Security Basics mailing list archives
Re: Writing Security Policies
From: "kawaii" <trunks () stackers org>
Date: Mon, 8 Sep 2003 14:10:56 -0400
From: "Al Cook" <cookas () msn com> Sent: Monday, September 08, 2003 08:20
I'm doing some work on security policies and effectively have to write one from scratch for a company. Are there any good resource out there that anyone can recommend. I have seen books that can be bought with 1000's of templates and mission statement etc, are these worth the money? The
company
is based in the UK, will templates written for US based companies be acceptable (with some amendments) s or should I be looking for ones geared to the UK only? Any help appreciated.
In my opinion (and in practice), I've gone with templates unique to the locale. I've found that while you can make generalizations about applicable laws, etc, it is better when it references things that is common to the locale.
Thanks, Al
In general though, I haven't found much use from templates. I usually take the tack of compiling the necessary components to be protected and then writing the policy around those, with consultation with the appropriate legal sources about what we can and can't say. As always, YMMV. Ever lovable and always scrappy, kawaii --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- Writing Security Policies Al Cook (Sep 08)
- Re: Writing Security Policies Pete Hunt (Sep 08)
- Re: Writing Security Policies kawaii (Sep 08)