Best Writing on Policies and Standards

Last post 06-04-2007 11:29 AM by mcurphey. 3 replies.

Page 1 of 1 (4 items)
	Sort Posts: Previous Next

05-10-2007 10:35 AM

mcurphey
Joined on 02-13-2007
Europe
Posts 199
Points 2,130

Best Writing on Policies and Standards

Reply Contact

I am doing some reading and promise to summarise it on my blog at www.securitybuddha.com

Have you read any good articles/blogs about policies and standards recently?

Care to share?

Post Points: 20

05-18-2007 8:31 AM In reply to

EdJames
Joined on 05-18-2007
Posts 3
Points 80

Re: Best Writing on Policies and Standards

Reply Contact

The Foundstone paper is OK but I suspect the author has only ever been a consultant. You can tell from the tone. We make everyone in the corp info sec dept own and maintain policies and standards. There is a big differnece between writing and publishing and owning and maintaining!

Post Points: 20

05-21-2007 12:10 PM In reply to

Jason
Joined on 03-02-2007
Posts 17
Points 60

Re: Best Writing on Policies and Standards

Reply Contact

Ed,

FYI, both Vivek and I work as consultants and have previously been with large corporations as employees that wrote and implemented security policy. I agree there is a big difference between writing, publishing, owning and maintaining policies, but I'm not sure why you pointed that out. They main purpose of the document was to provide an example showing the correct and incorrect methods to write a policy.

Your sentence "We make everyone in the corp info sec dept own and maintain policies and standards." works fine in some cases, but it triggers my interest. Who owns the Human Resource, privacy and compliance, and physical security policies?

Filed under: Policies Standards

Post Points: 20

06-04-2007 11:29 AM In reply to

mcurphey
Joined on 02-13-2007
Europe
Posts 199
Points 2,130

Re: Best Writing on Policies and Standards

Reply Contact

Owns or maintains?

Post Points: 5

Page 1 of 1 (4 items)