HP3000-L Archives

March 2001, Week 2

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Security Policies
From:
Justin Garabedian <[log in to unmask]>
Reply To:
Justin Garabedian <[log in to unmask]>
Date:
Sun, 11 Mar 2001 23:04:20 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (100 lines) 
Jim,
    Thanks for suggestions!  To bad for me I cannot afford a book that
"expensive", for I am only a poor, abused high school student that works
only several days a week as an Operator/Jr. System Admin/Ecometry-System
Analyst/what-ever-the-company-wants for an employer who pays me only a few
measly nickels and dimes and would rather have me do physical inventory than
use my talent writing reports or fixing system problems.  But it looks like
a great book.  Say, what was the name of the paper you wrote and where can I
find it?

    This actually a book that I was looking at.  For anyone that wants more
info, go to http://www.baselinesoft.com/ for the scoop.

Thank you,

  Justin R. Garabedian, Jr. HP 3000 System Admin
  ------------------------------------------------------
  Information Systems
  Cornerstone Consolidated Services Group, Inc.
  5568 West Chester Road
  West Chester, Ohio 45069
  Phone: (513) 603.1148
  FAX: (513) 603.1495
  Email: [log in to unmask]

--(PJS - Think MC will buy this one??)-- ;-)

-----Original Message-----
From: Jim Knight
To: Justin Garabedian; [log in to unmask]
Sent: 3/11/01 10:21 PM
Subject: RE: [HP3000-L] Security Policies

Hi Justin,
        Almost 10 years ago I wrote a paper for Interex on writing a
security
policy.  I have to admit I was pretty naïve back then.  I don't know if
you
have any money to spend, but I really like this book.  It is "expensive"
for
a book, but includes everything you need to create a security policy
quick
and efficiently.  There are probably other books out there, but this is
one
I have experience with and like.  Here is the amazon URL for the book:
http://www.amazon.com/exec/obidos/ASIN/1881585069/qid=984366360/sr=1-1/r
ef=s
c_b_1/104-2189170-7041563

Here is one sample security policy off of the net.
http://www.ncsa.uiuc.edu/People/ncsairst/Policy.html

        I'm sure you'll get other suggestions from this list.  In
addition, the
accounting firm that does financial audits for your company may be able
to
provide examples for you to work with.

        One thing that I have found helpful is to divide the process
into two
parts, the policy and the plan.  The policy just talks about what you
want
to do, and the plan is how you will implement it.  This helps to keep
you
from getting bogged down in the details while writing the policy.  The
policy is going to focus on what you need to protect and the plan on how
you
will protect it.

        I hope all of this makes sense.  Let me know if you have
questions.  Feel
free to send me personal email since I rarely am able to make a dent
into
this list anymore.

Jim Knight
[log in to unmask]

All,
    Does anyone know of any good web sites with advice when writing
system
security policies or acceptable usage policies?  Does anyone have any
examples of either?

    We are currently looking at writing polices and modifying security
on
our 3000s, so if you have any "killer" tips, let me know.

Thank you,

  Justin R. Garabedian, Jr. HP 3000 System Admin
  ------------------------------------------------------
  Information Systems
  Cornerstone Consolidated Services Group, Inc.
  5568 West Chester Road
  West Chester, Ohio 45069
  Phone: (513) 603.1148
  FAX: (513) 603.1495
  Email: [log in to unmask]

ATOM RSS1 RSS2