Security Basics mailing list archives
Re: Building a Company Computer Use/Security Policy
From: jayson.agagnier () aero bombardier com
Date: Mon, 17 Jan 2005 21:54:31 -0500
There are many sites that have such policies, but it depends on what type of business you are in. Some good points of reference are: www.isaca.org www.sans.org/resources/policies www.iso.ch http://www.arma.org/imj/index.cfm http://www.gao.gov/ http://www.tbs.sct.gc.ca/pubs_pol/ciopubs/TB_IT/siglist_e.asp http://www.information-security-policies-and-standards.com/ Don't forget to include a scope of audience and outline who are the information owners, information custodians and information users, along with classification & labeling suitable for your business sector. A good reference book to have for outlining roles and responsibilities is 'Information Security Roles & Responsibilities Made Easy' published by PentaSafe. Good luck! Regards, Jayson Agagnier, CISSP, CISA Sr. Information Security Advisor Bombardier Aerospace "Samuel S. Kempf" <samk@rjpromotion To: security-basics () securityfocus com s.com> cc: Subject: Building a Company Computer Use/Security Policy 01/16/2005 07:33 PM I've recently taken over the position of I.T. Director for a mid-sized company that has no IT policy of any sort currently in place, aside from a vague mention in the no compete agreement about not giving proprietary data to other companies. One of my prime initiatives at the moment is to implement such a policy, something I've never been responsible for before. Can anyone point me to sites/articles on how to do this? Or, better yet, does anyone know of such a policy available online that I could use as a basis for my company? Any suggestions are most welcome. Samuel S. Kempf
E-mail disclaimer: This message contains information, which is intended for the sole use of the recipient or authorized representative. Any person who receives this e-mail by mistake shall immediately notify the sender and destroy it. E-mail transmissions cannot be guaranteed to be error-free as information could be intercepted, altered, or contain viruses. The sender therefore does not accept any liability for damages caused by the fraudulent alteration of this message including, without limitations, damages caused by any virus transmitted by it. Ce message contient de l'information destinée au seul usage du destinataire ou de son représentant autorisé. Toute personne qui reçoit ce courriel par erreur doit en aviser immédiatement l"expéditeur et détruire le courriel. Les transmissions de courriels ne peuvent être garanties exemptes d'erreurs puisque l'information peut être interceptée, modifiée ou contenir des virus. L'expéditeur ne peut donc accepter de responsabilité quant aux dommages causés par une modification frauduleuse du message, y compris, sans s'y limiter, tout dommage occasionné par un virus qu'il aurait transmis.
Current thread:
- Re: Building a Company Computer Use/Security Policy, (continued)
- Re: Building a Company Computer Use/Security Policy Glenn Sieb (Jan 17)
- Re: Building a Company Computer Use/Security Policy Daniel Marques (Jan 19)
- Re: Building a Company Computer Use/Security Policy Danux (Jan 19)
- RE: Building a Company Computer Use/Security Policy James McGee (Jan 19)
- Re: Building a Company Computer Use/Security Policy Daniel Marques (Jan 24)
- Re: Building a Company Computer Use/Security Policy Daniel Marques (Jan 19)
- Re: Building a Company Computer Use/Security Policy Glenn Sieb (Jan 17)