Join Focus

Share what you know with millions of people

Focus is the best place to turn what you know into remarkable content
×
0

Examples of a network security policy?

I'm part of a committee that is drafting a network security policy for our organization. We are at the early stages of developing such a policy, and I'd like to review some policies of other organizations first in order to see what the structure and format of such a document would look like. Does anyone have a network security policy they'd like to share?

Attachments

Topics
Information Technology
Network Security
Networking
Security
Carroll, Trent
Answer This Question
Trent Carroll
asked on June 4, 2010
  • Recommended by:
0
Andrew Baker
Andrew Baker
Director, Service Operations, SWN Communications Inc.
Posted on June 4, 2010
  • Recommended by:

Trent, have you seen the following templates?

http://www.sans.org/security-resources/policies/

They are highly regarded, and I have used them in the past for policy formation.

-ASB: http://xeesm.com/AndrewBaker

0
Richard Stiennon
Richard Stiennon
Chief Research Analyst, IT-Harvest
Posted on June 5, 2010
  • Recommended by:

I have always admired the work the State of Ohio has put in to their policies. You will find all of them right here: http://privacy.ohio.gov/ohiopolicies/index.stm

0
Rick Freeman
Rick Freeman
CEO, Rick Freeman & Associates, LLC
Posted on June 7, 2010
  • Recommended by:

IT policies and procedures are critical to the successful operations of every company. There are three main categories that should be addressed in policy and procedure development. Operations Management, Change Management, and Security Management. Policies state the Scope, Intent, and what the individual policy is. Procedure statements outline how policies are enforced, breaches are reported and consequences for violations of policy.

Each policy should carry a unique identifier, a revision number, revision date and should provide a record of who the author was. All policies should also be reviewed and approved by someone other than the author to ensure proper controls. A record of the approval should be maintained. Annual reviews of each policy and procedure would be considered best practice even if there are no changes.

Well managed policies and procedures are a sign that your company considers IT Governance a priority.

Rick Freeman

0
Amy Babinchak
Amy Babinchak
Managing Partner, Third Tier & Harbor Computer Services
Posted on July 26, 2010
  • Recommended by:

A security policy is always a work in progress requiring constant updating. If you are starting from zero, I would look the Massachutetts Written Personal Security Guide. http://www.mass.gov/Eoca/docs/idtheft/sec_plan_smallbiz_guide.pdf

It is designed for use by small businesses to step them through the process of creating a plan, but can also be used by any business looking to take a first foray into creating a security plan.

Answer This Question

Events

Related Activity

Syed Sabih Uddin Ahmed
Syed Sabih Uddin Ahmed answered
Is Cloud Computing a technology driven wave or a business lead wave of change?
5 hours 40 minutes ago
anderi Iosua
anderi Iosua answered
What is "the consumerization trend" and why is it a problem?
9 hours 1 minute ago
Andrew Baker
Andrew Baker answered
Considering both Apple and Microsoft OS which has the best security?
10 hours 38 minutes ago
Andrew Baker
Andrew Baker asked
Are there hidden security costs for outsourcing?
10 hours 48 minutes ago
Rapidsoft Technologies
Rapidsoft Technologies answered
How can companies use mobility to extend the use of their ERP systems?
11 hours 22 minutes ago
Nora Stewart
Nora Stewart answered
What are some good practices to prevent spammers from filling out a form on my website?
yesterday
José Ricardo Santos
José Ricardo Santos asked
How can I transform members into buyers?
yesterday
Lucian Cazac
Lucian Cazac answered
What would you do if a direct competitor requests to add you to their Linked In network?
yesterday
rabbi rabb
rabbi rabb commented on
50 Places Linux is Running That You Might Not Expect
May 26, 2012
Andrew Baker
Andrew Baker answered
Will custom-built application delivery controllers in massive data centers replace off-the-shelf hardware?
May 25, 2012