Re: Security policy

To: debian-user@lists.debian.org
Subject: Re: Security policy
From: Andrew Reid <reidac@bellatlantic.net>
Date: Sat, 09 Oct 2010 16:42:51 -0400
Message-id: <[🔎] 201010091642.51833.reidac@bellatlantic.net>
In-reply-to: <[🔎] AANLkTi=5Kj1irGk3jZ-qRGAstLA_ENH=Z2RNZbs=ipHN@mail.gmail.com>
References: <[🔎] AANLkTi=5Kj1irGk3jZ-qRGAstLA_ENH=Z2RNZbs=ipHN@mail.gmail.com>

On Saturday 09 October 2010 15:34:58 Paweł Ch. wrote:
> Hi,
> I must create security policy for my company.
> Can someone send me example security policy? Especially with division to
> user, administrator and boss.

  There are a number of free public resources available from the 
US National Institute of Standards and Technology.  A former
employer of mine used Special Publication 800-53 as a baseline 
for a security policy.

  Besides providing a list of recommendations, it also has a 
pretty good discussions of the "whys" behind them, and the
cost-benefit trade-offs that must be made.

  A list of NIST security division's publications is here:
<http://csrc.nist.gov/publications/PubsFL.html>

  SP 800-53 itself is here, in PDF format:

<http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final_updated-errata_05-01-2010.pdf>

 					-- A.
-- 
Andrew Reid / reidac@bellatlantic.net

Reply to:

Follow-Ups:
- Re: Security policy
  - From: Camaleón <noelamac@gmail.com>

References:
- Security policy
  - From: Paweł Ch. <pch0317@gmail.com>

Prev by Date: Re: Communicating with USB Modem
Next by Date: Re: how to enable sound
Previous by thread: Security policy
Next by thread: Re: Security policy
Index(es):
- Date
- Thread