Re: Security policy
On Sat, 09 Oct 2010 16:42:51 -0400, Andrew Reid wrote:
> On Saturday 09 October 2010 15:34:58 Paweł Ch. wrote:
>> I must create security policy for my company. Can someone send me
>> example security policy? Especially with division to user,
>> administrator and boss.
> There are a number of free public resources available from the
> US National Institute of Standards and Technology. A former employer of
> mine used Special Publication 800-53 as a baseline for a security
> Besides providing a list of recommendations, it also has a
> pretty good discussions of the "whys" behind them, and the cost-benefit
> trade-offs that must be made.
> A list of NIST security division's publications is here:
> SP 800-53 itself is here, in PDF format:
I'm adding to the list the SANS Institute guidelines, which provides
sample templates for many purposes: