>From: "Kenneth W. Kubiak, Information Security Officer" That's a very nice >list indeed! I too am saving it for reference. My >company also had no information security program to speak of when I > >started here last year, so we're both pretty much in similar >situations. >One area I didn't see you mention too much, although you did allude to >it >when you mentioned item #25, but what about your security policies >(particularly acceptable use)? Is that also in your realm, or is that > >left to HR? I got my acceptable use policy approved in the Spring of > >this year, and while it still needs some updating, it's better than > >nothing. Our next step is to institute a strong sanction and > >enforcement policy for IT security breaches, otherwise, policies are > >pointless.
When I posted it, I was thinking technical stuff, but you're right, security policies and enforcement are also an important part. At the moment I'm dealing with that seperately, and haven't really put a whole lot of work into it yet, other than requiring decent passwords and for users to lock their workstations when not there. Perhaps someone out there would care to share a similiar list of things to consider on the legal/policy side of things? Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associates "I have found the way, and the way is Perl." _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com
