Security Policies Survey

This blog entry from the Security Monkey at ITToolbox.com is shaping up to be a very handy list of security policy websites. Entitled, “Where Do You Get Your Security Policies From?”, the Security Monkey asks readers to respond with websites that they use for researching security policies. Included in the suggestions are: http://www.sans.org/resources/policies/ http://csrc.nist.gov/publications/nistpubs/index.html CoBIT […]

Read the full article →

Medical Record Retention Policy

If you’re in the medical field and you need to write your medical record retention policy, a good sample record retention policy can be found at the University of Texas Medical Branch at Galveston (UTMB) policy website here. It’s interesting to see that they permanently retain their medical records. Here’s an excerpt: The University of […]

Read the full article →

Electronic Communications Policy

E-mail archiving company Fortiva has a nifty tool for building your own customized Electronic Communications Policy at their site here. You have to register to use it, but I think the policy you get is worth it. The policy can be customized with your company or organization name and specific sections can be added or […]

Read the full article →

Before You Write Your Wireless Security Standards, Wireless LAN Security Myths You Need to Know

When you write your wireless security standards, make sure you don’t fall into the trap of including wireless LAN security myths in them. George Ou has written extensively about wireless LAN security and he’s published several articles on common wireless LAN security myths in ZDNet over the years. His latest article, “Wireless LAN security myths […]

Read the full article →

Email Acceptable Use Policy

A good example of an Email Acceptable Usage Policy can be found on page 6 of a document at the TechTarget website here. Here’s an excerpt: Introduction This policy covers acceptable email usage when utilizing company information systems. NOTE: You might want to include more information here such as the purpose and reasoning behind this […]

Read the full article →

Wireless Security Standards

The University of Connecticut has a great wireless security standards worksheet here. It includes requirements for large deployments and small/individual deployments as well as requirements that are common for all deployments. Here’s an excerpt: Common Requirements Please review the University Wireless Policy for policy related information. Minimum Technical Requirements Locate APs on the interior of […]

Read the full article →

Security Policy Hierarchy

I’m a big proponent of creating a security policy hierarchy. It’s a great way to logically organize your policies and it helps you make sure you have all of your policy bases covered. An excellent example of such a policy hierarchy can be found at the Lazarus Alliance site here.

Read the full article →

Vulnerability Management Program

The National Institute of Standards and Technology (NIST) has a document especially useful to anyone writing their vulnerability management policy. It’s Special Publication 800-40, Creating a Patch and Vulnerability Management Program. You can find it here. Here’s an excerpt: Organizations need to create a comprehensive, documented, and accountable process for identifying and addressing vulnerabilities, patches, […]

Read the full article →

Incident Response Team

The American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA) created an Incident Response Plan template which you can find here. It contains a lot of useful info, including a good description of an Incident Response Team. Here’s an excerpt: An Incident Response Team is established to provide a […]

Read the full article →

Generic E-mail Filtering Standard

I wrote a generic e-mail filtering standard. Here’s an excerpt: 3.1 Content Filtering Employ a content filtering mechanism that scans all incoming e-mail messages and their attachments and manages the messages depending on the results of the scan. 3.1.1 Suspicious Content Strip suspicious active content (ActiveX, JavaScript, etc.) from e-mail and forward to quarantine. 3.1.2 […]

Read the full article →

← Previous Entries

Next Entries →