RE: How to design Security Policies

There are many sites that have such policies, but it depends on what
type of business you are in.

Some good points of reference are:

www.isaca.org
www.sans.org/resources/policies
www.iso.ch
http://www.arma.org/imj/index.cfm
http://www.gao.gov/
http://www.tbs.sct.gc.ca/pubs_pol/ciopubs/TB_IT/siglist_e.asp
http://www.information-security-policies-and-standards.com/

Don't forget to include a scope of audience and outline who are the
information owners, information custodians and information users, along
with classification & labeling suitable for your business sector.

In order to keep things easy for your business absorb and support, keep
policies simple and high level, issue IT specific directives that will
tell IT staff how they have to do what they need to do. Here's a copy
of the policy/directive framework we use.

A good reference book to have for outlining roles and responsibilities
is 'Information Security Roles & Responsibilities Made Easy' published
by PentaSafe.

Good luck!

Regards,

Jayson Agagnier, CISSP
NVIDIA Corporation

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of AntiVirusEngineer@xxxxxxxxx
Sent: Thursday, September 27, 2007 09:25
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: How to design Security Policies

Dear All,

We are in process of designing the security policies for entire
organization.

Please recommend me where can I find more information about this,what
are the things to be considered while designing the policies.



Recommend me Books / Standards and Docs.



Thanks in Advance.

AntiVirusEngineer@xxxxxxxxx




-----------------------------------------------------------------------------------
This email message is for the sole use of the intended recipient(s) and may contain
confidential information. Any unauthorized review, use, disclosure or distribution
is prohibited. If you are not the intended recipient, please contact the sender by
reply email and destroy all copies of the original message.
-----------------------------------------------------------------------------------

Attachment: PolicyFramework.pdf
Description: PolicyFramework.pdf

Relevant Pages

  • Re: Data driven people arguments
    ... The RDM provides a /generic/ way to store and access data that is independent of particular problem contexts (i.e., particular business rules). ... capture business rules and policies. ...
    (comp.object)
  • Re: Application logic and Business logic
    ... Whats the difference between application logic and business logic? ... rules and policies of the problem domain that are abstracted for the ... Nonfunctional requirements relate to How ... one can go a long way towards separation ...
    (comp.object)
  • Re: Credit Card required photo ID as post office - thrown out by cops
    ... Policies are policies. ... business that violates another business's policies is that the violated ... The USPS went for YEARS without accepting credit cards. ... and the electronic screens that laughably ask for a "signature" ...
    (misc.consumers)
  • Re: Sheer brilliance...
    ... business. ... create its policies. ... your implication unless you mean to highlight how LA has been severely ...
    (rec.music.makers.guitar.acoustic)
  • Re: space travel or war
    ... policies that they thought were in the long term best interests of the ... See the reference above... ... World oil production is 83 million barrels per day. ... Iraqi oil production is less than 2 million barrels per day. ...
    (sci.space.policy)