A security policy can take many forms and styles, but one
that’s easy to get started with is a series of templates produced by the SANS
Institute called “The SANS Security Policy Project,” available from their web
site at http://www.sans.org/newlook/resources/policies/policies.htm.
The System Administration, Networking, and Security (SANS)
Institute was established in 1989 as a cooperative research and education
organization to provide a forum for security professionals, auditors, system
administrators, and network administrators to share the lessons they have
learned and find solutions to the challenges they face. Many SANS resources,
such as news digests, research summaries, security alerts, and white papers, are
free. For more information, their web site is http://www.sans.org.
One of many useful sites SANS hosts is the “SANS/FBI Top Twenty
List” (http://www
.sans.org/top20.htm), which summarizes the “Twenty Most Critical Internet
Security Vulnerabilities.” This web site also includes step-by-step instructions
and pointers to additional information useful for correcting the flaws.
The writers at SANS have produced about two dozen templates
for each of the major policies to be included in a security policy. Each policy
is a separate document that allows for easy addition and editing, and each
follows the same style shown in the example in the upcoming sidebar.
Sections
Comments (0 posted)
Syndication
