I would have to agree, but would like to add a few pennies.
True, without management support and full backing you will find it
difficult to adequately develop a security policy that will fit your
company's needs and desires. Remember a good security policy balances
these. Ok, on with it
1.
y, August 06, 2003 1:18 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Security Policy-Please help
>
>
> From http://www.sans.org :
>
>
> What is a security policy?
>
> All security and technical training classes talk about the necessity of
> basing procedures on a
You don't seem to be completely in the dark on this.
Doesn't matter that much if the network is old or not. Read some
documentation on the hardening of computers and networks. No need to start
and crack away at passwords, even windows has some policy-tools on this.
There are library's out there as
I've been writing custom security policies and have done lots of
research on the internet about it. I'v also reviewed lots of company
policies which are currently in place.
In my mind, the first thing to do of course is convince management that
they need a policy. This is the easiest step. Eve
>From http://www.sans.org :
What is a security policy?
All security and technical training classes talk about the necessity of
basing procedures on a good security policy. We need to understand what is
meant by policy.
For an expansive repository of sample security policies view: "The SANS
Secu
Hey John,
First of all, you're right, it's a daunting task to start a project like
this - I know, I'm there right now myself. Now, I see you're finishing
your Masters in Systems & Network Security (Congratulations), so please
forgive me if anything I recommend/suggest is stuff you already know.
2003-08-06T04:07:48 Kampanellis Ioannis:
> Any advices? Where could I start?
Big, big question. I think you start several steps before the sort
of things you mentioned.
The very first thing is to determine the organization's commitment.
If you have a positive commitment from senior management, pr