| About Us |
| News |
| Alerts |
| Events |
| Services |
| Resources |
| Report Incidents |
| Incident Statistics |
| Security FAQS |
| Training |
| Vacancies |
| Links |
NISER > Resources > Policies and Procedures
How to form an Incident Response Team This paper examines the role an IRT may play in the community, and the issues that should be addressed both during the formation and after commencement of operations. It may be of benefit to existing IRTs as it may raise awareness of issues not previously addressed. This document gathers resources related to writing secure CGI scripts for WWW servers. This directory contains ethics policies. There are now copyright policies, and some data access policies. The sub-directory Data.Access contains these few policies. A Sample High-level Network Security Policy A high-level network security policy states your company's security measures in general terms. This document was created for a fictatious company which addresses each policy issue covered in "What Is Usually Included in a Network Security Policy.". Note that this document was written in Microsoft Words. What Is Usually Included in a Network Security Policy- rfc1244 Site Security Handbook by the Internet Engineering Task Force Whether you decide to write a high- or low-level network security policy, you will typically cover the same basic issues. This document address at least 10 issues needed in most network security policies--regardless of the company's size, industry, or security requirements. (WinWord) Network Security Policy by Novell What would you do if you arrived at work one morning and discovered that hundreds of files had been deleted from your company's file servers? Who would you call? How would you recover the files? How would you investigate how these files were deleted? If your company had a comprehensive network security policy, you would know exactly what to do in such a situation. This document provides information on how to wite such network security policy. (WinWord) rfc1244 Site Security Handbook by the Internet Engineering Task Force This handbook is a guide to setting computer security policies and procedures for sites that have systems on the Internet. This guide lists issues and factors that a site must consider when setting their own policies. It makes some recommendations and gives discussions of relevant areas. This guide is only a framework for setting security policies and procedures. In order to have an effective set of policies and procedures, a site will have to make many decisions, gain agreement, and then communicate and implement the policies. rfc1281 Guidelines for the Secure Operation of the Internet from the IETF The purpose of this document is to provide a set of guidelines to aid in the secure operation of the Internet. This includes a sample of Network Security Policy from UEL and UNIX Security Checklist. NIST : Internet Security Policy: A technical Guide [DRAFT] This document is intended to help an organization create a coherent Internet-specific information security policy. It provides a brief overview of the Internet and its constituent protocols. It discusses the primary uses of the Internet, and the associated policy implications. And it provides sample policy statements for low, medium and high risk/protection environments. Phrack Magazine Issue Number 55 Among the articles found on this magazine are:
Links: Among whitepapers and publications listed by Lance Spitzner are:
Links: Last Update March 11, 2001 |