Re: Building a Company Computer Use/Security Policy
From: Daniel Marques (dancmarques_at_gmail.com)
Date: Mon, 24 Jan 2005 09:40:52 -0200 To: email@example.com
I was reading an article this weekend, and there's something that Ii
would like to share with you...
It was about the 7799 and the COBIT, who's the best choice.
I think that both are great. So, a good practice is: study 7799 AND
COBIT, then apply the study's results.
I believe we can use this practice in our topic... And not forgetting
that Security Policies must be Business focused, so different
companies means different policies!
That's all folks!
On Wed, 19 Jan 2005 18:14:32 -0000, James McGee <firstname.lastname@example.org> wrote:
> There is a very good checklist for 7799 on SANS, which is basically the
> Or, try COBIT, some useful stuff there too
> -----Original Message-----
> From: Danux [mailto:email@example.com]
> Sent: 19 January 2005 00:09
> To: firstname.lastname@example.org
> Subject: Re: Building a Company Computer Use/Security Policy
> Hi list, you know, im trying to implement some kind of security issues on my
> network but i would like to consult BS7799 or ISO17799 but as you know we
> have to pay for it.
> So... Do you know where can i download a versión of these documents without
> paying? No matter if they are older version, you know is only for
> educational purposes.
> On Tue, 18 Jan 2005 13:58:00 -0200, Daniel Marques <email@example.com>
> > Samuel,
> > The Sams Reading Room (sans.org/rr) has a lot of good stuff. I have a
> > very nice article here, but it's in portuguese.
> > I can translate and send it, if you want to...
> > -- Daniel
> > On Mon, 17 Jan 2005 13:31:32 -0500, Glenn Sieb <firstname.lastname@example.org> wrote:
> > > Samuel S. Kempf said the following on 1/16/2005 7:33 PM:
> > >
> > > > I've recently taken over the position of I.T. Director for a
> > > > mid-sized company that has no IT policy of any sort currently in
> > > > place, aside from a vague mention in the no compete agreement
> > > > about not giving proprietary data to other companies. One of my
> > > > prime initiatives at the moment is to implement such a policy,
> > > > something I've never been responsible for before. Can anyone point
> > > > me to sites/articles on how to do this? Or, better yet, does
> > > > anyone know of such a policy available online that I could use as
> > > > a basis for my company? Any suggestions are most welcome.
> > >
> > > Might I suggest a copy of Tom Limconcelli & Christine Hogan's <A
> > > HREF="http://www.amazon.com/exec/obidos/asin/0201702711/wingfoot-20"
> > > TARGET="_blank">The Practice of System and Network
> > > Administration</A>--he covers creating security policies and such.
> > >
> > > It's an amazing reference book--it's been on my shelf since it was
> > > published! :)
> > >
> > > Best,
> > > --Glenn
> > >
> > > --
> > > "They that can give up essential liberty to obtain a little
> > > temporary safety deserve neither liberty nor safety."
> > > ~Benjamin Franklin, Historical Review of Pennsylvania, 1759
> > >
> > >