Re: Advice on Network Security Policies[Message Scanned]

[Jimmy Fikes <fikesj () WBU EDU>]

Let me suggest you check out the materials available at the Information
Systems Audit and Control Association (www.isaca.org <http://www.isaca.org/>
) and the IT Governance Institute (www.itgi.org <http://www.itgi.org/> ).



Jimmy Fikes
Director of Information Technology Services
Wayland Baptist University



  _____

From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Parker, Ben C
Sent: Thursday, January 13, 2005 10:40 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Advice on Network Security Policies[Message Scanned]



Question in which I am hoping for some advice from those with expertise?
Where is a good place to find out what we as a small private liberal arts
college are required to keep/have as far as legal issues are concerned with
some of the following things?

1.       How detailed and how long do we need to keep firewall logs?
Currently we are logging denies and NAT timeouts.  What are we required to
keep, and what would be good to have in case we get file sharing notice(
Since in the year and a half I have been here we have kept things locked
down tight enough that students haven't been able to file share, but there
is strong pressure to open things up more.)

2.       What other things should we be auditing and how extensively?

3.       What are the other questions I should be asking be don't even know
what to ask about?



********** Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.