RE: Security policies - few questions!

["David A. Coursey" <dave () rootsec net>]

|-----Original Message-----
|From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
|On Behalf Of Faheem SIDDIQUI
|Sent: Saturday, December 02, 2006 12:24 AM
|To: security-basics () securityfocus com
|Subject: Security policies - few questions!
|
|Hi guys...
|
|So what are the enforcements/punishments usually written down in IS
|Security policy or Acceptable Usage Policy, for non-compliance to it's
|clauses. I mean, termination is  a bit far fetched. I am looking for
|something more on the monetary/ denial of IT services, front.
|
|...Also..what are the best practices in e-mail retention? In exchange
|*tsk* environment, it's quite impossible to save emails of about 2000
|users on central server with regular backups. If user workstation
|crashes, the mail goes too.The best IT Helpdesk can do is re-ghost
|image. What else can be done apart from setting 'store mail on the
|server' for top executives?
|


We do both of the things that you say are not possible where I work.

Recently, someone was terminated for finding confidential documents and
storing them in a hidden directory on their workstation.  We are nowhere
near the level of the drug industry but we do have a little industrial
espionage going on that we need to protect ourselves from.

Also, we have about 1500 users and we store all email on the server.  SAN
space is MUCH cheaper than lost work and my time to recover data.  Then
there is regulatory compliance to think of... sigh.

Attachment: smime.p7s
Description: