Re: Building a Company Computer Use/Security Policy

[Erik Norgaard <norgaard () locolomo org>]

Samuel S. Kempf wrote:
> I've recently taken over the position of I.T. Director for a mid-sized 
> company that has no IT policy of any sort currently in place, aside from 
> a vague mention in the no compete agreement about not giving proprietary 
> data to other companies. One of my prime initiatives at the moment is to 
> implement such a policy, something I've never been responsible for 
> before. Can anyone point me to sites/articles on how to do this? Or, 
> better yet, does anyone know of such a policy available online that I 
> could use as a basis for my company? Any suggestions are most welcome.

You might want to take a look at ITIL:

http://www.ogc.gov.uk/index.asp?id=2261
http://www.itil-itsm-world.com/

the second link has some good links to other sources also. ITIL has 
become more or less de facto standard reference for IT management, 
including security.

Erik
--
Ph: +34.666334818                                  web: www.locolomo.org
S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt
Subject ID:  A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9
Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2