Educause Security Discussion mailing list archives

Re: Policy Recommendations

From: Joanna Grama <jgrama () EDUCAUSE EDU>
Date: Wed, 7 Feb 2018 17:28:03 +0000

Hi Justin,
The HEISC Information Security Guide has a policy chapter and list of sample policies that might be useful to you.

The policies chapter is here:  https://spaces.internet2.edu/display/2014infosecurityguide/Security+Policies

The list of sample policies is here: 
https://spaces.internet2.edu/display/2014infosecurityguide/Information+Security+Policy+Examples

On the sample policies page, I think the sections on "AUPs," "Minimum Security Requirements for Network Devices," and 
"Networking" might be most useful.

Kind regards,
Joanna


Joanna Grama, JD, CISSP, CRISC, CIPT
Director of Cybersecurity and IT GRC Programs

EDUCAUSE
Uncommon Thinking for the Common Good
282 Century Place, Suite 5000, Louisville, CO 80027
direct: 720.406.6769 | jgrama () educause edu 

Become a Member- Everyone at your organization is an EDUCAUSE member when you join | Access discounts, resources, and 
valuable peer networks | Discover membership




-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Justin 
Harwood
Sent: Wednesday, February 7, 2018 12:11 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Policy Recommendations

?We are contemplating the need for a section in one of our policies that includes the topic of connecting network 
enabled devices (such as IoT, rogue AP's, etc) but not sure what guidelines we would want to provide. Does anyone have 
any policies that pertain to this specific topic that they could share with me?

Justin Harwood
Infrastructure Solutions Security Architect ITARS - Security Infrastructure Services Central Piedmont Community College 
Central Campus, Citizens 242
704-330-6141
www.cpcc.edu<http://www.cpcc.edu/>


________________________________

This e-mail, including any attachments, is intended only for the addressee's use and may contain confidential and 
proprietary information. If you are not the intended recipient, you are hereby notified that any retention, 
dissemination, reproduction, or use of the information contained in this e-mail is strictly prohibited. If you have 
received this e-mail by error, please delete it and immediately notify the sender. Thank you for your cooperation.

Current thread:

Policy Recommendations Justin Harwood (Feb 07)
- Re: Policy Recommendations Joanna Grama (Feb 07)
- Re: Policy Recommendations Hart, Michael (Feb 07)
  - Re: Policy Recommendations Ronald King (Feb 07)
- Re: Policy Recommendations randy (Feb 07)