Hy Chris, It a such big work that you intend to do. Here are some Urls I know. I hope that they are new in your favorites. RELATED TO POLICY AND SECURITY Policy manual : e.g. http://www.utoronto.ca/security/policies.html another example from the well known university Berkeley : http://ist-socrates.berkeley.edu:2002/pols.html Site involved in the policy : http://www.sans.org/resources/ and having a global policy project : http://www.sans.org/resources/policies/ Security library and White paper : http://secinf.net/ipolicye.html# Some guidelines : http://irm.cit.nih.gov/security/sec_policy.html This site http://csrc.nist.gov/publications/nistpubs/ and its site map/links http://csrc.nist.gov/csrc/sitemap.html is quite interesting. The NSA site http://www.nsa.gov/ have a collection of inetresting guide. The Cert site http://www.cert.org/
DRP http://www.disasterplan.com/ Many Links in http://www.labmice.net/disaster.htm I'll be of course interested of such manual. Regards Christophe -----Original Message----- From: Chris Berry [mailto:[EMAIL PROTECTED] Sent: mercredi 26 fevrier 2003 19:30 To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Policy Manual Prior to my taking over here the previous admin had not bothered to write any policy. To try and increase professionalism and to get up to speed with HIPPA compliance I'm putting together a policy and proceedures manual. Here is a list of some of the documents I'm going to put together: Criticality Analysis Backup Plan Disaster Recovery Plan Emergency Plan Testing & Revision Procedures Access Authorization Policy (technical) Access Control Policy (technical) Access Modification Policy (technical) System Activity Records Compliance Certification Supervision Policy Temporary Authorization Records Permanent Authorization Records Clearance Policy Security Policy Security Training Records Security Training Outline Hardware Installation and Upgrade Policy Software Installation and Upgrade Policy Hardware Maintenance Policy Software Update Policy Security Testing Policy Periodic Review Policy Computer Hardware Inventory Computer Software Inventory Virus Checking Policy Security Response Plan Security Incident Report Security Response Plan Risk Management Plan Risk Analysis HIPPA Sanction Policy Information Security Responsibility Outline Physical Security Plan Employee Termination Policy Natural Hazards Defense Plan Security Responsibilities Outline Identity Security Policy Data Segregation Plan There will probably be quite a few more by the time I'm done. I'd like to ask if anyone has any documentation that they would be willing to share. In return, I'll happily provide the finished manual to anyone that would like a copy. Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associates "Linux and I have a love/hate relationship. I hate its complexity until I figure out how something works, then I love its power." _________________________________________________________________ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail