In message <[EMAIL PROTECTED]>, Bennett Samowi
ch writes:
>Greetings,
>
>Would anyone kindly point me to some resources, either on-line or book
>form, that detail the creation of an effective security policy. I have
>found several resources for creating usage policies and now I need to
>concentrate on our security policy. It is my understanding that it is this
>policy that is used when creating firewall, IDS, etc rules.
A couple of links that might help you:
RFC 1244 Site Security Handbook. J.P. Holbrook, J.K. Reynolds
(RFC 1244 was obsoleted by RFC 2196, but it's still worth a read)
http://www.RF.Cx/rfc1244.html
RFC 2196 Site Security Handbook. B. Fraser.
http://www.RF.Cx/rfc2196.html
British Standard BS 7799
http://www.c-cure.org/fbs7799.htm
Australian/New Zealand Standard AS/NZS 4444
http://www.standards.com.au/
Also, you might want to consider getting a book by Charles Cresson Wood,
CISA, CISSP called "Information Security Policies Made Easy, Version 7"
http://www.baselinesoft.com/
This should get you started.
Cheers,
Saso
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
