[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security policy

On Sat, 09 Oct 2010 16:42:51 -0400, Andrew Reid wrote:

> On Saturday 09 October 2010 15:34:58 Paweł Ch. wrote:

>> I must create security policy for my company. Can someone send me
>> example security policy? Especially with division to user,
>> administrator and boss.
>   There are a number of free public resources available from the
> US National Institute of Standards and Technology.  A former employer of
> mine used Special Publication 800-53 as a baseline for a security
> policy.
>   Besides providing a list of recommendations, it also has a
> pretty good discussions of the "whys" behind them, and the cost-benefit
> trade-offs that must be made.
>   A list of NIST security division's publications is here:
> <http://csrc.nist.gov/publications/PubsFL.html>
>   SP 800-53 itself is here, in PDF format:
> <http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-

I'm adding to the list the SANS Institute guidelines, which provides 
sample templates for many purposes:




Reply to: