Re: Building a Company Computer Use/Security Policy

From: Daniel Marques (dancmarques_at_gmail.com)
Date: 01/24/05

  • Next message: adisegna_at_siscocorp.com: "RE: advice for syslog server" 
    Date: Mon, 24 Jan 2005 09:40:52 -0200
To: security-basics@securityfocus.com

    Friends,

    I was reading an article this weekend, and there's something that Ii
    would like to share with you...

    It was about the 7799 and the COBIT, who's the best choice.

    I think that both are great. So, a good practice is: study 7799 AND
    COBIT, then apply the study's results.

    I believe we can use this practice in our topic... And not forgetting
    that Security Policies must be Business focused, so different
    companies means different policies!

    That's all folks!

    --Dan

    On Wed, 19 Jan 2005 18:14:32 -0000, James McGee <james@infosec.co.im> wrote:
    > There is a very good checklist for 7799 on SANS, which is basically the
    > standard...
    >
    > Or, try COBIT, some useful stuff there too
    >
    > -----Original Message-----
    > From: Danux [mailto:danuxx@gmail.com]
    > Sent: 19 January 2005 00:09
    > To: security-basics@securityfocus.com
    > Subject: Re: Building a Company Computer Use/Security Policy
    >
    > Hi list, you know, im trying to implement some kind of security issues on my
    > network but i would like to consult BS7799 or ISO17799 but as you know we
    > have to pay for it.
    > So... Do you know where can i download a versión of these documents without
    > paying? No matter if they are older version, you know is only for
    > educational purposes.
    >
    > Thankxs
    >
    > On Tue, 18 Jan 2005 13:58:00 -0200, Daniel Marques <dancmarques@gmail.com>
    > wrote:
    > > Samuel,
    > >
    > > The Sams Reading Room (sans.org/rr) has a lot of good stuff. I have a
    > > very nice article here, but it's in portuguese.
    > >
    > > I can translate and send it, if you want to...
    > >
    > > -- Daniel
    > >
    > > On Mon, 17 Jan 2005 13:31:32 -0500, Glenn Sieb <ges@wingfoot.org> wrote:
    > > > Samuel S. Kempf said the following on 1/16/2005 7:33 PM:
    > > >
    > > > > I've recently taken over the position of I.T. Director for a
    > > > > mid-sized company that has no IT policy of any sort currently in
    > > > > place, aside from a vague mention in the no compete agreement
    > > > > about not giving proprietary data to other companies. One of my
    > > > > prime initiatives at the moment is to implement such a policy,
    > > > > something I've never been responsible for before. Can anyone point
    > > > > me to sites/articles on how to do this? Or, better yet, does
    > > > > anyone know of such a policy available online that I could use as
    > > > > a basis for my company? Any suggestions are most welcome.
    > > >
    > > > Might I suggest a copy of Tom Limconcelli & Christine Hogan's <A
    > > > HREF="http://www.amazon.com/exec/obidos/asin/0201702711/wingfoot-20"
    > > > TARGET="_blank">The Practice of System and Network
    > > > Administration</A>--he covers creating security policies and such.
    > > >
    > > > It's an amazing reference book--it's been on my shelf since it was
    > > > published! :)
    > > >
    > > > Best,
    > > > --Glenn
    > > >
    > > > --
    > > > "They that can give up essential liberty to obtain a little
    > > > temporary safety deserve neither liberty nor safety."
    > > > ~Benjamin Franklin, Historical Review of Pennsylvania, 1759
    > > >
    > > >
    > >
    >
    > --
    > Danux
    >
    >

  • Next message: adisegna_at_siscocorp.com: "RE: advice for syslog server"