Policy - Page 1

Media publications

• A Structured Approach to Computer Security - A security policy is a set of rules written in general terms stating what is permitted and what is not permitted in a system during normal operation. (Published 1992.00.00)

	SANS InfoSec Reading Room URL: http://www.sans.org/rr/ ODP description: Articles on security policy and other information security topics. Page title: SANS Institute - SANS Information Security Reading Room - Security White Papers Page description: The SANS Institute, offering computer security training for system administrators, computer security professionals, and network administrators, is a cooperative research and education organization that has many consensus projects to return computer security information to the community.
	Make Your Web Site P3P Compliant URL: http://www.w3.org/P3P/details.html ODP description: How to create and publish your company's platform for privacy performance policy, a W3C initiative, in 6 steps. Page title: More information on using P3P
	IT Security Cookbook URL: http://www.boran.com/security/ ODP description: A guide to computer and network security with a strong focus on writing and implementing security policy. This is primarily for security managers and system administrators. Page description: Comprehensive online book including: Computer/Network security, Internet, Risk analysis, UNIX, NT, Encryption, ITSEC
	Common Criteria Evaluation and Validation Scheme URL: http://www.niap-ccevs.org/cc-scheme/ ODP description: Provides details of this US government scheme. Page title: CCEVS Page description: NIAP CCEVS is managed by the NSA, and is focus on establishing a national program for the evaluation of information technology products for conformance to the International Common Criteria for Information Technology Security Evaluation.
	OSSTMM: Open Source Security Testing Methodology Manual URL: http://www.isecom.org/projects/osstmm.shtml ODP description: A widely used, peer-reviewed, methodology for performing security tests.
	Return on Information Security Investment URL: http://www.geocities.com/amz/ ODP description: Assess your company's Return on Information Security Investment Page description: Assess the return of information security inverstment of your organisation. Use the balanced scorecard to evaluate the financial and strategic aspects of your information security programme.
	U.S. Department of Health and Human Services URL: http://www.cms.hhs.gov/InformationSecurity/ ODP description: Security standards, transactions and code set standards, identifier standards, mailing lists, implementation guides, and administrative simplification. Page title: Overview
	Windows 2000 Group Policy and Security URL: http://www.windowsitpro.com/Article/ArticleID/9169/9169.html ODP description: The use of Group Policy to simplify the network security tasks that you face as a network administrator. With Group Policy, you can ensure that the machines on your network remain in a secure configuration after you deploy them. Page title: Group Policy and Security Page description: Robert McIntosh discusses Group Policy and how you can use it to ensure that the machines on your network remain in a secure configuration after you deploy them.
	Do you have an intrusion detection response plan? URL: http://www.nwfusion.com/newsletters/sec/0913sec1.html ODP description: Discussion of what should go into the creation of an intrusion detection plan and the expected results.
	P3P Guiding Principles URL: http://www.w3.org/TR/NOTE-P3P10-principles ODP description: Principles behind the W3C Platform for Privacy Preferences initiative.
	How to Develop Good Security Policies and Tips on Assessment and Enforcement URL: http://www.giac.org/practical/Kerry_McConnell_GSEC.doc ODP description: [Word Document] Invest the time up front to carefully develop sound policies and then identify ways to gauge their effectiveness and assess the level of compliance within your organization. Commit to spending the time and resources required to ensure that the policies are kept current and accurately reflect your company's security posture. Page title: How to Develop Good Security Policies and Tips on Assessment and Enforcement - GIAC Certified Student Practical
	Canada's Export Controls URL: http://www.efc.ca/pages/doc/crypto-export.html ODP description: Unofficial / unverified article describing Canada's export controls on cryptographic software. Page title: Canada's export controls
	RFC2196 (Site Security Handbook) URL: http://tools.ietf.org/html/rfc2196 ODP description: a guide to developing computer security policies and procedures for sites that have systems on the Internet. Published 1997. Page title: RFC 2196 Site Security Handbook
	Windows IT LIbrary URL: http://www.windowsitlibrary.com/Content/121/07/1.html?Ad=1& ODP description: This paper offers wide ranging advice on the development and implementation of security policies. Page title: Developing Effective Security Policies
	IASEP Data Security Protocol URL: http://arc.education.purdue.edu/protocol/home_page.htm ODP description: An archive website from the Purdue Research Foundation, containing a range of example security policy sets. Page title: Data Security Protocol
	GASSP Home Page URL: http://csrc.nist.gov/publications/nistpubs/800-14/800-14.pdf ODP description: Generally Accepted System Security Principles, developed by The International Information Security Foundation.
