Here's a good place to start... sans.org they have sample security policies available for you for tons of applications. Here's the link:
http://www.sans.org/newlook/resources/policies/policies.htm BTW, they're all available in .pdf format as well. Nil Fiat wrote: >Hey everybody... > >Thanks so much for all your responses to my Comcast problem. >Incidentally, they called me back yesterday to confirm my service >cancellation (wouldn't talk to me for nothin' when it was about >them causing problems, but as soon as they're about to lose a dime >they're all over it...blech) and I gave 'em what-for. I know the >poor tech on the line probably didn't deserve it, but I gave it to >him anyway and made him write it down for his boss besides. So I >am somewhat vindicated, if not temporarily lacking home Net- >access. (Tho for the first time in my life I'm thinking, "thank >the gods for work!") > >So hey, yesterday I got handed one of the coolest projects of my >life: I get to write a security policy! Have I done this >before? Hell no...but I'm sure I can, especially if you lovely >peeps and gurus out there will point me to some resources. > >Specifically I'd like to see a template (if there is one; if there >isn't, a good example would do), and read some laws and guidelines >re: what's required, and what's a good idea. The business I'm >doing this for is a bit past the startup phase, but not much; and >their biz model relies heavily on being able to convince people >that their electronic info is secure (really secure; as in, they >envision courts and police stations and hospitals for clients). >Basically they're letting me do this for my own practice, and if I >do a good job, there's the possibility of a security job complete >with any training I want--so ANY info at all is helpful! (Feel >free to refer me to the archives if there's stuff there, but I've >already done the Google thing.) > >Peace & Packets, >Sara T > >________________________________________________________________ >Get your own evilemail.com address at http://www.evilemail.com > > > > >
