RE: Building a Company Computer Use/Security Policy

From: Roger A. Grimes (roger_at_banneretcs.com)
Date: 01/18/05

  • Next message: Roger A. Grimes: "RE: Remote Desktop vs VPN on Windows 2003"
    Date: Mon, 17 Jan 2005 19:29:44 -0500
    To: "Samuel S. Kempf" <samk@rjpromotions.com>, <security-basics@securityfocus.com>
    
    

    I've recently completed a whitepaper for Microsoft on security policy
    building specifically for mid-sized businesses-which is a different
    approach than for large businesse. It includes example policies as well
    as, a pretty inclusive list of what should be included. It should be out
    in a few weeks. If you're interested, ping me back in a month and I'll
    send back the link.

    Roger

    ************************************************************************
    ***
    *Roger A. Grimes, Banneret Computer Security, Computer Security
    Consultant
    *CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CNE (3/4), CEH, CHFI
    *email: roger@banneretcs.com
    *cell: 757-615-3355
    *Author of Malicious Mobile Code: Virus Protection for Windows by
    O'Reilly
    *http://www.oreilly.com/catalog/malmobcode
    *Author of Honeypots for Windows (Apress)
    *http://www.apress.com/book/bookDisplay.html?bID=281
    ************************************************************************
    ****

     

    -----Original Message-----
    From: Samuel S. Kempf [mailto:samk@rjpromotions.com]
    Sent: Sunday, January 16, 2005 7:33 PM
    To: security-basics@securityfocus.com
    Subject: Building a Company Computer Use/Security Policy

    I've recently taken over the position of I.T. Director for a mid-sized
    company that has no IT policy of any sort currently in place, aside from
    a vague mention in the no compete agreement about not giving proprietary
    data to other companies. One of my prime initiatives at the moment is to
    implement such a policy, something I've never been responsible for
    before. Can anyone point me to sites/articles on how to do this? Or,
    better yet, does anyone know of such a policy available online that I
    could use as a basis for my company? Any suggestions are most welcome.

    Samuel S. Kempf


  • Next message: Roger A. Grimes: "RE: Remote Desktop vs VPN on Windows 2003"

    Relevant Pages

    • Fwd: Oh Dear, Where to start?!
      ... It seems to me you need two things: an organizational policy, ... finish college and break into the real world of computer security. ... experience in the field of network security and policy ... updates, driver updates, and recommended updates. ...
      (Security-Basics)
    • RE: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comme nts?
      ... All NetScreen appliances rely on custom-designed ASICs (Application ... Specific Integrated Circuits) for security policy enforcement. ... supports a finite number of "rules" or "policies". ...
      (Firewall-Wizards)
    • RE: Cant set Local Security policies. They fail to save
      ... predefined Security Template on SBS 2003 to restore security groups ... run "gpupdate.exe /force" under command prompt to force the policy ... reboot the Server to test. ... and then logon to client computer to test if user can save system logs. ...
      (microsoft.public.windows.server.sbs)
    • RE: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comme nts?
      ... The report you cite is CheckPoint originated and deals with older NetScreen ... All NetScreen appliances rely on custom-designed ASICs (Application ... Specific Integrated Circuits) for security policy enforcement. ...
      (Firewall-Wizards)
    • Re: No Shut Down or Restart for Domain Admins
      ... run rsop.msc from your DC and check which policy is responsible to this. ... I have created a group policy in a development network and imported it ... NT AUTHORITY\Authenticated Users Read (from Security Filtering) No ... Enforce user logon restrictions Enabled ...
      (microsoft.public.windows.server.active_directory)