RE: Building a Company Computer Use/Security Policy

["Roger A. Grimes" <roger () banneretcs com>]

I've recently completed a whitepaper for Microsoft on security policy
building specifically for mid-sized businesses-which is a different
approach than for large businesse.  It includes example policies as well
as, a pretty inclusive list of what should be included. It should be out
in a few weeks.  If you're interested, ping me back in a month and I'll
send back the link.

Roger

************************************************************************
***
*Roger A. Grimes, Banneret Computer Security, Computer Security
Consultant 
*CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CNE (3/4), CEH, CHFI
*email: roger () banneretcs com
*cell: 757-615-3355
*Author of Malicious Mobile Code:  Virus Protection for Windows by
O'Reilly
*http://www.oreilly.com/catalog/malmobcode
*Author of Honeypots for Windows (Apress)
*http://www.apress.com/book/bookDisplay.html?bID=281
************************************************************************
****

 

-----Original Message-----
From: Samuel S. Kempf [mailto:samk () rjpromotions com] 
Sent: Sunday, January 16, 2005 7:33 PM
To: security-basics () securityfocus com
Subject: Building a Company Computer Use/Security Policy

I've recently taken over the position of I.T. Director for a mid-sized
company that has no IT policy of any sort currently in place, aside from
a vague mention in the no compete agreement about not giving proprietary
data to other companies. One of my prime initiatives at the moment is to
implement such a policy, something I've never been responsible for
before. Can anyone point me to sites/articles on how to do this? Or,
better yet, does anyone know of such a policy available online that I
could use as a basis for my company? Any suggestions are most welcome.

Samuel S. Kempf