Re: Writing Security Policies

["kawaii" <trunks () stackers org>]

From: "Al Cook" <cookas () msn com>
Sent: Monday, September 08, 2003 08:20


> I'm doing some work on security policies and effectively have to write one
> from scratch for a company.  Are there any good resource out there that
> anyone can recommend. I have seen books that can be bought with 1000's of
> templates and mission statement etc, are these worth the money? The
company
> is based in  the UK, will templates written for US based companies be
> acceptable (with some amendments) s or should I be looking for ones geared
> to the UK only?  Any help appreciated.

In my opinion (and in practice), I've gone with templates unique to the
locale. I've found that while you can make generalizations about applicable
laws, etc, it is better when it references things that is common to the
locale.

> Thanks, Al

In general though, I haven't found much use from templates. I usually take
the tack of compiling the necessary components to be protected and then
writing the policy around those, with consultation with the appropriate
legal sources about what we can and can't say. As always, YMMV.

Ever lovable and always scrappy,
kawaii


---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------