Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: How to design Security Policies

from [Jayson Agagnier] Network Security [Permanent Link]
Subject: RE: How to design Security Policies
Date: Thu, 27 Sep 2007 10:36:08 -0700 
There are many sites that have such policies, but it depends on what
type of business you are in.

Some good points of reference are:

www.isaca.org
www.sans.org/resources/policies
www.iso.ch
http://www.arma.org/imj/index.cfm
http://www.gao.gov/
http://www.tbs.sct.gc.ca/pubs_pol/ciopubs/TB_IT/siglist_e.asp
http://www.information-security-policies-and-standards.com/

Don't forget to include a scope of audience and outline who are the
information owners, information custodians and information users, along
with classification & labeling suitable for your business sector.

In order to keep things easy for your business absorb and support, keep
policies simple and high level, issue IT specific directives that will
tell IT staff how they have to do what they need to do.  Here's a copy
of the policy/directive framework we use.

A good reference book to have for outlining roles and responsibilities
is 'Information Security Roles & Responsibilities Made Easy' published
by PentaSafe.

Good luck!

Regards,

Jayson Agagnier, CISSP
NVIDIA Corporation

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of AntiVirusEngineer@Gmail.com
Sent: Thursday, September 27, 2007 09:25
To: security-basics@securityfocus.com
Subject: How to design Security Policies

Dear All,

We are in process of designing the security policies for entire
organization. 

Please recommend me where can I find more information about this,what
are the things to be considered while designing the policies. 



Recommend me Books / Standards and Docs.



Thanks in Advance.

AntiVirusEngineer@gmail.com




-----------------------------------------------------------------------------------
This email message is for the sole use of the intended recipient(s) and may 
contain
confidential information.  Any unauthorized review, use, disclosure or 
distribution
is prohibited.  If you are not the intended recipient, please contact the 
sender by
reply email and destroy all copies of the original message.
-----------------------------------------------------------------------------------

Attachment: PolicyFramework.pdf
Description: PolicyFramework.pdf

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Internet usage and monitoring, gjgowey
Next by Date:  Re: Internet usage and monitoring, Brian Loe
Previous by Thread:  How to design Security Policies, AntiVirusEngineer
Next by Thread:  Re: RE: How to design Security Policies, rohnskii
Indexes:  [Date] [Thread] [Top] [All Lists]