RE: Need help with security policies.

["Dean De Beer" <ddb () plazacollege edu>]

You might want to check out the sample policies on the SANS website.
http://www.sans.org/resources/policies/


-----Original Message-----
From: Gettin Phunky [mailto:phunkodelic () gmail com] 
Sent: Tuesday, October 11, 2005 8:20 PM
To: security-basics () securityfocus com
Subject: Need help with security policies.


I work for a mid size company with about 500 employees and run a network of
200+ nodes.  I have thus far written a "general usage policy" for all my
users.  It entails general network usage, email usage, hacking stuff
(software, systems, hardware), and there general IT rights.  It was written
in terms of protecting the company form legal issues and to inform the user
of their system rights and what will happen should those rights be violated.
It was reviewed and signed off on by managment.  Now all employees who start
employement read it and sign it stating they have read and understand it.

With that being said I am looking at writing general polices for the company
and was wondering where to start.  What type of polices, what framework
(document template), and content should be included.  Is what I have done
already enough?  I don't want to go too deep as we are only a medium size
company with an IT department of three people, but at the same time I feel
we are lacking something

Any advice would be greatly appreciated

Thanks!