Access Control Security Policy

[Tim Lane <tlane () SCU EDU AU>]

Greetings All,



I am in the midst of writing an access control policy (auditor's
requirement).



I have decided to structure it in three major areas:





1)    User based authentication and authorisation to systems

2)    Technical system level access controls, which include operating
system, application, and network layers, connection of non authorised
equipment etc

3)    physical access controls.





I wondered if anyone else has gone down the path of documenting an access
control policy and if so would they mind sharing it?



Thanks,



Tim



Tim Lane
Information Security Manager
IT&TS
Southern Cross University
Ph (02) 6620 3530
Mobile 0418 248 571