The safest security policy to start with is: "deny everything". Then
don't add anything until you get "corporate" approval (in writing).
Allowing anything more than just the basic services, just because
Joe NotYourBoss wants something, will cause trouble (for your
career) in the long run.
One you have your initial "policy", hold a meeting with everyone
between you and at least your department head (higher is better).
Explain the policy in detail. It's more work to do this initially but
saves on heartache later. Get approval in writing.
Lastly, as early as possible, explain the policy to the users. Make
sure they know what "is" and "isn't" allowed. Ensure they know
how "corporate" is going to react when the policy is violated. This
also prevents a lot of heartache. How many of us have heard:
"I didn't know that was against the rules."
Tim Kramer
ITDN
Michael Cunningham wrote:
> Hiya folks,
>
> I was wondering if anyone could provide or knows of any example
> corporate security policies I could have a look at to begin work
> on one for my company. Something that deals with internet access,
> hacking, email, whats allowed through the firewall, desktop
> software..etc.etc. Feel free to send me your policy so I can just
> change the names:) (lazy sysadmin.. is there any other type?:)
>
> Wake up Mike..
> The Matrix has you.
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
