While security policies need to be unique per organization, there are some common elements that can be recycled.
Just to give an example, how about the handling of passwords? Really, do you need to re-create the piece of the policy that says passwords need to be protected, must be of a certain length, and mixed characters? It really doesn't matter if the policy is for Van Kamps fish sticks factory, or for the DEA: both need to ensure that they have some baseline protection for passwords. The below book may help, the high price tag buys you a one-organization copyright. Having a ready-made template can save some time, and enable you to focus on the more unique aspects of the organization's requirements without spending all your time re-inventing the wheel. To that end, John, the following may be useful to you. Check it on Amazon. Information Security Policies Made Easy Version 8 by Charles Cresson Wood HTH, Charles Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52134&t=52061 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
