Educause Security Discussion mailing list archives
Re: Remote Access Policies
From: "Pace, Guy" <gpace () CIS CTC EDU>
Date: Wed, 15 Nov 2006 09:32:47 -0800
Todd's resource is excellent and provides some of the best current thinking on policy and standards. However, you may also want to look over the Payment Card Industry standards for remote access and multiple factor authentication required for certain systems. The new PCI standards will have a tremendous impact throughout the world when it comes to IT security. The PCI Security Standards Council is now the only non-governmental agency that has enforcement and punitive powers that are global in scope and can bypass any government or other jurisdiction to directly affect the operation of any public or private organization. If you are developing policies and standards now, or are reviewing the ones you have in place, they will need to meet the requirements of the PCI standards if you want to stay in business. Check out: https://www.pcisecuritystandards.org/ for the DSS and supporting documents. You are looking for Requirement 8 in the pci_dss_v1-1.pdf. Guy L. Pace, CISSP Security Administrator Center for Information Services (CIS) 3101 Northup Way, Suite 100 Bellevue, WA 98004 425-803-9724 gpace () cis ctc edu ________________________________ From: Todd Coston [mailto:tcoston () KCCD EDU] Sent: Wednesday, November 15, 2006 8:54 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Remote Access Policies We used some starter templates from sans.org which are pretty good. They have a whole list of template policies that can be adjusted for your environment. They can be found at: http://www.sans.org/resources/policies/#template I hope this helps! --Todd Coston Systems Manager Kern Community College District (661) 336-5187 ________________________________ From: Drake, Craig [mailto:c-drake () NEIU EDU] Sent: Wednesday, November 15, 2006 6:26 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Remote Access Policies I was hoping some of you could provide links to some sample policies regarding Remote Access. Specifically, we would like to develop a policy that would cover Remote Access by System Admins, Telecommuters, External Vendor Support, etc and include such remote access as VPN, Dial-Up, Remote Desktop. I know there is a lot more to include, and we would like to look over some policies that other colleges and universities have established so that we can develop something that would fit our environment. Thanks, -Craig Craig W. Drake, MCSE, CISSP Microsoft Systems Engineer Networking & Distributed Services Northeastern Illinois University Phone: (773)442-4386 Email: c-drake () neiu edu <mailto:c-drake () neiu edu>
Current thread:
- Remote Access Policies Drake, Craig (Nov 15)
- <Possible follow-ups>
- Re: Remote Access Policies Melissa Guenther (Nov 15)
- Re: Remote Access Policies Scholz, Greg (Nov 15)
- Re: Remote Access Policies Todd Coston (Nov 15)
- Re: Remote Access Policies Pace, Guy (Nov 15)