Writing an IT security policy - a Practical Start

Amy Corman 2004

This workshop will use the IT Security Policy of the Department of Computer Science & Software Engineering (www.cs.mu.oz.au/itsecurity/policy) as a concrete example of a policy written in the University environment. The goal is for participants to leave with a draft of an IT Security Policy for their own Organisational Unit.
The workshop will cover:

• University context - what other policies are out there, why might I need to write one myself?
• Discussion of each of the major sections of the CS & SE policy with attention to:
  • What is the motivation behind each section?
  • Is the CS & SE policy relevant to other Organisational Units? If not, how can it be modified to be relevant?
  • What improvements can be made or sections added?

About Amy Corman

Amy Corman is a PhD Candidate in the Department of Computer Science and Software Engineering at the University of Melbourne. Her thesis is titled "Secure Network Protocols for Peer-to-peer Applications". Her research interests include network protocol security (especially peer-to-peer), cryptography and formal verification. She has previously presented at numerous international conferences including AINAW, ARES, ACSC, SECURECon, and Ruxcon. She has also worked as a security system administrator and holds a Master's degree in Information Security.