Secure Data Transfer Policy

[ganglyone () gmail com]

Hello list,

I've been tasked with writing a secure data transfer policy for a company without policies (or at least just starting 
to write them).  I'm looking for a bit of direction on how to write a security policy specifically for data transfer.  
Hoping to keep it generic enough to be usable, but still have some actual requirements.  I'm focusing mostly on the 
transfer of data with vendors/clients/partners through secure ftp, SSL over http, and other possible direct host to 
host communications.  At this time I'm going to be avoiding email, as I don't have the cash to put the controls into 
place to do this securely.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------