Educause Security Discussion mailing list archives
Re: Institutional Security Policies
From: "Bruhn, Mark S." <mbruhn () INDIANA EDU>
Date: Mon, 26 Aug 2002 11:06:18 -0500
Our IT policies have generally the following format. The statement of values of which Spaf speaks is the "policy" portion. Always very short and succinct, and fairly static. The rest (which isn't as static) lays out the way the policy statement is implemented. In our draft security policy, for example, the policy section is very small, but the procedures and definitions sections are very large. DRAFT: (date the policy was issued for comment by the community) SUBJECT: SOURCE: POLICY NO: DATE ISSUED: (date the policy was issued as an approved/accepted policy) RATIONALE: POLICY: DEFINITIONS: PROCEDURES REFERENCES: RESPONSIBLE ORGANIZATION: M. Mark S. Bruhn Chief IT Security and Policy Officer Office of the Vice President for Information Technology and CIO Indiana University 812-855-0326 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- Institutional Security Policies Ced Bennett (Aug 26)
- <Possible follow-ups>
- Re: Institutional Security Policies Gene Spafford (Aug 26)
- Re: Institutional Security Policies Jere Retzer (Aug 26)
- Re: Institutional Security Policies Doug Dunwoody (Aug 26)
- Re: Institutional Security Policies Gene Spafford (Aug 26)
- Re: Institutional Security Policies Bruhn, Mark S. (Aug 26)
- Re: Institutional Security Policies Jere Retzer (Aug 26)
- Re: Institutional Security Policies Gene Spafford (Aug 26)
- Re: Institutional Security Policies Jere Retzer (Aug 26)
- Re: Institutional Security Policies Alex Campoe (Aug 26)
- Institutional Security Policies Ced Bennett (Aug 28)