Security Basics mailing list archives

RE: How to design Security Policies

From: "Jayson Agagnier" <jagagnier () nvidia com>
Date: Thu, 27 Sep 2007 10:36:08 -0700

There are many sites that have such policies, but it depends on what
type of business you are in.

Some good points of reference are:

www.isaca.org
www.sans.org/resources/policies
www.iso.ch
http://www.arma.org/imj/index.cfm
http://www.gao.gov/
http://www.tbs.sct.gc.ca/pubs_pol/ciopubs/TB_IT/siglist_e.asp
http://www.information-security-policies-and-standards.com/

Don't forget to include a scope of audience and outline who are the
information owners, information custodians and information users, along
with classification & labeling suitable for your business sector.

In order to keep things easy for your business absorb and support, keep
policies simple and high level, issue IT specific directives that will
tell IT staff how they have to do what they need to do.  Here's a copy
of the policy/directive framework we use.

A good reference book to have for outlining roles and responsibilities
is 'Information Security Roles & Responsibilities Made Easy' published
by PentaSafe.

Good luck!

Regards,

Jayson Agagnier, CISSP
NVIDIA Corporation

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of AntiVirusEngineer () Gmail com
Sent: Thursday, September 27, 2007 09:25
To: security-basics () securityfocus com
Subject: How to design Security Policies

Dear All,

We are in process of designing the security policies for entire
organization. 

Please recommend me where can I find more information about this,what
are the things to be considered while designing the policies. 



Recommend me Books / Standards and Docs.



Thanks in Advance.

AntiVirusEngineer () gmail com




-----------------------------------------------------------------------------------
This email message is for the sole use of the intended recipient(s) and may contain
confidential information.  Any unauthorized review, use, disclosure or distribution
is prohibited.  If you are not the intended recipient, please contact the sender by
reply email and destroy all copies of the original message.
-----------------------------------------------------------------------------------

Attachment: PolicyFramework.pdf
Description: PolicyFramework.pdf

Current thread:

How to design Security Policies AntiVirusEngineer (Sep 27)
- RE: How to design Security Policies Jayson Agagnier (Sep 27)
- <Possible follow-ups>
- Re: RE: How to design Security Policies rohnskii (Sep 27)