Educause Security Discussion mailing list archives

Re: Sample Policies

From: James H Moore <jhmfa () RIT EDU>
Date: Tue, 27 Jun 2006 10:35:22 -0400

We have standards mandated by a higher level policy.  The standards are
at: http://security.rit.edu/standards/  (and I will be submitting them
to Educause)

Our actual high level policy is at:
http://www.rit.edu/~620www/Manual/sectionC/C81.html 

We do standards because we learned from our governance structure that
they wanted to set the general direction, but leave the details to a
parallel structure with campus wide representation.

One other thing that we do is produce "Plain English Guides" that are
intended to capture the spirit of the standard but are easily read,
contain examples, etc.  We can then say to people that they can read it
in 10 minutes and understand 80% of what is in the standards.  They are
listed with the standards at the link above.

Jim 

- - - -
Jim Moore, CISSP, IAM
Information Security Officer
Rochester Institute of Technology
13 Lomb Memorial Drive
Rochester, NY 14623-5603
(585) 475-5406 (office)
(585) 475-4122 (lab)
(585) 475-7950 (fax)



"We will have a chance when we are as efficient at communicating
information security best practices, as hackers and criminals are at
sharing attack information"  - Peter Presidio





-----Original Message-----
From: Colleen Keller [mailto:ckeller () EDUCAUSE EDU] 
Sent: Tuesday, June 27, 2006 10:11 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Sample Policies

 Hi Charlie

If EDUCAUSE has any sample policies specific to your topics below, they
would be here, under Security Policies.
http://www.educause.edu/SecurityPolicies/645?Parent_ID=117

Colleen Keller  
EDUCAUSE

-----Original Message-----
From: Charles L. Bombard [mailto:BombardC () CCV EDU] 
Sent: Monday, June 26, 2006 11:39 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Sample Policies

I was wondering if there is anyone out there who is able/willing to
share some of your written security policies.

In particular I am looking for policies on:

-Event logging (both windows and Linux).
-Use of file/disk encryption.
-System hardening.


-Charlie
==========================================
Charles Bombard
LAN/Systems Administrator
Community College of Vermont
119 Pearl Street
Burlington, VT 05401
802.657.4234
bombardc () ccv edu

PRIVACY & CONFIDENTIALITY NOTICE: This message is for the designated
recipient only and may contain privileged, confidential, or otherwise
private information. If you have received it in error, please notify the
sender immediately and delete the original. Any other use of an email
received in error is prohibited.

Current thread:

Sample Policies Charles L. Bombard (Jun 26)
- <Possible follow-ups>
- Re: Sample Policies Cheek, Leigh (Jun 26)
- Re: Sample Policies Charles L. Bombard (Jun 26)
- Re: Sample Policies Charles L. Bombard (Jun 26)
- Re: Sample Policies Brad Judy (Jun 26)
- Re: Sample Policies Joe Barron (Jun 26)
- Re: Sample Policies Colleen Keller (Jun 27)
- Re: Sample Policies Jeff McCabe (Jun 27)
- Re: Sample Policies James H Moore (Jun 27)