Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Writing a comprehensive Network Policy

From: "Greg Merideth" <gmerideth () uclnj com>
Date: Thu, 24 Aug 2006 12:43:53 -0400
We used the SANS templates, merging together the separate items into one
large policy.  The lawyers added clearer statements where anything was
considered ambiguous and then finally reviewed by the IT/legal group
before distributing.

Items were added to make the end users have a greater level of
responsibility in their day to day computer operations.  Users could be
made to pay the company back for time in certain circumstance where
spyware or viruses infected their machines.  Out of 40 instances of
spyware infection, two were found to be user-faults (by clicking yes to
install those damm smiley faces for Outlook) and the users were fined by
the company.

-----Original Message-----
From: Cort Boecking [mailto:cort.boecking () lottery ok gov] 
Sent: Wednesday, August 23, 2006 1:45 PM
To: Chris Hammer; security-basics () securityfocus com
Subject: RE: Writing a comprehensive Network Policy

Try out these policy templates and see if they help at all:

http://www.sans.org/resources/policies/ 

-----Original Message-----
From: Chris Hammer [mailto:CHammer () fcbnm com]
Sent: Wednesday, August 23, 2006 9:55 AM
To: security-basics () securityfocus com
Subject: Writing a comprehensive Network Policy

  Hello,
 
 I am currently writing a network policy for our business. I am having
trouble figuring out exactly what I should put into it while meeting
these requirements:
 
1.) Should be a policy and not a procedure
 
2.) Keep the standard 3-5 page policy length
 
3.) Policy should cover network architecture including: routers,
switches, hubs, firewalls, etc....
 
Any examples or a general idea of where to start would be appreciated!
 
Cheers,
CH


------------------------------------------------------------------------
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has
designated Norwich University a center of Academic Excellence in
Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting
experience. 
Using interactive e-Learning technology, you can earn this esteemed
degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


------------------------------------------------------------------------
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has
designated Norwich University a center of Academic Excellence in
Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting
experience. 
Using interactive e-Learning technology, you can earn this esteemed
degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: