Rational Survivability

I have spent a lot of time, sweat and tears in prior lives chipping away at building a template set of IT/Information Security policies and procedures that were aligned to (and audited against) various regulatory requirements and the 10 Domains/127 Controls of ISO17799.

This consolidated set of P&P’s is intact and well written.  Actual business people have been able to read, understand and (gasp!) comply with them.  I know, "impossible!" you say.  Nay, ’tis rational is all…

As part of my effort to give back, I thought that many of you maybe at a point where while you have lots of P&P’s specific to your business, not having to reinvent the wheel by drafting this sort of polished package yourself or paying someone to do it might be useful.

The P&P’s are a complete package that outline at a high-level the basis of an ISO-aligned security program; you could basically search/replace and be good to go for what amounts to 99% of the basic security coverage you’d need to address most elements of a well-stocked security pantry.

You can use this "English" high-level summary set to point to indexed detailed P&P mechanics or standards that are specific to your organization.

Would this be of some use to you?  I would need to do some work to take care of some rough spots and sanitize the word doc, but if there is enough interest I’ll do it and post it for whomsoever would like it.  Just to be clear, the P&P’s are already written, I’ll just make it SEARCH/REPLACE friendly.

I’m not trying to tease anyone, I just don’t want to do the up-front work if nobody is interested.

Let me know in the comments; no need to leave website links (for obvious reasons) just let me know by your comment if this is something you’d like.  If I get enough demand, I’ll "get her done!"

OK, good enough.  Thanks for the comments.  I’ll post it up in the next few days.  Thanks guys.

/Hoff