scope a project
    that is based on best practices and encompasses everything from
    servers, routers, switches, firewalls, and unused network drops?


    _______________________________________________
    Pauldotcom mailing list
    Pauldotcom () mail pauldotcom com <mailto:Pauldotcom () mail pauldotcom com>
    http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
    Main Web Site: http://pauldotcom.com




_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



--
Alec Brecher
AtomD LLC
office: 802 244-4099
mobile: 802 233-1522
skype: AlecAtAtomD
http://atomd.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

Security Starts With Policies Michael Lubinski (Feb 28)
- Re: Security Starts With Policies Chesmore, Michael [DAS] (Mar 01)
  - Re: Security Starts With Policies Michael Lubinski (Mar 01)
    - Re: Security Starts With Policies alec (Mar 01)
- Re: Security Starts With Policies Sherwyn (Mar 01)
- Re: Security Starts With Policies Chris Keladis (Mar 01)
  - Re: Security Starts With Policies Michael Lubinski (Mar 03)