	Building Effective, Tailored Information Security Policy URL: http://csrc.nist.gov/nissc/1997/panels/isptg/pescatore/html/ ODP description: 20th NISSC Internet Technical Security Policy Panel
	Policy Over Policing URL: http://archive.infoworld.com/cgi-bin/displayArchive.pl?/96/34/e01-34.55.htm ODP description: InfoWorld article - It's easy to develop e-mail and Internet policies, but education and documentation are crucial to their success. Page title: Policy over policing (InfoWorld)
	ITworld.com - Security's human side URL: http://www.itworld.com/Man/3903/IWD010529securityshuman/ ODP description: IT World article - essentially a review of Pentasafe's VigilEnt security policy management product.
	Formulating a Wireless LAN Security Policy: Relevant Issues, Considerations and Implications URL: http://www.giac.org/practical/David_Quay_GSEC.doc ODP description: [Word Document] This paper represents the security issues related to the use of wireless (vs wired) LAN technology and recommends a number of key implementation guidelines to ensure the secure deployment of wireless LAN services in the company. Page title: Formulating a Wireless LAN Security Policy: Relevant Issues, Considerations and Implications - GIAC Certified Student Practical
	Acceptable Use Policy Report URL: http://members.iinet.net.au/~colinwee/mbt/acceptableuse/ ODP description: A report on Acceptable Usage Policy: what corporations expect of it, a case study, and a framework for creating your own policy. Page title: Acceptable Use Policy Report by Colin Wee for MBT IT Program Page description: The acceptable use policy legally binds the usage of systems as indicated by its documentation.
	An Overview of Corporate Computer User Policy URL: http://www.sans.org/rr/papers/50/535.pdf ODP description: Article discusses the elements of a corporate security policy, which it calls the gateway to a company`s intellectual property. The main threat to information security within a company is its employees. Page title: SANS Institute - An Overview of Corporate Computer User Policy Page description: This paper will discuss what should be covered in a corporate computer user policy that sets the overall tone of an organization's security approach. The intended audience is primarily information technology professionals.
	The Information Security Forum URL: http://www.isfsecuritystandard.com ODP description: It has produced the standard to provide guidelines on all aspects of information security including IT, data, and computer controls. Page title: The Information Security Forum - The Standard of Good Practice for Information Security. Page description: The Information Security Forum has produced the Standard to provide guidelines on all aspects of information security including, IT, Data and Computer controls. The Forum's Standard, drawn from best practices, in-depth research and national, European and International standards, helps organisations to manage risk effectively.
	Institute for Security and Open Methodologies (ISECOM) URL: http://www.isecom.org ODP description: Non-profit, international research initiative dedicated to defining standards in security testing and business integrity testing. Page title: ISECOM - Institute for Security and Open Methodologies
	Information Security Policies URL: http://www.neupart.com ODP description: Make and manage security policies. Run awareness programs with audits and e-learning to build a human firewall. Page title: Neupart - Information Security Management & Awareness Page description: Neupart: Information Security Management and Awareness; Solutions and Services; Based on standards.
