Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Corporate Privacy Policy

from [Doug Markiewicz] Network Security [Permanent Link]
Subject: RE: Corporate Privacy Policy
Date: Mon, 22 May 2006 08:24:39 -0400 
Charles Cresson Wood is a good resource if you're looking for develop a
complete policy set.  If you've already got a policy set and are just
looking to add Privacy to the collection, its probably not worth the
expense.  A good bit of what Cresson uses for Privacy is straight out of
the EU Directive 95/46.  Looking at existing legislation and privacy
principles should be sufficient.  Here are some resources:
 
FTC Fair Information Practice Principles
http://www.ftc.gov/reports/privacy3/fairinfo.htm
 
OECD Privacy Principles
http://www.oecd.org/document/18/0,2340,en_2649_34255_1815186_1_1_1_1,00.
html
 
EU Directive 95/46
http://europa.eu.int/smartapi/cgi/sga_doc?smartapi!celexapi!prod!CELEXnu
mdoc&lg=EN&numdoc=31995L0046
 
Safe Harbor (Based on EU privacy)
http://www.export.gov/safeHarbor/index.html
http://www.export.gov/safeHarbor/SHPRINCIPLESFINAL.htm
 
If you work in the US, I would also check out all the state security
breach laws.  They will be a good reference for defining personal
information if thats not already defined in your data classification.
You should also have a policy for handling breaches whether part of your
privacy policy or a document in and of itself.
 
Hope that helps!
 

        -----Original Message-----
        From: Gary Everekyan [mailto:karo@onnik.com] 
        Sent: Friday, May 19, 2006 12:20 AM
        To: 'Doug Fox'; security-management@securityfocus.com
        Subject: RE: Corporate Privacy Policy
        
        
        If you can afford it the best resource is  Information Security
Policies Made Easy by  Charles C. Wood.
          http://www.baselinesoft.com/ispmemain.htm
         

        Regards,
        
        Gary Everekyan
        CISSP, CISM, ISSAP,ISSPCS, ITILp, MCSE, MCT
        Information Security and Audit
        "High achievement always takes place in the framework of high
expectation" - Jack Kinder
        
        
        

         

  _____  

        From: Doug Fox [mailto:dfox168@hotmail.com] 
        Sent: Thursday, May 18, 2006 10:35 PM
        To: security-management@securityfocus.com
        Subject: Corporate Privacy Policy
        
        
        I searched Google, NIST, NSA, SANS, etc. for samples of
corporate / enterprise privacy policy on personal information to be used
by HR, department managers, etc., but not the kind of privacy policy
posted on web sites, but to no avail.
         
        Appreciate any pointers to locate one or two of the samples
         
        Thanks,
         
        DF
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Corporate Privacy Policy, Lars Neupart
Next by Date:  Hipaa Security Policy, Rezendes, Joseph
Previous by Thread:  Re: Corporate Privacy Policy, Lars Neupart
Next by Thread:  Hipaa Security Policy, Rezendes, Joseph
Indexes:  [Date] [Thread] [Top] [All Lists]