Surfing For Security Policies: Page 2

(Page 2 of 3)

Another good place to start is the National Security Information site. Offerings there range from "What Do I Put in a Security Policy?" -- a white paper with sample security policy outline included -- to "Real World Problem Cases Caused By Missing Policies," a set of "funny stories."

Additionally, you can access the Internet Engineering Task Force's Site Security Policies Procedure Handbook.

Another document that can come in handy is the draft edition of a chapter on Computer and Information Security Policy, aimed at eventual inclusion in the NIST Computer Security Handbook.

Searching for Security

After getting an overview, you can then glom on to an Internet search engine to catch a gander of other companies' real world security policies. If you plan to adapt someone else's policies, though, you should keep copyright issues in mind. Also, it's quite likely that the policies needed by your organizations will be different from those already in place somewhere else.

A company that uses electronic funds transfer (EFT) systems is defintely going to need integrity policies, for instance. Meanwhile, another company, across the street, might be more worried leakage of confidential information from a database.

Topics covered in security policies cover a huge gamut, ranging from passwords and authentication to copyright, backup, and disaster recovery procedures. Many larger companies institute different policies for different facilities, departments, or groups of users.

Depending on the needs of your organization, and your own inclinations, it might make more sense to use ready-made software templates. The SANS Institute is now offering 25 of these for free download in Word format. Topics range from anti-virus process and acceptable encryption to analog/ISDN line and VPN policies.

Page 2 of 3

Previous Page
1 2 3
Next Page

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.