RE: Policy Manual

Hy Chris,
It a such big work that you intend to do. Here are some Urls I know. I hope that they are new in your favorites. RELATED TO POLICY AND SECURITY
Policy manual : e.g. http://www.utoronto.ca/security/policies.html another example from the well known university Berkeley : http://ist-socrates.berkeley.edu:2002/pols.html Site involved in the policy : http://www.sans.org/resources/ and having a global policy project : http://www.sans.org/resources/policies/ Security library and White paper : http://secinf.net/ipolicye.html# Some guidelines : http://irm.cit.nih.gov/security/sec_policy.html This site http://csrc.nist.gov/publications/nistpubs/ and its site map/links http://csrc.nist.gov/csrc/sitemap.html is quite interesting. The NSA site http://www.nsa.gov/ have a collection of inetresting guide. The Cert site http://www.cert.org/

DRP
http://www.disasterplan.com/
Many Links in http://www.labmice.net/disaster.htm

I'll be of course interested of such manual. Regards
Christophe

-----Original Message-----
From: Chris Berry [mailto:compjma@hotmail.com] Sent: mercredi 26 fevrier 2003 19:30
To: oclug@oclug.org; security-basics@securityfocus.com; windows2000@freelists.org
Subject: Policy Manual

Prior to my taking over here the previous admin had not bothered to write any policy. To try and increase professionalism and to get up to speed with HIPPA compliance I'm putting together a policy and proceedures manual. Here is a list of some of the documents I'm going to put together:

Criticality Analysis
Backup Plan
Disaster Recovery Plan
Emergency Plan
Testing & Revision Procedures
Access Authorization Policy (technical)
Access Control Policy (technical)
Access Modification Policy (technical)
System Activity Records
Compliance Certification
Supervision Policy
Temporary Authorization Records
Permanent Authorization Records
Clearance Policy
Security Policy
Security Training Records
Security Training Outline
Hardware Installation and Upgrade Policy Software Installation and Upgrade Policy Hardware Maintenance Policy
Software Update Policy
Security Testing Policy
Periodic Review Policy
Computer Hardware Inventory
Computer Software Inventory
Virus Checking Policy
Security Response Plan
Security Incident Report
Security Response Plan
Risk Management Plan
Risk Analysis
HIPPA Sanction Policy
Information Security Responsibility Outline Physical Security Plan
Employee Termination Policy
Natural Hazards Defense Plan
Security Responsibilities Outline
Identity Security Policy
Data Segregation Plan

There will probably be quite a few more by the time I'm done. I'd like to ask if anyone has any documentation that they would be willing to share. In return, I'll happily provide the finished manual to anyone that would like a copy.

Chris Berry
compjma@hotmail.com
Systems Administrator
JM Associates

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

"Linux and I have a love/hate relationship. I hate its complexity until I figure out how something works, then I love its power."