FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 10-09-2010, 07:34 PM
Paweł Ch.
 
Default Security policy

Hi,
I must create security policy for my company.
Can someone send me example security policy? Especially with division to user, administrator and boss.

Thanks
 
Old 10-09-2010, 08:42 PM
Andrew Reid
 
Default Security policy

On Saturday 09 October 2010 15:34:58 Paweł Ch. wrote:
> Hi,
> I must create security policy for my company.
> Can someone send me example security policy? Especially with division to
> user, administrator and boss.

There are a number of free public resources available from the
US National Institute of Standards and Technology. A former
employer of mine used Special Publication 800-53 as a baseline
for a security policy.

Besides providing a list of recommendations, it also has a
pretty good discussions of the "whys" behind them, and the
cost-benefit trade-offs that must be made.

A list of NIST security division's publications is here:
<http://csrc.nist.gov/publications/PubsFL.html>

SP 800-53 itself is here, in PDF format:

<http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final_updated-errata_05-01-2010.pdf>

-- A.
--
Andrew Reid / reidac@bellatlantic.net


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 201010091642.51833.reidac@bellatlantic.net">http://lists.debian.org/201010091642.51833.reidac@bellatlantic.net
 
Old 10-10-2010, 01:04 PM
Camaleón
 
Default Security policy

On Sat, 09 Oct 2010 16:42:51 -0400, Andrew Reid wrote:

> On Saturday 09 October 2010 15:34:58 Paweł Ch. wrote:

>> I must create security policy for my company. Can someone send me
>> example security policy? Especially with division to user,
>> administrator and boss.
>
> There are a number of free public resources available from the
> US National Institute of Standards and Technology. A former employer of
> mine used Special Publication 800-53 as a baseline for a security
> policy.
>
> Besides providing a list of recommendations, it also has a
> pretty good discussions of the "whys" behind them, and the cost-benefit
> trade-offs that must be made.
>
> A list of NIST security division's publications is here:
> <http://csrc.nist.gov/publications/PubsFL.html>
>
> SP 800-53 itself is here, in PDF format:
>
> <http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-
final_updated-errata_05-01-2010.pdf>

I'm adding to the list the SANS Institute guidelines, which provides
sample templates for many purposes:

http://www.sans.org/security-resources/policies/

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: pan.2010.10.10.13.04.13@gmail.com">http://lists.debian.org/pan.2010.10.10.13.04.13@gmail.com
 
Old 10-10-2010, 04:58 PM
"B. Alexander"
 
Default Security policy

On Sat, Oct 9, 2010 at 3:34 PM, Paweł Ch. <pch0317@gmail.com> wrote:

Hi,
I must create security policy for my company.
Can someone send me example security policy? Especially with division to user, administrator and boss.

Thanks


Yeah, as the other posters have said, you should focus on guidelines. Each security policy is as different as a fingerprint, even between two divisions of the same company.

Since you appear to be in Europe, if you are looking for standards-compliance, you might check ISO27001 and the SANS documents.


If you are in the US, those, plus the NIST Special Publication 800 series or the DoD's docs (which I haven't worked much with). Then there is PCI, FFIEC, etc for the banking industry. Gives new meaning to "The great thing about standards is that there are so many to choose from..."


HTH,
--b
 

Thread Tools




All times are GMT. The time now is 01:22 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org