Home page logo

basics logo Security Basics mailing list archives

RE: Policy Manual
From: "Lubrano di Ciccone, Christophe (DEF)" <diciccone () ppg com>
Date: Fri, 28 Feb 2003 05:52:37 -0500

Hy Chris,
It a such big work that you intend to do. Here are some Urls I know. I hope that they are new in your favorites.
Policy manual : e.g. http://www.utoronto.ca/security/policies.html another example from the well known university 
Berkeley : http://ist-socrates.berkeley.edu:2002/pols.html
Site involved in the policy : http://www.sans.org/resources/ and having a global policy project : 
Security library and White paper : http://secinf.net/ipolicye.html#
Some guidelines : http://irm.cit.nih.gov/security/sec_policy.html
This site http://csrc.nist.gov/publications/nistpubs/ and its site map/links http://csrc.nist.gov/csrc/sitemap.html is 
quite interesting.
The NSA site http://www.nsa.gov/ have a collection of inetresting guide.
The Cert site http://www.cert.org/ 

Many Links in http://www.labmice.net/disaster.htm

I'll be of course interested of such manual.

-----Original Message-----
From: Chris Berry [mailto:compjma () hotmail com]
Sent: mercredi 26 fevrier 2003 19:30
To: oclug () oclug org; security-basics () securityfocus com;
windows2000 () freelists org
Subject: Policy Manual

Prior to my taking over here the previous admin had not bothered to write 
any policy.  To try and increase professionalism and to get up to speed with 
HIPPA compliance I'm putting together a policy and proceedures manual.  Here 
is a list of some of the documents I'm going to put together:

Criticality Analysis
Backup Plan
Disaster Recovery Plan
Emergency Plan
Testing & Revision Procedures
Access Authorization Policy (technical)
Access Control Policy (technical)
Access Modification Policy (technical)
System Activity Records
Compliance Certification
Supervision Policy
Temporary Authorization Records
Permanent Authorization Records
Clearance Policy
Security Policy
Security Training Records
Security Training Outline
Hardware Installation and Upgrade Policy
Software Installation and Upgrade Policy
Hardware Maintenance Policy
Software Update Policy
Security Testing Policy
Periodic Review Policy
Computer Hardware Inventory
Computer Software Inventory
Virus Checking Policy
Security Response Plan
Security Incident Report
Security Response Plan
Risk Management Plan
Risk Analysis
HIPPA Sanction Policy
Information Security Responsibility Outline
Physical Security Plan
Employee Termination Policy
Natural Hazards Defense Plan
Security Responsibilities Outline
Identity Security Policy
Data Segregation Plan

There will probably be quite a few more by the time I'm done.  I'd like to 
ask if anyone has any documentation that they would be willing to share.  In 
return, I'll happily provide the finished manual to anyone that would like a 

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"Linux and I have a love/hate relationship.  I hate its complexity until I 
figure out how something works, then I love its power."

The new MSN 8: smart spam protection and 2 months FREE*  

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]