Dave, You can find some practical hints, tutorials and examples at http://secinf.net/ipolicye.html The docs there were of a lot of help to me when I was put in your position some time ago.
In my opinion a good security policy starts with the following philosophy: Write down what you know should be in your company's policy in a language that suits understand (read: love). If you need any help along the way, feel free to mail me off-list. I happen to like security policies an awful lot. :-) Casper Aleva Dutch Security Information Network e: [EMAIL PROTECTED] w: http://www.DSINet.org/ c: http://www.DSINet.org/casper/pubkey.txt --- "Don't quote, I want to know what _you_ have to say." - Unknown On Wed, 2001-11-14 at 11:16, [EMAIL PROTECTED] wrote: > Dear All, > > I have just been put in charge of network security within our company and > the first thing I need to do is define a Network Security Policy that we > can apply to our Internet Services and customer intranets. > > I would like to have some input on things to add into the policy and > possibly some links to example policies. > > So far I have read RFC2196 which has given me some good insights, but I > would like to not have to start from scratch as there is just one of me > and I am limited for time. > > I have a good understanding of some of the things that should be in a > Securit Policy, but real-world help would be appreciated. > > Many Thanks, > > Dave Stout > Internet Security Engineer > > > <snip>
