On Mon, 11 Mar 1996, Peter Gregory wrote:
> are there any books in print that address real-life security policies?
> there are any number of books on security (both networks and systems), but
> none that i have seen to date discuss - in any detail - an organization's
> security policies: what they should include, etc.
> peter gregory
> Peter Gregory [NICname PG11] peter .
> Systems/Network Architect, AT&T Wireless Services, Strategic Technologies Group
Check out a company called Baseline Software, Inc.
P. O. Box 1219
Sausalito, CA 94966-1219
Voice: (800) 829-9955
Email: info @
This company puts out a product called "Information Security Policies
Made Easy. It's a 426-page 8-1/2" X 11" book, and everything that's in the
book is also distributed on diskette in ASCII, Word Perfect, and WinWord
format. What you get is 730 boilerplate policies that cover every
possible scenario, from PC security to I-net security to physical security.
There's also some nice supporting doc dealing with putting together
infosec policies and a bunch of appendices containing, among other
things, a very good bibliography of infosec references, professional
organization data, and names and addresses of a bunch of infosec-related
The basic idea is that you can cut and paste the machine-readable stuff
right into your policy docs, use search-and-replace to change "Company X"
to whatever your organization's name is, and call it your own.
The package costs $500, which is cheap when you consider the amount of
person-hours it would take to dig this stuff out for yourself!
We bought it here, and don't regret it.
MO Highway & Transportation Dept.