Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Reviewing Policies and Procedures

from [Bob Kurth] Network Security [Permanent Link]
Subject: RE: Reviewing Policies and Procedures
Date: Thu, 13 Jan 2005 12:06:20 -0600 
Check out Charles Cresson Wood's book "Information Security Policies Made Easy 
version 9.0" published by Pentasafe.  The book contains not only the 
methodology for writing policies, but also contains a set of canned, 
pre-written policies, that comply with the ISO and BS standards.  It also 
contains a CD-ROM with both the book and the policies in MS-Word format, so you 
can quickly edit them to suit your particular needs.  Rather expensive, runs 
around $800 and is available via Information Shield.  I bought a used version 
through Amazon.com for about $500.  Well worth the investment. 

Robert Kurth, CISSP
IT - Security Manager
First Community Services
4400 Swanner Loop
Killeen, TX  76543
Phone:  (254) 953-6880
Fax:      (254) 680-5735
Cell:      (254) 702-7814
Pager:   (254) 616-3047
robert.kurth@fcserv.com
-----Original Message-----
From: arif.jatmoko@sea.ccamatil.com [mailto:arif.jatmoko@sea.ccamatil.com] 
Sent: Thursday, January 13, 2005 3:18 AM
To: security-management@securityfocus.com
Subject: Re: Reviewing Policies and Procedures




Hi,

The best sources for policy and procedure are based on ISO17799, the common
standard of security industries. However if you lookin for some sort of
security policy template, you could try RuSecure - Information Security
Policies at www.rusecure.co.uk. It's a collection of security policies
template based on ISO17799, but it's not free.
SANS also good source for policy reference :
http://www.sans.org/resources/policies.

good luck.

Arif Jatmoko
|+-------------------------------+----------------------------------------|
||   "Miller, Joseph"            |                                        |
||   <Joseph_Miller@jeffersonwell|           To:                          |
||   s.com>                      |   <security-management@securityfocus.co|
||                               |   m>                                   |
||   01/13/2005 06:12 AM         |           cc:        (bcc: Arif        |
||                               |   Jatmoko/IDN/SEA/CCA)                 |
||                               |           Subject:        Reviewing    |
||                               |   Policies and Procedures              |
||                               |                                        |
|+-------------------------------+----------------------------------------|







Hello,
I am a rookie at reviewing policies and procedures for information security
and IT controls.  Is there an online resource I can use to locate a
checklist of P-n-Ps?  One of my tasks is to assure that all network
infrastructure, server and mainframe subject matters are addressed?

Joe Miller
Jefferson Wells
Project Professional
Technology Risk Management
(480)540-3588



-----------------------------------------
********* Internet Email Confidentiality *********

The information contained in this message may be privileged and
confidential and protected from disclosure. If the reader of this message
is not the intended recipient, or an employee or agent responsible for
delivering this message to the intended recipient, you are hereby notified
that it is strictly prohibited (a) to disseminate, distribute or copy this
communication or any of the information contained in it, or (b) to take any
action based on the information in it. If you have received this
communication in error, please notify us immediately by replying to the
message and deleting it from your computer.


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Reviewing Policies and Procedures, Chris Downing
Next by Date:  Re: Question on Standards, Matthew Caston
Previous by Thread:  RE: Reviewing Policies and Procedures, Lozano, Jorge A
Next by Thread:  RE: Reviewing Policies and Procedures, Khan, Imran \(Imran\)
Indexes:  [Date] [Thread] [Top] [All Lists]