At 11:01 AM +0000 8/26/02, Juan Blanco wrote: >John, > >Security policy are for internal use and each security policy varies from >company to company. If you do >a search on the net for "security policy) you will find plenty of >information that will help you to accomplish >your goal. There is a lot of information on the Cisco web site, A good >example is available in the book Managing Cisco Network Security. > >Thanks, > >Juan Blanco
I generally agree. One thing to remember is the security POLICY should be short (a page or two), approved and enforced by top management, cleared by legal, and be the basis for the security architecture and implementation. For example, at the moment, I'm doing the policy and plan for a service provider that handles personal medical data. There are quite a number of specific legal requirements that apply to them. Military systems have levels of security and work in different environments (e.g., all users have or do not have the same clearance), so there's no cookie-cutter approach there. In the case I'm working with, I think some of the Drug Enforcement Administration directives for protecting systems that can electronically prescribe narcotics are vast overkill, but, so I know I meet them, I'm using some techniques that variously are used for nuclear weapons control and the identity of spies. A large retail chain would have a different policy, as would a financial institution. Frankly, I've never needed to use one of the books devoted to security policy. I do like _Internet Cryptography_ by Smith, and Annlee Hines' (an occasional list contributor) new book, _Planning for Survivable Networks_. Far less readable, but with a great deal of information, are selected Rainbow Series books from the NSA (especially the "understanding" guides). See http://www.fas.org/irp/nsa/rainbow.htm > >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >John Brandis >Sent: Monday, August 26, 2002 1:08 AM >To: [EMAIL PROTECTED] >Subject: Security Policy [7:52061] > > >Hi All, > >does any one have a copy of a security policy (like a corporate security >outline for the company) that they are willing to share, so I can create one >using that as a template/guide ? > >Thanks all > >John >Sydney, Australia > > >********************************************************************** > >visit http://www.solution6.com > >UK Customers - http://www.solution6.co.uk > >********************************************************************* >This email message (and attachments) may contain information that is >confidential to Solution 6. If you are not the intended recipient you cannot >use, distribute or copy the message or attachments. In such a case, please >notify the sender by return email immediately and erase all copies of the >message and attachments. Opinions, conclusions and other information in >this message and attachments that do not relate to the official business of >Solution 6 are neither given nor endorsed by it. >********************************************************************* Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52082&t=52061 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
