Writing Security Policies

[oneeyedcarmen]

Any of you fine folks ever been charged with having to rewrite the full security policy from the ground up?

Lots of fun, I tell ya.   ::)

I’ve managed to find several templates on the SANS site, be they for the overall policy, email, encryption, audit and the like.  I’m quite thankful for the work that others have done to make my life that much easier…though this is still right f’n tedious.

Then once it’s complete, I get to run it past the CIO, HR, and Legal. 

So to those of you who’ve been asking what the CISSP will get you…  😉
(and THAT, my friends, is why this post is in the Certs category…and I didn’t know where else to put it)

[p_dub]

I too have had the opportunity(?) to tackle this project. The NIST 800-18 provides some pretty good information also.

Quite tedious indeed.

[oneeyedcarmen]

I’m dealing with HIPAA, so I’ve been using 800-66 as well.

No wonder I always feel like I need a nap.  ;D

[geekyone]

I really feel for you.  That is some boring work but somebody has to do it.  :-

[Author]

Posts