Educause Security Discussion mailing list archives
Re: Best practice: IT polices and standards
From: Kimberly Heimbrock <heimbrockk () NKU EDU>
Date: Thu, 30 Sep 2010 14:28:20 -0400
I have attached a copy of one of our policies…we began by using the SANS template and tried to keep ours simple but comprehensive. After all, a Policy is only as good as it is known and understood. Too much legal jargon and everyone skips the message, looking for the “I accept” button J We have established several policies now that follow the same look, feel, consistency. Still not sure how many people read / understand / abide by them, which is another whole topic altogether! Kim Heimbrock Director, IT Policy and Compliance Northern Kentucky University (859) 572-5139 heimbrockk () nku edu www.nku.edu From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Nick Recchia Sent: Thursday, September 30, 2010 2:11 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Best practice: IT polices and standards Hello Folks, My department is currently planning to revamp our IT Policies. We lack consistency and I am striving to create a cohesive and uniform style for all IT polices and standards (current and new). There are varying ways University IT Policies are configured and structured - some very detailed and others not - I was wondering if any of you have a Policy template you find successful and would be willing to share your template. Further, perhaps you'd also be willing to share your interpretation of why you find your format success? I am currently considering to appropriate Cornell University's style, but some aspects may be beyond our departmental abilities - note, we do not have a University Policy Office. Please feel free to contact me direct. Thank you for your time. Sincerely, Nick -- Nicholas Recchia Security Administrator ITS - Security Services infosec.usfca.edu <http://infosec.usfca.edu>
Attachment:
IT SECURITY Policy.doc
Description: IT SECURITY Policy.doc
Current thread:
- Best practice: IT polices and standards Nick Recchia (Sep 30)
- Re: Best practice: IT polices and standards DiGrazia, Mick A (Sep 30)
- Re: Best practice: IT polices and standards Ben Woelk (Sep 30)
- Re: Best practice: IT polices and standards Kimberly Heimbrock (Sep 30)
- Re: Best practice: IT polices and standards Dave Kovarik (Sep 30)
- Re: Best practice: IT polices and standards Basgen, Brian (Sep 30)
- Social media policies Plesco, Todd (Sep 30)
- Re: Social media policies Ken Connelly (Sep 30)
- Re: Social media policies James Farr '05 (Sep 30)
- Re: Social media policies Roger Safian (Sep 30)
- Re: Social media policies Moore, Frank (Sep 30)
- Re: Social media policies Hugh Burley (Sep 30)
- Re: Social media policies Ken Connelly (Sep 30)
- Re: Best practice: IT polices and standards Hugh Burley (Sep 30)