Before everyone flames me for abusing this poor high-school phenom, let me
make a disclaimer:
1. I do my best not to "abuse" Justin (depends on how you define it, I
guess).
2. I appreciate his talent and brightness (even though he lacks experience
and sometimes wisdom).
3. I have nothing to do with his current pay situation (though that doesn't
mean I won't in the future).
Patrick
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Patrick Santucci
HP e3000 Systems Administrator
Cornerstone Consolidated Services Group, Inc.
> -----Original Message-----
> From: Justin Garabedian [SMTP:[log in to unmask]]
> Sent: Sunday, March 11, 2001 11:04 pm
> To: [log in to unmask]
> Subject: Re: [HP3000-L] Security Policies
>
> Jim,
> Thanks for suggestions! To bad for me I cannot afford a book that
> "expensive", for I am only a poor, abused high school student that works
> only several days a week as an Operator/Jr. System Admin/Ecometry-System
> Analyst/what-ever-the-company-wants for an employer who pays me only a few
> measly nickels and dimes and would rather have me do physical inventory
> than
> use my talent writing reports or fixing system problems. But it looks
> like
> a great book. Say, what was the name of the paper you wrote and where can
> I
> find it?
>
> This actually a book that I was looking at. For anyone that wants
> more
> info, go to http://www.baselinesoft.com/ for the scoop.
>
> Thank you,
>
> Justin R. Garabedian, Jr. HP 3000 System Admin
> ------------------------------------------------------
> Information Systems
> Cornerstone Consolidated Services Group, Inc.
> 5568 West Chester Road
> West Chester, Ohio 45069
> Phone: (513) 603.1148
> FAX: (513) 603.1495
> Email: [log in to unmask]
>
> --(PJS - Think MC will buy this one??)-- ;-)
>
> -----Original Message-----
> From: Jim Knight
> To: Justin Garabedian; [log in to unmask]
> Sent: 3/11/01 10:21 PM
> Subject: RE: [HP3000-L] Security Policies
>
> Hi Justin,
> Almost 10 years ago I wrote a paper for Interex on writing a
> security
> policy. I have to admit I was pretty naïve back then. I don't know if
> you
> have any money to spend, but I really like this book. It is "expensive"
> for
> a book, but includes everything you need to create a security policy
> quick
> and efficiently. There are probably other books out there, but this is
> one
> I have experience with and like. Here is the amazon URL for the book:
> http://www.amazon.com/exec/obidos/ASIN/1881585069/qid=984366360/sr=1-1/r
> ef=s
> c_b_1/104-2189170-7041563
>
> Here is one sample security policy off of the net.
> http://www.ncsa.uiuc.edu/People/ncsairst/Policy.html
>
> I'm sure you'll get other suggestions from this list. In
> addition, the
> accounting firm that does financial audits for your company may be able
> to
> provide examples for you to work with.
>
> One thing that I have found helpful is to divide the process
> into two
> parts, the policy and the plan. The policy just talks about what you
> want
> to do, and the plan is how you will implement it. This helps to keep
> you
> from getting bogged down in the details while writing the policy. The
> policy is going to focus on what you need to protect and the plan on how
> you
> will protect it.
>
> I hope all of this makes sense. Let me know if you have
> questions. Feel
> free to send me personal email since I rarely am able to make a dent
> into
> this list anymore.
>
> Jim Knight
> [log in to unmask]
>
> All,
> Does anyone know of any good web sites with advice when writing
> system
> security policies or acceptable usage policies? Does anyone have any
> examples of either?
>
> We are currently looking at writing polices and modifying security
> on
> our 3000s, so if you have any "killer" tips, let me know.
>
> Thank you,
>
> Justin R. Garabedian, Jr. HP 3000 System Admin
> ------------------------------------------------------
> Information Systems
> Cornerstone Consolidated Services Group, Inc.
> 5568 West Chester Road
> West Chester, Ohio 45069
> Phone: (513) 603.1148
> FAX: (513) 603.1495
> Email: [log in to unmask]
|