Security Basics mailing list archives
RE: How to design Security Policies
From: "Jayson Agagnier" <jagagnier () nvidia com>
Date: Thu, 27 Sep 2007 10:36:08 -0700
There are many sites that have such policies, but it depends on what type of business you are in. Some good points of reference are: www.isaca.org www.sans.org/resources/policies www.iso.ch http://www.arma.org/imj/index.cfm http://www.gao.gov/ http://www.tbs.sct.gc.ca/pubs_pol/ciopubs/TB_IT/siglist_e.asp http://www.information-security-policies-and-standards.com/ Don't forget to include a scope of audience and outline who are the information owners, information custodians and information users, along with classification & labeling suitable for your business sector. In order to keep things easy for your business absorb and support, keep policies simple and high level, issue IT specific directives that will tell IT staff how they have to do what they need to do. Here's a copy of the policy/directive framework we use. A good reference book to have for outlining roles and responsibilities is 'Information Security Roles & Responsibilities Made Easy' published by PentaSafe. Good luck! Regards, Jayson Agagnier, CISSP NVIDIA Corporation -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of AntiVirusEngineer () Gmail com Sent: Thursday, September 27, 2007 09:25 To: security-basics () securityfocus com Subject: How to design Security Policies Dear All, We are in process of designing the security policies for entire organization. Please recommend me where can I find more information about this,what are the things to be considered while designing the policies. Recommend me Books / Standards and Docs. Thanks in Advance. AntiVirusEngineer () gmail com ----------------------------------------------------------------------------------- This email message is for the sole use of the intended recipient(s) and may contain confidential information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. -----------------------------------------------------------------------------------
Attachment:
PolicyFramework.pdf
Description: PolicyFramework.pdf
Current thread:
- How to design Security Policies AntiVirusEngineer (Sep 27)
- RE: How to design Security Policies Jayson Agagnier (Sep 27)
- <Possible follow-ups>
- Re: RE: How to design Security Policies rohnskii (Sep 27)