Need help in preparing security policy from scratch!

[COLOR=rgba(0, 0, 0, 0.701961)][FONT=&quot]Dear All, [/FONT][/COLOR]

[COLOR=rgba(0, 0, 0, 0.701961)][FONT=&quot]I am in the process of creating security policy for databases from scratch. Currently I am referring to templates available through SANS website but looking for something better as well. There are lot of similar work items lined up for me this year so looking for places I can find security templates.[/FONT][/COLOR]
[COLOR=rgba(0, 0, 0, 0.701961)][FONT=&quot]Seeking your help and guidance on the same. Thanks in advance![/FONT][/COLOR]

Find more posts tagged with

Comments

TacoRocket

Not to be rude, but you want our help doing your work? We started from scratch or used templates for inspiration. Not much else there is to it.

Experience helps. As does incidents.

jamthat

SANS is a good place to start (although most examples are quite a bit old), but that's all I used to get started when I was doing heavy policy development for a security program and it helped out.

These types of things aren't one size fits all, so multiple examples may not help much. Among many other things, these policies you're developing will be heavily dependent on what regulations your company is subject to and the environment overall.

tedjames

Do a Google search on information security policy templates. Sometimes government agencies and universities actually post their templates and completed policies online.

Replicon

start we SANS and then do google search for publicly accessible policies, read through them to get ideas.

soccarplayer29

Check out Center For Internet Security (CIS) benchmarks they can be a great resource and have hardening guides (benchmarks) for various databases, operating systems, etc.