The summer is finally here in the South of France. Its 86 today and from this point until the end of Sept it should be sunny and hot.
We had a few offers for some policy documents but sadly most had strings attached that meant they would not be suitable for everyone to consume so it looks like well just need to start from the ground up.
My plan is as follows.
This week: review a stack of links I have to whitepapers, blogs etc about policies and standards and summarize them along with some notes. From this we can then create a plan that solves the problems and develop a list of tasks.
Anyone volunteer to help me write some content?
Jason made some interesting points about writing policies and cited his blog.
http://infosecalways.com/2007/05/08/roles-responsibilities-in-policy/
From the comments in his blog it seems there is some interest in defining roles and responsibilities in Information Security.
I have so much going on I forgot to post this and ask for a volunteer to get this idea off the ground. How about if we created an org chart of a few typical security departs (reporting up through the CIO, through legal and compliance, via another route etc) and defined a set of roles and responsibilities for the actors. I think this would be a valuable resource for many reasons. Any volunteers? I have a user persona template form which to start and I'll buy you as much beer as you can drink in a 24 hour sitting!