> are there any books in print that address real-life security policies?
> there are any number of books on security (both networks and systems), but
> none that i have seen to date discuss - in any detail - an organization's
> security policies: what they should include, etc.
> peter gregory
> Peter Gregory [NICname PG11] peter .
> Systems/Network Architect, AT&T Wireless Services, Strategic Technologies Group
1) Determine your assetts and organizational needs
2) Decide which assetts warrant extra protection
3) Form a consensus on the type/level of protection required
4) Write this information down
5) Hand this document to your Technical and Legal departments, in order
to determine if policy implementation is feasible
6) If step "5" is a go, have technical/legal author procedure docs
which will be referenced by the policy doc
7) Make changes as organizational needs and/or assetts change
That's about as close to a policy template that you'll see. Policies tend
to be tailored, not one-size-fits-all. By definition, this requires
extra effort (effort well spent up front, _before_ implementation).
If I'm missing anything, please feel free to pipe up :-).
John Bell, CACI Inc. - Federal
Bloomington, Indiana (Midwest RE-Engineering Division)
mil -OR- jbii @
"Hi ho! Yow! I'm surfing ARPANET!"
- anagram for "The Information Superhighway"