November 21, 2009
Surfing For Security Policies
In the aftermath of September 11, organizations everywhere are shoring up their security
defenses. If you're a network manager, chances are good that you'll be called upon to either set up security policies or to update existing policies. Luckily, there are some free resources available on the Web to help you out.
This month, the Computer Science and Telecommunications Board (CSTB) of the National Research Council (NRC) shone a national spotlight on the need for security policies by issuing a report called Cybersecurity Today and Tomorrow: Pay Now or Pay Later.
But in Internet news groups and chat rooms, many systems administrators say they are stumped by the policy preparation task. One administrator asks, "I'm preparing to write a security policy (from scratch) and I'm trying to gather as much information as possible. Where should I begin?"
Even if your company already has security policies in place, these policies need to stay up-to-date. In a report issued in 1991, the CSTB pointed to viruses as a then-emerging security threat that ought to be rolled into organizational policies.
In 2002, many experts are recommending the integration of physical security into policy statements. Organizations are pulling together information system (IS) security policies featuring rules for items physical access rights, smart-card readers, and CCTV digital cameras, for example.
Digg
del.icio.us
Newsvine
Facebook
Google
LinkedIn
MySpace
Reddit
Slashdot
StumbleUpon
Technorati
Twitter
Windows Live
YahooBuzz
FriendFeedIn the health care arena, organizations are now updating their policies to comply with the 68 different security conditions mandated by the Health Insurance Portability and Accountability Act (HIPAA).
Ideally, you won't be called upon to set up security policies until your company has done a risk assessment. Typically involving top-ranking company personnel, the risk assessment process weighs various security threats, assigns a level of concern to each, and articulates policies about which threats are serious enough to be worth resisting.
If you are assigned to write the security policies for your company, where should you start? One popular book on the subject is Information Security Policies Made Easy, by Charles Cresson Wood.
Free Resources
Related Articles
There also are free resources on the Web that include backgrounders and white papers as well as sample security policies and modifiable software templates.
To begin with, there's coverage of security issues on EarthWeb's Datamation and CrossNodes.
Virtualization can help your organization save money and increase its efficiency regardless of its size, but you need to be aware of all that's involved before embarking on a virtualization project. Download this Internet.com eBook, "What to Expect with Virtualization" to learn about the benefits of virtualization technology as well as the risks and make sure your IT organization is ready.
IT Offers
On the Forums
More IT Management
CIO Update
Datamation
eSecurity Planet
ITSMWatch
Intranet Journal
IT Career Planet
Project Manager Planet
Semantic Web
Datamation Definitions
CIO Update
Datamation
eSecurity Planet
ITSMWatch
Intranet Journal
IT Career Planet
Project Manager Planet
Semantic Web
Datamation Definitions
|
|
Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs 
