It also depends on your security framework and reporting requirements. What framework are trying comply with Coso/Cobit, ITIL, Sarbanes-Oxley, HIPPA, PCI, FIPS, etc. You might look at
http://www.isaca.org/ http://thecaq.aicpa.org/Resources/Sarbanes+Oxley/ https://www.pcisecuritystandards.org/ or google the name of your framework and you will find lots of information. Mike -----Original Message----- From: James Edwards [mailto:[EMAIL PROTECTED] Sent: Thursday, April 10, 2008 4:50 PM To: NT System Admin Issues Subject: Re: Information Security Documentation [EMAIL PROTECTED] wrote: > > Does anyone out there have / seen any good Information Security Policy > documents or templates? > > Basically I am looking for a comprehensive, internal document (or set > of documents) that would be used to describe things such as: > > - Security Organization and Structure > - Internal (Employee and Contractor) Security Policies > (obligations of personnel in managing data and other > secure/confidential documents) > - Sites and Building Policies (access control, maintenance) > - Network Security > - Systems Architecture Security (Access Control, Authentication) > - Production Environment Security > - Application Security > > I realize that it would be next to impossible to find a single > security document that has all of the above facets to it, but any good > starting points would be helpful. > > Thanks, > Jeff > TRY: http://www.nsa.gov/snac/downloads_all.cfm?MenuID=scg10.3.1 Your tax dollars at work!! -- =========================================== Jim ======== Spammers: What they lack in quality, they make up in quantity. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
