Educause Security Discussion mailing list archives

Re: Best practice: IT polices and standards

From: Ben Woelk <fbwis () RIT EDU>
Date: Thu, 30 Sep 2010 14:27:29 -0400

Nick,
Our policy and standards process and documents are on our website. Our information security policy gives us the ability 
to create standards without engaging a university policy committee. We worked to establish a comparatively lightweight 
process so that we could be a little more agile. All of our standards follow a similar template. We also produce Plain 
English Guides to help users understand the requirements of the standards.

You’re welcome to use any of our materials. Please contact me directly if you need more information or Word docs.

http://security.rit.edu/standards/index.html


Ben Woelk '07
Policy and Awareness Analyst
Information Security Office
Rochester Institute of Technology
ROS 10-A204
151 Lomb Memorial Drive
Rochester, New York 14623
585.475.4122
585.475.7920 fax
ben.woelk () rit edu<mailto:ben.woelk () rit edu>
http://security.rit.edu/dsd.html

Become a fan of RIT Information Security at 
http://rit.facebook.com/RITInfosec<http://rit.facebook.com/profile.php?id=6017464645>

Follow us on Twitter: http://twitter.com/RIT_InfoSec

CONFIDENTIALITY NOTE:  The information transmitted, including attachments, is intended only for the person(s) or entity 
to which it is addressed and may contain confidential and/or privileged material.  Any review, retransmission, 
dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other 
than the intended recipient is prohibited.  If you received this in error, please contact the sender and destroy any 
copies of this information.


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Nick 
Recchia
Sent: Thursday, September 30, 2010 2:11 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Best practice: IT polices and standards

Hello Folks,

My department is currently planning to revamp our IT Policies. We lack consistency and I am striving to create a 
cohesive and uniform style for all IT polices and standards (current and new).

There are varying ways University IT Policies are configured and structured - some very detailed and others not -  I 
was wondering if any of you have a Policy template you find successful and would be willing to share your template. 
Further, perhaps you'd also be willing to share your interpretation of why you find your format success?

I am currently considering to appropriate Cornell University's style, but some aspects may be beyond our departmental 
abilities - note, we do not have a University Policy Office.

Please feel free to contact me direct.

Thank you for your time.

Sincerely,
Nick
--
Nicholas Recchia
Security Administrator
ITS - Security Services
infosec.usfca.edu<http://infosec.usfca.edu>

Current thread:

Best practice: IT polices and standards Nick Recchia (Sep 30)
- Re: Best practice: IT polices and standards DiGrazia, Mick A (Sep 30)
- Re: Best practice: IT polices and standards Ben Woelk (Sep 30)
- Re: Best practice: IT polices and standards Kimberly Heimbrock (Sep 30)
- Re: Best practice: IT polices and standards Dave Kovarik (Sep 30)
- Re: Best practice: IT polices and standards Basgen, Brian (Sep 30)
- Social media policies Plesco, Todd (Sep 30)
  - Re: Social media policies Ken Connelly (Sep 30)
    - Re: Social media policies James Farr '05 (Sep 30)
  - Re: Social media policies Roger Safian (Sep 30)
    - Re: Social media policies Moore, Frank (Sep 30)
  - Re: Social media policies Hugh Burley (Sep 30)
- Re: Best practice: IT polices and standards Hugh Burley (Sep 30)