.

Security policy resources?

<<

Jhaddix

User avatar

Sr. Member
Sr. Member

Posts: 317

Joined: Wed Oct 29, 2008 10:25 pm

Post Tue Aug 18, 2009 2:15 pm

Security policy resources?

Hey Guys,

In order to further expand my career as a pentester and security engineer i am looking for some good resources or examples of great security policy. I know the big corporations use models from this:

Information Security Policies Made Easy

but at $800 i cant afford that book.

Any links, tips, or resources you could provide would be great.

Thanks =)
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Tue Aug 18, 2009 2:34 pm

Re: Security policy resources?

How about this from our friends at SANS:


Introduction to the SANS Security Policy Project

Welcome to the SANS Security Policy Resource page, a consensus research project of the SANS community. The ultimate goal of the project is to offer everything you need for rapid development and implementation of information security policies. You'll find a great set of resources posted here already including policy templates for twenty-four important security requirements.

There is no cost for using these resources. They were compiled to help the people attending SANS training programs, but security of the Internet depends on vigilance by all participants, so we are making this resource available to the entire community.

Over the years a frequent request of SANS attendees has been for consensus policies, or at least policy templates, that they can use to get their security programs updated to reflect 21st century requirements. While SANS has provided some policy resources for several years, we felt we could do more if we could get the community to work together. This page provides a vastly improved collection of policies and policy templates.

It also offers a primer for those new to policy development and specific guidance on policies related to legal requirements such as the HIPAA guidelines.

This page will continue to be a work in-progress and the policy templates will be living documents. We hope all of you who are SANS attendees will be willing and able to point out any problems in the models we post. We also hope that you will share policies your organization has written if they reflect a different need from those provided here or if they do a better job of making the policies brief, easy to read, feasible to implement, and effective.

We'll make improvements and add new resources and sample policies as we discover them.



Check it out here:
http://www.sans.org/resources/policies/

Don
CISSP, MCSE, CSTA, Security+ SME
<<

dalepearson

Sr. Member
Sr. Member

Posts: 357

Joined: Thu Nov 09, 2006 10:03 am

Post Tue Aug 18, 2009 2:56 pm

Re: Security policy resources?

If your looking for some standards framework stuff, you might want to look at the ISO27001 stuff. Here is the framework examples here - http://www.27001-online.com/secpols.htm
<<

Jhaddix

User avatar

Sr. Member
Sr. Member

Posts: 317

Joined: Wed Oct 29, 2008 10:25 pm

Post Tue Aug 18, 2009 3:29 pm

Re: Security policy resources?

good links! thanks guys =)
<<

Bane

Post Tue Aug 18, 2009 4:08 pm

Re: Security policy resources?

Another great resource is Google. If you search for a policy, chances are you will find tons that others have written before that will get you on your way. This is an especially good way to find things that you may have missed in your policy.
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Tue Aug 18, 2009 6:09 pm

Re: Security policy resources?

Most sites make you pay for 27001/17799 literature.  I spent a good deal amount of time researching free options a while back and have a couple of the older 17799 checklists.  Not much has changed from 17799 to 27001.  I used the 17799 checklists I found to structure anything from corporate security policies to security audit reviews.  Let me know if you are interested and I will send you what I have.
~~~~~~~~~~~~~~
Ketchup
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Wed Aug 19, 2009 2:38 am

Re: Security policy resources?

$800 for a book is quite expensive. Probably it is not intended for private persons but for companies. Is there any chance you could ask the company you are working with may purchase it?

I recently bought a book about 27001, though it is in German language.

If you don't mind Ketchup, I too would be interested in what you have.
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Wed Aug 19, 2009 7:16 am

Re: Security policy resources?

Awesec, sure thing.  Just pm me with a way to send it to you and I will.  It's a little old, the information, but I thought it still applies quite well. 
~~~~~~~~~~~~~~
Ketchup
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Wed Aug 19, 2009 7:40 am

Re: Security policy resources?

Thank you very much. :)

Return to Compliance, Regulations &amp; Standards

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software