Firewall Wizards mailing list archives
RE: OT: Information Security policy
From: Nigel Willson <NWillson () tbg com>
Date: Thu, 15 Feb 2001 17:27:34 -0700
I am looking for information about implementing and considering Information Security policies. How many people actually consider the BS7799 Standard?
I have found a majority of companies use BS7799 as a base for policy, especially financial institutions. I built a 60-page document myself although I do not recommend a long document, better short 2-page focused policies. Human friendly.
Are there any other standards that people recommend?
Yes, a lot of enterprises are basing policy upon privacy standards such as HIPAA and Gramm Leach Blilely. It can save a lot of cost and pain later.
Do developers and designers or security enforce "roles and access" upon data itself, to ensure that users of the information follow the policy that is set within the company.
Newer technologies are supporting the enforcement of business rules/policy in access controls else policy can become, yes we have policy!, where is it? RBAC is getting hot, as a leverage of directories and a savior before migrating to Windows 2000. Nige. Senior Consultant, The Burton Group. _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- OT: Information Security policy Scott, Richard (Feb 15)
- <Possible follow-ups>
- RE: OT: Information Security policy Nigel Willson (Feb 16)
- Re: OT: Information Security policy Paul Cardon (Feb 20)
- RE: OT: Information Security policy Keith.Morgan (Feb 16)
- RE: OT: Information Security policy Ben . Grubin (Feb 16)