6.4. Getting Started: Standards and Web Resources
If you're not yet ready (or don't have the time) to create your own security policy from scratch, fear not — you can find a lot of excellent information available on the Web that can help you to develop your own policy:
ISO/IEC 27002 (www.iso.com): The International Standards Organization (ISO) and the International Electromechanical Commission (IEC) wrote this standards-based security policy, formerly known as ISO 17799. The goal of this standard is to describe the current worldwide best practices in a variety of areas related to security. Simply put, it helps take the guesswork out of developing a corporate security policy. ISO/IEC 27002 consists of 12 primary sections, each describing best practices for a different area of security. Topics range from physical security to access control. Even if you don't use all (or any) of the content in this standard, it can show you best practices as collected by internationally recognized standards bodies.
SANS Institute (www.sans.org): The SANS Institute's Web site includes templates for a large number of security policies, as well as a great deal of additional information that can help you develop your own security policies, regardless of whether you use their templates. The Institute has been kind enough to include some easy-to-consume materials, similar to the ones that we discuss in the section "Training the masses," earlier in this chapter. For example, the site offers some easy-to-understand ...
Get Network Access Control For Dummies® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
