Another resource that you might find useful is the The IT Security
Cookbook which you can read in its entirety at
www.boran.com/security/
or order the complete zip of it with regular updates ($100).
It is a "living document" and rich with virtually everything you might
want to consider or include.
Eric
______________________________ Reply Separator _________________________________
Subject: RE: Security Policy
Author: "Gerrish; Robert" <[EMAIL PROTECTED]> at Internet
Date: 05/09/2000 11:38 AM
Simon,
The site security policy that I wrote for my last place of employment was
borrowed from mainly from "NIST's Special Publication:Internet Security
Policy: A Technical Guide" (http://csrc.nist.gov/isptg/html/), but also from
cert.org and RFC1244.
You might also look at:
http://secinf.net/
http://fw4.iti.salford.ac.uk/ice-tel/firewall/policy.html
http://www.reeusda.gov/issp/98planguide.htm
I have run across an book and CD-ROM that claims to include everything you
need. It looks like it could be useful, but I haven't seen it myself and it
is pricey ($495.00):
Information Security Policies Made Easy, Version 7, By Charles Cresson Wood,
CISA, CISSP. More information on it is available at:
http://www.baselinesoft.com/
Bob Gerrish
Unix Systems Administrator
Trim Systems, LLC
Seattle, WA
[EMAIL PROTECTED]
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, May 09, 2000 7:04 AM
> To: [EMAIL PROTECTED]
> Subject: Security Policy
>
>
> Sorry, I know this has already been talked to death about,
> but can anyone
> point me in the right direction when it comes to writing a
> decent security
> policy that encorporates firewalls, proxies etc...
>
> Regards
>
> Simon
>
>
>
> **********************************************************************
> If you are not the intended recipient of this e-mail and have
> received it
> in error, you are on notice that the e-mail and any attached files are
> confidential. Please notify us immediately by reply e-mail
> and then delete
> this message from your system. Please do not use, distribute, copy or
> take any action in reliance on it as to do so could be a breach
> of confidence. The sender does not accept any responsibility for any
> loss, disruption or damage to your data or computer system
> which may occur
> whilst using data contained in, or transmitted with, this
> e-mail. Thank
> you for your co-operation. If you need assistance, please contact
> Maritz Ltd - tel.: +44 (0)1628 486011 or e-mail:
> [EMAIL PROTECTED]
> **********************************************************************
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
Received: from mimesweeper.sec.gov ([162.138.246.4]) by smtpgate.sec.gov with
SMTP
(IMA Internet Exchange 3.13) id 0006A224; Tue, 9 May 2000 11:45:07 -0400
Received: from secfw2.sec.gov (unverified) by mimesweeper.sec.gov
(Content Technologies SMTPRS 2.0.15) with SMTP id
<[EMAIL PROTECTED]> for <[EMAIL PROTECTED]>;
Tue, 09 May 2000 11:43:44 -0400
Received: by secfw2.sec.gov; id LAA00552; Tue, 9 May 2000 11:41:42 -0400
Received: from spike.rwc.gnac.net(209.182.195.137) by secfw2.sec.gov via smap
id xma000511; Tue, 9 May 00 11:41:29 -0400
Received: (qmail 25008 invoked by uid 15); 9 May 2000 15:38:25 -0000
Delivered-To: [EMAIL PROTECTED]
Received: from colmail01.trimsystems.com ([208.221.24.2])
by spike.rwc.gnac.net (8.8.8/8.8.8) with ESMTP id IAA24999
for <[EMAIL PROTECTED]>; Tue, 9 May 2000 08:38:20 -0700 (PDT)
Received: by COLMAIL01 with Internet Mail Service (5.5.2448.0)
id <2Z9ARR2K>; Tue, 9 May 2000 11:38:15 -0400
Message-Id: <876CAF46D28ED2118D8100A0C9F2BB246789D0@SEABDC01>
From: "Gerrish, Robert" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: RE: Security Policy
Date: Tue, 9 May 2000 11:38:14 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2448.0)
Sender: [EMAIL PROTECTED]
Precedence: bulk
X-Loop: [EMAIL PROTECTED]
Content-Type: text/plain;
