|
|
| Policy |
|
| Listing: |
- Acceptable Use
Policy Report
A report on Acceptable Usage Policy: what
corporations expect of it, a case study, and
a framework for creating your own policy.
- Aelita
Enterprise Directory Manager
Secure "Rules and Roles" management platform
that facilitates secure Exchange and Active
Directory administration.
- The
Basics of an IT Security Policy
This paper is intended to address the importance
of having a written and enforceable Information
Technology (IT) security policy, and to provide
an overview of the necessary components of
an effective policy.
- Best
Practices in Network Security
Knowing how and what to protect and what controls
to put in place is difficult. It takes security
management, including planning, policy development
and the design of procedures.
- Browsing
with a Loaded Gun
A strong web Security Policy is key to keeping
your company safe in the net-centric world.
(PDF format)
- The
BS7799 Security Zone I
nformation, guidence and resources to address
the BS7799 security standard.
- Building
and Implementing a Successful Information
Security Policy
White paper providing the reader with new
and innovative aspects on the process of building
a Security Policy, as well as managing a Security
Awareness Program.
- Building
Effective, Tailored Information Security Policy
20th NISSC Internet Technical Security Policy
Panel
- Canada's
Export Controls
Unofficial / unverified article describing
Canada's export controls on cryptographic
software.
- CERT Practice
Modules: Improving Security
Determine contractor ability to comply with
your organization's security policy.
- CERT
Practice Modules: Responding to Intrusions
Establish policies and procedures for responding
to intrusions.
- CERT Practice
Modules: Securing Desktop Workstations
Develop and promulgate an acceptable use policy
for workstations.
- Computer
and Information Security Policy
Formal IT security policy helps establish
standards for IT resource protection by assigning
program management responsibilities and providing
basic rules, guidelines, and definitions for
everyone in the organization. Policy thus
helps prevent inconsistencies that can introduce
risks, and policy serves as a basis for the
enforcement of more detailed rules and procedures.
- Create
Order with a Strong Policy
A well-written, well-run security policy keeps
cracks from appearing in your network's foundation.
- Developing
an Information Security Strategy
This whitepaper describes the steps needed
to develop an organization-wide information
security strategy.
- Do
you have an intrusion detection response plan?
Discussion of what should go into the creation
of an intrusion detection plan and the expected
results.
- Email
Policy.com
Learn how to create a company e-mail policy
and enforce it using email security software.
Also lists sample email policies, books and
links.
- Enhancing
Enterprise Security
This is a solid site with a good overview
of all factors which should go into to the
design of a security policy.
- E-Policy
E-policy is a corporate statement and set-of-rules
to protect the organisation from casual or
intentional abuse that could result in the
release of sensitive information, IT system
failures or litigation against the organisation
by employees or other parties.
- Firewalls
and Internet Security
Good paper with theory and firewalls description.
Network security policy example.
- Formulating
a Wireless LAN Security Policy: Relevant Issues,
Considerations and Implications
[Word Document] This paper represents the
security issues related to the use of wireless
(vs wired) LAN technology and recommends a
number of key implementation guidelines to
ensure the secure deployment of wireless LAN
services in the company.
- GASSP
Home Page
Generally Accepted System Security Principles,
developed by The International Information
Security Foundation.
- How
to Develop a Network Secuity Policy White
Paper
This document is for business executives,
and others, who want to know more about Internet
and internetworking security, and what measures
you can take to protect your site.
- How
to Develop Good Security Policies and Tips
on Assessment and Enforcement
[Word Document] Invest the time up front to
carefully develop sound policies and then
identify ways to gauge their effectiveness
and assess the level of compliance within
your organization. Commit to spending the
time and resources required to ensure that
the policies are kept current and accurately
reflect your company's security posture.
- Implementing
an Encryption Policy for the Mac OS X User
This paper provides the derivation and implementation
of a security policy for Mac OS X users.
- An
Induction to BS7799 and ISO 17799
A presentational site describing the specification
and definition within Part 2 of the standard.
- The
Information Security Forum
It has produced the standard to provide guidelines
on all aspects of information security including
IT, data, and computer controls.
- Information
Security Policies
Make and manage security policies. Run awareness
programs with audits and e-learning to build
a human firewall.
- Information
Security Policies & Computer Security
Policy Directory
This directory is intended to help you ensure
that your policies actually meet your needs.
- Information
Security Program Development
Security standards are needed by organizations
because of the amount of information, the
value of the information, and ease with which
the information can be manipulated or moved.
- Institute
for Security and Open Methodologies (ISECOM)
Non-profit, international research initiative
dedicated to defining standards in security
testing and business integrity testing.
- Internet Security
Policy: A Technical Guide - Contents
This document is intended to help an organization
create a coherent Internet-specific information
security policy.
- Internet/Network
Security Policy Development
How to write an effective network security
policy. This is Part 4 of a 5 part tutorial
on Internet and network security.
- IT
Security Cookbook
An excellent guide to computer & network
security with a strong focus on writing and
implementing security policy. This is primarily
for security managers and system administrators.
- ITworld.com
- Security's human side
IT World article - essentially a review of
Pentasafe's VigilEnt security policy management
product.
- Make
Your Web Site P3P Compliant
How to create and publish your company's platform
for privacy performance policy, a W3C initiative,
in 6 steps.
- OSSTMM:
Open Source Security Testing Methodology Manual
A widely used, peer-reviewed, comprehensive
methodology for performing security tests.
- PKI
Policy Whitepaper
This PKI Note provides general information
about PKI policy, the role that policy plays
in a PKI and how that policy applies to both
traditional and PKI-enabled business environments.
- Policy
Over Policing
InfoWorld article - It's easy to develop e-mail
and Internet policies, but education and documentation
are crucial to their success.
- P3P
Guiding Principles
Principles behind the W3C Platform for Privacy
Preferences initiative.
- RFC2196
(Site Security Handbook)
a guide to developing computer security policies
and procedures for sites that have systems
on the Internet. Published 1997.
- RUsecure
Information Security Policies
The source site, including free to access
download, for the ISO 17799-aligned RUsecure
Information Security Policies.
- Site
Security Policy Development
This paper outlines some issues that the writer
of a Site Computer Security Policy may need
to consider when formulating such a document.
- Structured
Approach to Computer Security
A security policy is a set of rules written
in general terms stating what is permitted
and what is not permitted in a system during
normal operation.
- What
makes a good security policy and why is one
necessary?
Security does not come from automated applications,
rather it is compromised of security applications
or systems, processes and procedures and the
personnel to implement both the systems and
processes. In order to properly address security,
the most fundamental item necessary is a security
policy.
- What's Your
Policy?
If your company doesn't have written security
policies, it's time it did, and Mark Edwards
has some resources to help.
- Why
Security Policies Fail
Objective analysis reveals that many breaches
are linked to common weaknesses in the security
policy...accidents waiting to happen. This
article focuses on strategic and systematic
weaknesses that can slowly degrade security
operations.
- Windows 2000
Group Policy and Security
The use of Group Policy to simplify the network
security tasks that you face as a network
administrator. With Group Policy, you can
ensure that the machines on your network remain
in a secure configuration after you deploy
them.
- World
of Information Security Management
This site contains information on BS 7799
(ISO/IEC 17799) including the official Register
of BS 7799 Certificates, International BS
7799 User Group, papers on the application
of BS 7799 produced by business around the
world.
|
|
|
