Re: Remote Access Policies

["Pace, Guy" <gpace () CIS CTC EDU>]

Todd's resource is excellent and provides some of the best current
thinking on policy and standards. However, you may also want to look
over the Payment Card Industry standards for remote access and multiple
factor authentication required for certain systems. The new PCI
standards will have a tremendous impact throughout the world when it
comes to IT security. The PCI Security Standards Council is now the only
non-governmental agency that has enforcement and punitive powers that
are global in scope and can bypass any government or other jurisdiction
to directly affect the operation of any public or private organization.
If you are developing policies and standards now, or are reviewing the
ones you have in place, they will need to meet the requirements of the
PCI standards if you want to stay in business.
 
Check out: https://www.pcisecuritystandards.org/ for the DSS and
supporting documents. You are looking for Requirement 8 in the
pci_dss_v1-1.pdf.

Guy L. Pace, CISSP 
Security Administrator 
Center for Information Services (CIS) 
3101 Northup Way, Suite 100 
Bellevue, WA 98004 
425-803-9724 

gpace () cis ctc edu 

 

________________________________

From: Todd Coston [mailto:tcoston () KCCD EDU] 
Sent: Wednesday, November 15, 2006 8:54 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Remote Access Policies


We used some starter templates from sans.org which are pretty good.
They have a whole list of template policies that can be adjusted for
your environment.  They can be found at:
 
http://www.sans.org/resources/policies/#template
 
I hope this helps!
 
--Todd Coston
Systems Manager
Kern Community College District
(661) 336-5187

________________________________

From: Drake, Craig [mailto:c-drake () NEIU EDU] 
Sent: Wednesday, November 15, 2006 6:26 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Remote Access Policies



I was hoping some of you could provide links to some sample policies
regarding Remote Access. Specifically, we would like to develop a policy
that would cover Remote Access by System Admins, Telecommuters, External
Vendor Support, etc and include such remote access as VPN, Dial-Up,
Remote Desktop.   I know there is a lot more to include, and we would
like to look over some policies that other colleges and universities
have established so that we can develop something that would fit our
environment.  

 

Thanks,

-Craig

 

 

Craig W. Drake,  MCSE, CISSP

Microsoft Systems Engineer

Networking & Distributed Services

Northeastern Illinois University

Phone: (773)442-4386

Email: c-drake () neiu edu <mailto:c-drake () neiu edu>