Re: Security policy
On Saturday 09 October 2010 15:34:58 Paweł Ch. wrote:
> Hi,
> I must create security policy for my company.
> Can someone send me example security policy? Especially with division to
> user, administrator and boss.
There are a number of free public resources available from the
US National Institute of Standards and Technology. A former
employer of mine used Special Publication 800-53 as a baseline
for a security policy.
Besides providing a list of recommendations, it also has a
pretty good discussions of the "whys" behind them, and the
cost-benefit trade-offs that must be made.
A list of NIST security division's publications is here:
<http://csrc.nist.gov/publications/PubsFL.html>
SP 800-53 itself is here, in PDF format:
<http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final_updated-errata_05-01-2010.pdf>
-- A.
--
Andrew Reid / reidac@bellatlantic.net
Reply to: