I am what passes for the computer technology guy at a small elementary
school. I'm trying to improve the security of the information we store
on our computers and I hope this list can give me some advice.
First, I'm looking for an appropriate definition of information security
as it would apply to my situation. "If I don't know what it is, how will
I know when I've found it?"
Second, I need to write a policy or a checklist, or a document of some
sort we can use to evaluate, monitor, and improve our
computer/information security.
We’re constrained by time, training, and money. Any policy I devise has
to be capable of being implemented and managed by people with modest
computer skills (the equivalent of the CompTIA A+ or Network+) with
limited time available, and for all practical purposes, no funding.
I realize that under these circumstances an extremely high level of
security is unobtainable and probably unnecessary in any event. What I
hope to be able to do it to make the information on the LAN secure from
the casual hacker and all but the most persistent attacks from those who
might deliberately target our network.
Can you direct me toward any resources; particularly security
definitions, security frameworks, or security policies that you think
might assist me? I have done the usual Google searches and come up with
an overwhelming list of web sites but I was wondering if you knew of
anything that specifically addressed my problem.
Thank you for your assistance,
Mark Goodridge
Received on May 16 2008
Intro
