For fairly high level infosec policy checklists as well as setting up
an information security infrastructure:
1. Charles Cresson Wood's Baseline Software Book
called "Information Security Policies Made Easy"
( http://www.baselinesoft.com/ ) has such a checklist:
"A step-by-step checklist of policy development tasks so that you
can start immediately to get a policy development project
underway"
2. SANS Conf. course book from Cisco's Michele Crabb called
"Building a Successful Security Infrastructure".
(NS99-TUE-3, $75). http://www.sansstore.org/
3. You might also want to check out the IETF site security handbook
and (you being in the US DOE) I wouldn't be surprised if there
aren't already DOD and DOE information security checklists...
- H. Morrow Long
University Information Security Officer
Yale University, ITS, Dir. InfoSec Office
"McEwen, Don" wrote:
>
> All,
>
> I've been looking for a high level security checklist from an
> authoritative source.
> I've got checklists from the various vendors, and developed my own list of
> items
> to check on, but I'm looking for an authoritative source that would cover
> the high
> level items, before you ever get to the server level. Such a list would
> cover such
> items like:
>
> - Password policy
> - Network Security policy
> - Proper use policy
> - Policy on attaching modems to company machines
> - Audits to verify compliance with above policies
>
> I'd expect that this checklist would be a couple of pages long with some
> subsets
> under the top level areas, but not deal with operating system specific
> issues.
>
> I'd appreciate if anyone can point me to a site or book that I can find this
> from.
>
> Thanks
>
> Don
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
S/MIME Cryptographic Signature
