Hot Diggety! Tom Limoncelli was rumored to have written:
>
> Suppose you have a very small site and do not yet have a written
> security policy. What is a good "starter policy"? Based on the
> philosophy that "something is better than nothing", what is a 3-5
> sentence policy that can be put in place quickly? (rather than waiting
> to put together the ultimate perfect policy)
Would need to determine the most significant threats. Perhaps something
along the lines of:
- Periodic password changes
- Firewall and antivirus software loaded on all PCs
- Patching (and subsequent rebooting) schedule
- Use of work-provided gear to be used for work
...at a bare minimum. I'll leave it to anyone more interested in
converting that list to a 3-5 sentence policy. ;-)
But these four items covers a large amount of minefield zones, and
better protects both the employer and employee.
-Dan
_______________________________________________
Discuss mailing list
Discuss@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
