notes from an admin for himself. you can read it if you want.

Entries Comments

Custom Search

Writing Security Policies the easy way

Everyone hates writing security policy. A good IT shop should have all policies done and in a mainteneance schedule. The easy way is to get templates from SANS and modify them to suit your own organizational needs. Some took me about 5 minutes, some take a while. You need to know your own organization enough to figure out things like what encryption strength are you required to have according to SOX, HIPAA etc. Then apply that to your corporate encryption policy.

Make sure you get your employees to sign all of your policy documents when the start working. Notify them that they may be terminated for violating policy.

Write a comment