Security Basics mailing list archives
RE: Writing a comprehensive Network Policy
From: "Greg Merideth" <gmerideth () uclnj com>
Date: Thu, 24 Aug 2006 12:43:53 -0400
We used the SANS templates, merging together the separate items into one large policy. The lawyers added clearer statements where anything was considered ambiguous and then finally reviewed by the IT/legal group before distributing. Items were added to make the end users have a greater level of responsibility in their day to day computer operations. Users could be made to pay the company back for time in certain circumstance where spyware or viruses infected their machines. Out of 40 instances of spyware infection, two were found to be user-faults (by clicking yes to install those damm smiley faces for Outlook) and the users were fined by the company. -----Original Message----- From: Cort Boecking [mailto:cort.boecking () lottery ok gov] Sent: Wednesday, August 23, 2006 1:45 PM To: Chris Hammer; security-basics () securityfocus com Subject: RE: Writing a comprehensive Network Policy Try out these policy templates and see if they help at all: http://www.sans.org/resources/policies/ -----Original Message----- From: Chris Hammer [mailto:CHammer () fcbnm com] Sent: Wednesday, August 23, 2006 9:55 AM To: security-basics () securityfocus com Subject: Writing a comprehensive Network Policy Hello, I am currently writing a network policy for our business. I am having trouble figuring out exactly what I should put into it while meeting these requirements: 1.) Should be a policy and not a procedure 2.) Keep the standard 3-5 page policy length 3.) Policy should cover network architecture including: routers, switches, hubs, firewalls, etc.... Any examples or a general idea of where to start would be appreciated! Cheers, CH ------------------------------------------------------------------------ --- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Writing a comprehensive Network Policy Chris Hammer (Aug 23)
- RE: Writing a comprehensive Network Policy Cort Boecking (Aug 24)
- RE: Writing a comprehensive Network Policy Greg Merideth (Aug 24)
- Re: Writing a comprehensive Network Policy Kurt Buff (Aug 24)
- RE: Writing a comprehensive Network Policy Dixon, Wayne (Aug 24)
- RE: Writing a comprehensive Network Policy Robert D. Holtz - Lists (Aug 24)
- Re: Writing a comprehensive Network Policy Prabhushankar Kumara Barathi (Aug 24)
- Re: Writing a comprehensive Network Policy List Spam (Aug 24)
- Re: Writing a comprehensive Network Policy Alcides (Aug 24)
- RE: Writing a comprehensive Network Policy rolando_ruiz (Aug 25)
- <Possible follow-ups>
- Re: Writing a comprehensive Network Policy revnic (Aug 24)
- RE: Writing a comprehensive Network Policy Cort Boecking (Aug 24)