RFC1244 - Page 3

• Title: Site Security Handbook
• Author: J.P. Holbrook, J.K. Reynolds
• Date: July 1, 1991

Page Navigation:

1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  16  17  18  19  20  21  22  23  24  25  26  27  28  29  30  31  32  33  34  35  36  37  38  39  40  41  42  43  44  45  46  47  48  49  50  51  52  53  54  55  56  57  58  59  60  61  62  63  64  65  66  67  68  69  70  71  72  73  74  75  76  77  78  79  80  81  82  83  84  85  86  87  88  89  90  91  92  93  94  95  96  97  98  99  100  101 

Printable Version: RFC1244.PDF

RFC 1244                 Site Security Handbook                July 1991


6.4  Upgrading Policies and Procedures............................... 81
7.  References....................................................... 81
8.  Annotated Bibliography........................................... 83
8.1  Computer Law.................................................... 84
8.2  Computer Security............................................... 85
8.3  Ethics.......................................................... 91
8.4  The Internet Worm............................................... 93
8.5  National Computer Security Center (NCSC)........................ 95
8.6  Security Checklists............................................. 99
8.7  Additional Publications......................................... 99
9.  Acknlowledgements................................................101
10.  Security Considerations.........................................101
11.  Authors' Addresses..............................................101

1.  Introduction

1.1  Purpose of this Work

   This handbook is a guide to setting computer security policies and
   procedures for sites that have systems on the Internet.  This guide
   lists issues and factors that a site must consider when setting their
   own policies.  It makes some recommendations and gives discussions of
   relevant areas.

   This guide is only a framework for setting security policies and
   procedures.  In order to have an effective set of policies and
   procedures, a site will have to make many decisions, gain agreement,
   and then communicate and implement the policies.

1.2  Audience

   The audience for this work are system administrators and decision
   makers (who are more traditionally called "administrators" or "middle
   management") at sites.  This document is not directed at programmers
   or those trying to create secure programs or systems.  The focus of
   this document is on the policies and procedures that need to be in
   place to support any technical security features that a site may be
   implementing.

   The primary audience for this work are sites that are members of the
   Internet community.  However, this document should be useful to any
   site that allows communication with other sites.  As a general guide
   to security policies, this document may also be useful to sites with
   isolated systems.







Site Security Policy Handbook Working Group                     [Page 3]