Educause Security Discussion mailing list archives
Re: FW: process for creating Information security policies and guidelines
From: "A. Harry Williams" <Harry () MARIST EDU>
Date: Mon, 12 Sep 2011 17:59:46 -0400
On 9/12/2011 4:28 PM, Valdis Kletnieks wrote:
On Mon, 12 Sep 2011 15:00:03 CDT, Drew Perry said:*However, the best "rider" we could have thought to tack on was the ability of the university president to approve changes or additions once the policies were approved, without the need of the board's approval. Talk about a time- and headache-saver.*Like I said in my posting - we did that with our AUP in the late 90s, and it's only needed 2 revs (the most recent in 2002). Having the nuts-n-bolts in a 'Guidelines' has been a lifesaver - probably the single most brilliant thing Randy has ever come up with. ;)
We also added a "rider" to deal with 1c on your list, 1c - Things that get in the way - places where the policy has actively impeded legitimate business processes. so we have things like: The CISO with the coordination, advice and consent of the Executive Vice President and Chief Information Officer deems it necessary for the efficient and effective operation of the Colleges information resources, The CISO is directed to do so by the College President. and for 1a - new technologies, we made sure every list included something like "or other technology" or stated that the list was not exhaustive. /ahw
Current thread:
- FW: process for creating Information security policies and guidelines Mohamed Elhindi (Sep 11)
- Re: FW: process for creating Information security policies and guidelines Barrett, Bruce R. (Sep 11)
- Re: FW: process for creating Information security policies and guidelines James Farr '05 (Sep 12)
- Re: FW: process for creating Information security policies and guidelines Sarazen, Daniel (Sep 12)
- Re: FW: process for creating Information security policies and guidelines James Farr '05 (Sep 12)
- Re: FW: process for creating Information security policies and guidelines Valdis Kletnieks (Sep 12)
- Re: FW: process for creating Information security policies and guidelines Matthew Gracie (Sep 12)
- Re: FW: process for creating Information security policies and guidelines Drew Perry (Sep 12)
- Re: FW: process for creating Information security policies and guidelines Valdis Kletnieks (Sep 12)
- Re: FW: process for creating Information security policies and guidelines A. Harry Williams (Sep 12)
- Re: FW: process for creating Information security policies and guidelines Matthew Gracie (Sep 12)
- Re: FW: process for creating Information security policies and guidelines Barrett, Bruce R. (Sep 11)