Network Security Policy/AUP

Printable View

April 23rd, 2003, 07:40 PM
jezter6

Network Security Policy/AUP

I'm going to be doing some cosulting work for outside companies and will be evaluating exisitng NSP documents, as well as helping them update them or create them from scratch if need be.

I've written one in the past for my old job, and am trying to get a friend to find it and email it to me, but I'm sure it wasn't anywhere near comprehensive.

Does anyone have a company security policy and/or AUP that they'd be willing to share with me? I'm just looking for a bunch of generic stuff that I can combine into something relatively comprehensive for clients.

For security reasons, If you would happen to post, or email me a copy...please make sure to find(replace) your company name and replace it with something generic. I don't want to know the names of the places you work or any crucial info like that...just some text on how your IT staff prepares security, password options, physical security, etc.

If any of you have one to share, pleae post or PM me if you'd like to email.

Thanks a million.
April 23rd, 2003, 07:57 PM
slarty

When I was a sysadmin we were never organised enough to get an AUP up. Anyway, if you're looking for where to start, have a look at some ISP's AUPs, for instance, BT's here

http://www.abuse-guidance.com/

Slarty
April 23rd, 2003, 08:54 PM
naukrup

Try searching on www.sans.org
You'll find templates for several infosec policies, including AUP.
April 23rd, 2003, 09:03 PM
ammo

Thanx for the pointer naukrup. Exact url of that reference would be
http://www.sans.org/resources/policies/#template

This is an intersting/refreshing(!) topic. I myself wanted to (read "should have already"!) write a set of policies but haven't found time nor would have known where to start...

Ammo
April 24th, 2003, 01:29 AM
jezter6

Thanks guys for the links.

I've been to a couple hundred different sites and downloaded some AUP's and NSP's, but none of them seem quite as robust as I was looking for. Most of them were colleges and are at most about 2 pages.

I've looked at the templates as well, but many of them seem very generic (as templates should be). I'm looking for something that is in place and 'seems to work well.'

I wish I could get my old one from the other company, but it seems it may have been deleted (as security doesn't seem to be a priority out there after I left).

Ammo: I've downloaded quite a bit, and am in the process of writing a bunch of crap up. If you ever get around to it, post some stuff up for those of us wanting to do it (again). :)
April 24th, 2003, 03:04 AM
UpperCell

there was an excellent 3 or 4 part guide on securityfocus.com a while back, I'll see if I can get the link in a little while. It was a great guide to creating a well thought out security policy. Just a great read if I remember correctly.
April 24th, 2003, 02:40 PM
DjM

jezter6, I PM'ed you a copy of the policy I have in place at my company. I am not sure if it's what you looking for, but have a look, if you can use any or all of it, be my guest.

Cheers: