Re: IT Security Policy & Procedures Manual

[Bruce Byfield <bbyfield -at- progeny -dot- com>]

"Faulk, Merv L." wrote:
> 
>         I'm in the process of preparing an IT Security Policy & Procedures
> Manual for a company.  Has anybody out there done one...and have any advice
> for a newbee?

Something no one has mentioned yet: permissions. Who can read, write
or execute which files and directories?

Also, besides the policy for acceptable passwords, consider the
technical side of them. If you're using a UNIX/Linux server, should
shadow passwords be enabled? md5 passwords? Will SUID be used, so
that some programs run as root user - and, if so, which ones?

Finally, what technology, if any, is used for remote login?
tarantella? ssh? And who can do a remote login?

-- 
Bruce Byfield 317.833.0313 bbyfield -at- progeny -dot- com
Director of Marketing and Communications, Progeny Linux Systems
Contributing Editor, Maximum Linux

"As through this world I travel, I've met with many men,
Some will rob you with a six gun and some with a fountain pen,
But as through this world you travel, as through this world you
roam,
You won't ever see an outlaw drive a family from its home."
-Woody Guthrie, "The Ballad of Pretty Boy Floyd"

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Develop HTML-Based Help with Macromedia Dreamweaver 4 ($100 STC Discount)
**WEST COAST LOCATIONS** San Jose (Mar 1-2), San Francisco (Apr 16-17)
http://www.weisner.com/training/dreamweaver_help.htm or 800-646-9989.

Sponsored by ForeFront, Inc., maker of ForeHelp Help authoring tools
for print, WinHelp, HTML Help, JavaHelp, and cross-platform InterHelp
See www.forehelp.com for more information and free evaluation downloads

---
You are currently subscribed to techwr-l as: archive -at- raycomm -dot- com
To unsubscribe send a blank email to leave-techwr-l-obscured -at- lists -dot- raycomm -dot- com
Send administrative questions to ejray -at- raycomm -dot- com -dot-  Visit 
http://www.raycomm.com/techwhirl/ for more resources and info.