[unisog] GBLA policy examples
chris.cramer at duke.edu
Wed Jul 16 20:25:42 GMT 2003
there are a handful of samples from different Universities at:
Since the policies don't have to be submitted anywhere for approval,
there doesn't seem to be much concern for a standard form. So the above
samples come in a range from the all-inclusive, policy/procedure
document to ones that seem to be broad policy needing supporting
procedures documented separately.
In general, how are folks handling Grahm-Leach-Bliley? Is it being
dumped directly on to security folks or is it being handled as a larger
issue with support and advice from security? The second is my
preference, but a couple of other groups (who might end up with
responsibility) have been trying to make it an IT Security issue only.
Christopher E. Cramer, Ph.D.
University Information Technology Security Officer
Duke University, Office of Information Technology
253A North Building, Box 90132, Durham, NC 27708-0291
PH: 919-660-7003 FAX: 919-660-7076 CELL: 919-210-0528
PGP Public Key: http://www.duke.edu/~cramer/cramer.pgp
On Wed, 2003-07-16 at 13:39, Phillip G Deneault wrote:
> Does anyone have any good examples for policies that fulfill the
> Gramm-Leach-Bliley Act? I understand what I need to put in but not the
> We've missed the deadline to have submitted our policies and now its on my
> desk. Woo.
> Phil Deneault "We work in the dark, We do what we can,
> deneault at wpi.edu We give what we have. Our doubt is our passion,
> WPI NetOps and our passion is our task. The rest is the
> InfoSec madness of art." - Henry James
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/unisog/attachments/20030716/46e0ef20/attachment-0003.bin
More information about the unisog