Re: Security Policy

["Wayne S. Martin" <MartinW () BRCC EDU>]

Hello,
In my opinion, the policy should be a very high level document that references a defined information security where 
standards, guidelines, and procedures live. The program should have a basis in NIST, ISO2700, COBIT, etc.
The policy should articulate the organization leadership and cultures support of a strong enforced information security 
program that ensures safe, effective, and secure business processes and functions.
I would be glad to talk with you off line.
Wayne

Sent from my iPhone

On Jan 15, 2016, at 9:41 AM, David Santos <SantosD () FELICIAN EDU<mailto:SantosD () felician edu>> wrote:

Hi Everyone,

I am in process of developing an IT security policy for our University and I have a few questions below.


1.       Do your Universities have a security policy?

2.       Is it part of the computer acceptable usage policy or separate?

3.       Does it target complete University community (Faculty, Staff, and Students)?

4.       Did legal counsel review policy because of possible legal action taken against persons who are in violation of 
such policy?

5.       Would it be possible to share some policies with me?

Thanks in advance for any information.

Have a Great Day

David Santos
IT Security & Helpdesk Manager,
Information Technology

<image002.jpg>

Felician University
262 South Main Street
Lodi, NJ 07644
P: 201-559-6075
www.felician.edu<http://www.felician.edu>


______________________________________________________________________
This outgoing email has been scanned by the MessageLabs Email Security System for Felician University.
_____________________________________________________________________