Re: Security policy

To: debian-user@lists.debian.org
Subject: Re: Security policy
From: Camaleón <noelamac@gmail.com>
Date: Sun, 10 Oct 2010 13:04:13 +0000 (UTC)
Message-id: <[🔎] pan.2010.10.10.13.04.13@gmail.com>
References: <[🔎] AANLkTi=5Kj1irGk3jZ-qRGAstLA_ENH=Z2RNZbs=ipHN@mail.gmail.com> <[🔎] 201010091642.51833.reidac@bellatlantic.net>

On Sat, 09 Oct 2010 16:42:51 -0400, Andrew Reid wrote:

> On Saturday 09 October 2010 15:34:58 Paweł Ch. wrote:

>> I must create security policy for my company. Can someone send me
>> example security policy? Especially with division to user,
>> administrator and boss.
> 
>   There are a number of free public resources available from the
> US National Institute of Standards and Technology.  A former employer of
> mine used Special Publication 800-53 as a baseline for a security
> policy.
> 
>   Besides providing a list of recommendations, it also has a
> pretty good discussions of the "whys" behind them, and the cost-benefit
> trade-offs that must be made.
>  
>   A list of NIST security division's publications is here:
> <http://csrc.nist.gov/publications/PubsFL.html>
> 
>   SP 800-53 itself is here, in PDF format:
> 
> <http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-
final_updated-errata_05-01-2010.pdf>

I'm adding to the list the SANS Institute guidelines, which provides 
sample templates for many purposes:

http://www.sans.org/security-resources/policies/

Greetings,

-- 
Camaleón

Reply to:

References:
- Security policy
  - From: Paweł Ch. <pch0317@gmail.com>
- Re: Security policy
  - From: Andrew Reid <reidac@bellatlantic.net>

Prev by Date: Re: How to change jpg time stamp using exiv2
Next by Date: Re: lazarus & fpc - absent
Previous by thread: Re: Security policy
Next by thread: Re: Security policy
Index(es):
- Date
- Thread