Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
I am writing security policies for 2
- Thread starter sguslan
- Start date
-
2
- #2
brianpaterson
IS-IT--Management
Sorry, you will not find a ready made solution for this. Security policy creation is a complex business and no solution will fit more than one scenario.
What level of security do you require?
Are there any financial or legal requirements to protect data and authenticate users?
Can you place at-risk workstations in screened subnets?
Do you have any anti-virus software, filtering routers, firewalls, IDS solutions in place......etc?
Afraid you are going to have to do it the hard way.
Analyse your business needs and current network topology.
Review current situation.
Identify key areas and conduct risk assessment.
Categorise issues by risk level.
Investigate security solutions on a case per case basis and rationalise your cost/benefit for each one. (ie Firewall, Proxy, 3 antivirus products, IDS and biometric logon is probably excessive for your standalone which prints labels for envelopes)
In each instance consultation with business units is necessary as only they know what functionality is absolutely essential. They are also vital for identifying you disaster recovery and backup plans.
Now, you are almost ready to start on the policy......
I have said it before on this conference, this is not a small scale operation to be passed to tech support or the helpdesk.
Point to note:
Your security policy should be a business enabler and not just a financial burden to directors. Sell the policy in this manner and remember that user education is the real key to security success.
If you want further help out of conference feel free to give me a shout on
brianpaterson@freeuk.com
Happy hunting
#-)
Brian
What level of security do you require?
Are there any financial or legal requirements to protect data and authenticate users?
Can you place at-risk workstations in screened subnets?
Do you have any anti-virus software, filtering routers, firewalls, IDS solutions in place......etc?
Afraid you are going to have to do it the hard way.
Analyse your business needs and current network topology.
Review current situation.
Identify key areas and conduct risk assessment.
Categorise issues by risk level.
Investigate security solutions on a case per case basis and rationalise your cost/benefit for each one. (ie Firewall, Proxy, 3 antivirus products, IDS and biometric logon is probably excessive for your standalone which prints labels for envelopes)
In each instance consultation with business units is necessary as only they know what functionality is absolutely essential. They are also vital for identifying you disaster recovery and backup plans.
Now, you are almost ready to start on the policy......
I have said it before on this conference, this is not a small scale operation to be passed to tech support or the helpdesk.
Point to note:
Your security policy should be a business enabler and not just a financial burden to directors. Sell the policy in this manner and remember that user education is the real key to security success.
If you want further help out of conference feel free to give me a shout on
brianpaterson@freeuk.com
Happy hunting
#-)
Brian
- Thread starter
- #3
Guest_imported
New member
- Jan 1, 1970
- 0
and you might want to check this website out:
It depends how much detail you want. I can recommend two sources if the policies are to be reasonably generic:
a) I have just posted this URL for a different question, but it may help here:
is basically just that - hundreds of security policies online... and free. Might be worth looking and maybe using the onsite search facility on there for your specifics.
b) If you are looking for something to buy, RUsecure is the policy set that complies with international security standards. See:
I sell the through my Security Audit Shop and they go very well indeed.
Jenni
a) I have just posted this URL for a different question, but it may help here:
is basically just that - hundreds of security policies online... and free. Might be worth looking and maybe using the onsite search facility on there for your specifics.
b) If you are looking for something to buy, RUsecure is the policy set that complies with international security standards. See:
I sell the through my Security Audit Shop and they go very well indeed.
Jenni
- Thread starter
- #6
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question