LISTSERV - HP3000-L Archives

HP3000-L Archives

March 2001, Week 2

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L March 2001, Week 2

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Security Policies
From:	Jim Knight <[log in to unmask]>
Reply To:	Jim Knight <[log in to unmask]>
Date:	Sun, 11 Mar 2001 22:21:55 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (51 lines)

Hi Justin,
        Almost 10 years ago I wrote a paper for Interex on writing a security
policy.  I have to admit I was pretty naïve back then.  I don't know if you
have any money to spend, but I really like this book.  It is "expensive" for
a book, but includes everything you need to create a security policy quick
and efficiently.  There are probably other books out there, but this is one
I have experience with and like.  Here is the amazon URL for the book:
http://www.amazon.com/exec/obidos/ASIN/1881585069/qid=984366360/sr=1-1/ref=s
c_b_1/104-2189170-7041563

Here is one sample security policy off of the net.
http://www.ncsa.uiuc.edu/People/ncsairst/Policy.html

        I'm sure you'll get other suggestions from this list.  In addition, the
accounting firm that does financial audits for your company may be able to
provide examples for you to work with.

        One thing that I have found helpful is to divide the process into two
parts, the policy and the plan.  The policy just talks about what you want
to do, and the plan is how you will implement it.  This helps to keep you
from getting bogged down in the details while writing the policy.  The
policy is going to focus on what you need to protect and the plan on how you
will protect it.

        I hope all of this makes sense.  Let me know if you have questions.  Feel
free to send me personal email since I rarely am able to make a dent into
this list anymore.

Jim Knight
[log in to unmask]

All,
    Does anyone know of any good web sites with advice when writing system
security policies or acceptable usage policies?  Does anyone have any
examples of either?

    We are currently looking at writing polices and modifying security on
our 3000s, so if you have any "killer" tips, let me know.

Thank you,

  Justin R. Garabedian, Jr. HP 3000 System Admin
  ------------------------------------------------------
  Information Systems
  Cornerstone Consolidated Services Group, Inc.
  5568 West Chester Road
  West Chester, Ohio 45069
  Phone: (513) 603.1148
  FAX: (513) 603.1495
  Email: [log in to unmask]

ATOM RSS1 RSS2

RAVEN.UTC.EDU