From: hanhwe_kim@yahoo.com
Subject: Computer Security policy for BZ WEB/RCHI
Date: April 26, 2005 2:11:46 PM PDT
To: bradlauster@raskincenter.org
Cc: dick@cfcl.com, simonejoseph
Hello Brad,
Based upon the discussion we had yesterday and the week before,
can you please put together an "official" security policy for BZ WEB
and RCHI. Since Dick has contact with a Bruce Scheneir(?) who has
some good ideas about security on his web site, I have volunteered
him to help you.
I think the policy should have the following items;
- a statement of security threats
- a list of recommended actions to protect computers and work.
- guidelines for putting things up on the Wiki.
Note: I thought we had concluded that it was OK to put things
that were confidential on our password protected Wiki but then
I remembered that we only were sure that it would not get googled
and we did not address the concern that some people had about the
Wiki not being secure enough, but we also did not elaborate further
on the security issue. Would Atul's ideas for easy encryption
address the other security issue? Perhaps this is something you
and Dick could research.
- a list of recommended security products that BZ WEB/RCHI will
reimburse staff members for:
1) Anti virus and anti spyware products
2) A data back up device for files and software registration info
3) A CD-rom or DVD based back up that can also back up software
images - I am not sure we need to go this far.
The idea is to not make too many rules we can not keep but a
list of some sensible things we can do to protect ourselves against
our likely threats. Note that this is just a starting point and
you are free to add your own ideas.
Once you are done, please pass it by Simone so that she can
give the policy her blessings.
Han
|