Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FW: process for creating Information security policies and guidelines

From: Matthew Gracie <graciem () CANISIUS EDU>
Date: Mon, 12 Sep 2011 10:05:16 -0400
On 09/12/2011 06:00 AM, Valdis Kletnieks wrote:


Also beware any such flowchart that doesn't result in a policy that includes
"We have authorized the use of a baseball bat on recalcitrant users".


As always, listen to Valdis. He speaks wisdom.

Actually writing the policies is the easy part; sites like SANS have
plenty of samples to draw from, and higher ed in general is open enough
to share this sort of thing publicly. Check out some peer institutions,
read through their policies, see how they're doing things. While taking
one policy is "plagiarism", stealing bits and pieces from everyone
counts as "research".

The hardest part, by far, is getting buy-in from the upper echelons that
need to approve the policies. Make sure you've got that first.

-- 
Matt Gracie                         (716) 888-8378
Information Security Administrator  graciem () canisius edu
Canisius College ITS                Buffalo, NY
http://www2.canisius.edu/~graciem/graciem_public_key.gpg
Previous By Date Next
Previous By Thread Next

Current thread: