Mike Cain wrote: > > Yeah, the box came to me basically because the guy above me doesn't have > a clue about NT or about ANY security... Bad timing I guess or good > depending on how you look at it... I have just got back from meeting > with management to suggest some policies, now they want me to write an > IT policies handbook, guess I asked for that one huh? :) > > So where should I start looking for de-facto policies, and such? Or > should I just use my best judgment? I'm thinking the latter is a bad > idea because if one doesn't pan out, then they say, "Well... YOU wrote > them..." :) > > Again, thanks SO MUCH for all the responses. Groups like this make > learning the security scene A LOT less painful. There is a small, but useful book that you can purchase for a nominal sum from the SAGE portion of usenix. I truly recommend it. http://sageweb.sage.org/resources/publications/short_topics.html It is short topics #2, entitled "A Guide to Developing Computing Policy Documents." I also recommend (for this group) the short topics booklets on "#6: A System Administrator's Guide to Auditing," and "#3: System Security: A Management Perspective," which are also useful to anyone in the security industry, regardless of experience level. -- Only the mediocre are always at their best. Jean Giraudoux ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Nov 25 2002 - 09:24:38 PST