	Understanding the Virus Threat and Developing Effective Anti-Virus Policy URL: http://www.sans.org/rr/papers/index.php?id=135 ODP description: This paper focuses on providing the reader with an overview of the current virus landscape and aids in developing best practice anti-virus policies. Page title: SANS Institute - Understanding the Virus Threat and Developing Effective Anti-Virus Policy Page description: This paper focuses on providing the reader with an overview of the current virus landscape and aids in developing best practice anti-virus policies. After presenting the threat, we'll introduce you to today's most popular anti-virus tools.
	SecurityDocs URL: http://www.securitydocs.com/Security_Policies ODP description: A substantial collection of papers and articles on the development and implementation of security policies. Page title: SecurityDocs: Security Policies Page description: Directory of information security articles, white papers, and documents
	SecureZone URL: http://www.securezone.com ODP description: Information portal with focus on policies, protocols and standards Page title: SecureZone: Information Security Directory Page description: The SecureZone Directory. Information, resources, tools and more.
	Browsing with a Loaded Gun URL: http://www.securitytechnet.com/resource/rsc-center/vendor-wp/pentasafe/LoadedGun.pdf ODP description: A strong web Security Policy is key to keeping your company safe in the net-centric world.
	IT Security at MIT URL: http://web.mit.edu/ist/topics/security/ ODP description: Provides a wide range of policies, papers and related resources. Page title: MIT IS&T: IT Security at MIT Page description: MIT IS&T: IT Security at MIT
	The Basics of an IT Security Policy URL: http://www.giac.org/practical/jack_albright_gsec.doc ODP description: This paper is intended to address the importance of having a written and enforceable Information Technology (IT) security policy, and to provide an overview of the necessary components of an effective policy. Page title: The Basics of an IT Security Policy - GIAC Certified Student Practical
	Network Security - Internet Security for the Enterprise URL: http://www.infotechlive.com ODP description: Information hub for the enterprise discussing network security, storage compliance, CRM, and human resource. Page title: Internet Technology News for IT professionals - Info Tech Live Page description: Info Tech Live provides Internet and technology news to IT professionals looking for IT industry specific information and products on Internet Security, Storage Technology, CRM, Content Management and Mobile Computing with advises, opinions and white papers from experts.
	CobiT User Group URL: http://www.controlit.org ODP description: International user group and hub for CobiT, the emerging IT control and security methodology. Page title: COBIT Forums and Information Page description: THE CONTROLIT USER GROUP - Dedicated to Supporting COBIT ™ Users
	What's Your Policy? URL: http://www.windowsitpro.com/Article/ArticleID/9764/9764.html ODP description: If your company doesn't have written security policies, it's time it did, and Mark Edwards has some resources to help.
	Building and Implementing a Successful Information Security Policy URL: http://www.windowsecurity.com/pages/security-policy.pdf ODP description: White paper providing the reader with new and innovative aspects on the process of building a Security Policy, as well as managing a Security Awareness Program.
	FISMApedia URL: http://www.fismapedia.org ODP description: An information resource for Federal IT security policy, including the FISMA, HSPD-12, FDCC, DIACAP, NIACAP and OMB directives. Page title: Main Page - FISMApedia
	Internet/Network Security Policy Development URL: http://netsecurity.about.com/compute/netsecurity/library/weekly/aa080299.htm?iam=mt ODP description: How to write an effective network security policy. This is Part 4 of a 5 part tutorial on Internet and network security. Page title: Previous Network/Internet Security Articles Page description: Previous articles about Network and Internet security issues, resources, tools, vulnerabilites and reviews on Microsoft Windows, Unix, Linux, and Mac systems
	Information Security Program Development URL: http://www.blackmagic.com/ses/bruceg/progmgt.html ODP description: Security standards are needed by organizations because of the amount of information, the value of the information, and ease with which the information can be manipulated or moved. Page title: Information Security Program Development - Bruce C. Gabrielson, PhD
	Best Practices in Network Security URL: http://enterprisesecurity.symantec.com/article.cfm?articleid=42&PID=372347 ODP description: Knowing how and what to protect and what controls to put in place is difficult. It takes security management, including planning, policy development and the design of procedures.