Home |
Sample Policies (72) See Also:
Sites:
» Acceptable Use Policy
Template policy clarifying the acceptable use of IT devices and networks. [MS Word] http://www.first.org/resources/guides/aup_generic.doc » Acceptable Use Policy Template
A template in MS Word for a basic acceptable use policy, from the State of California Office of Information Security. http://www.cio.ca.gov/OIS/Government/library/documents/ACCEPTABLEUSEPOLICYTEMPLATE.doc » Acquisition Assessment Policy
Defines responsibilities regarding corporate acquisitions and the minimum requirements of an acquisition assessment to be completed by the information security group. [MS Word] http://www.sans.org/resources/policies/Aquisition_Assessment_Policy.doc » Analog/ISDN Line Policy
Defines policy for analog/ISDN lines used for FAXing and data connections. http://www.sans.org/resources/policies/Analog_Line_Policy.doc » Antivirus Policy
From the State of Vermont Agency of Administration. Mandates the use of antivirus software on applicable systems. http://dii.vermont.gov/sites/dii/files/pdfs/DII-Malware_Standard.pdf » Application Service Provider Policy
Security criteria for an ASP. http://www.sans.org/resources/policies/Application_Service_Providers.pdf » Audit Policy
Defines requirements and provides authority for the information security team to conduct IT audits and risk assessments. http://www.sans.org/resources/policies/Audit_Policy.pdf » Awareness and Training Policy
From Georgia Perimeter College. Mandates an ongoing and creative general security awareness program supplemented with more specific training where needed. http://www.gpc.edu/Governance/policies/1100/1154SecurityAwarenessTraining01-10.pdf » Backup Policy
Sample policy from the University of North Carolina requires daily, weekly and monthly backups (sometimes known as 'grandfather, father, son'). http://its.uncg.edu/Policy_Manual/Computer_Backup/ » Campus Security Policy
High level information security policy from Washington University. http://www.wustl.edu/policies/infosecurity.html » DMZ Security Policy
Sample policy establishing security requirements of equipment to be deployed in the corporate De-Militarized Zone. [MS Word] http://www.sans.org/resources/policies/DMZ_Lab_Security_Policy.doc » Database Password Policy
Defines requirements for securely storing and retrieving database usernames and passwords. [MS Word] http://www.sans.org/resources/policies/DB_Credentials_Policy.doc » Dial-in Access Policy
Policy regarding the use of dial-in connections to corporate networks. [MS Word] http://www.sans.org/resources/policies/Dial-in_Access_Policy.doc » Disaster Recovery Policy
Basic DR policy in just over one side. http://www.templatezone.com/pdfs/Disaster-Recovery-policy.pdf » Disclosure And Blogging Policies
An open source document containing a suite of information security policy statements regarding employees blogging or contributing to other online media, written in the form of checklists. [MS Word] http://www.socialmedia.org/wp-content/uploads/2009/07/SMBC-Disclosure-Best-Practices-Toolkit.docx » Electronic Communications Policy
Formal policy from the University of California covering email and other electronic communications mechanisms http://www.ucop.edu/ucophome/coordrev/policy/PP081805ECP.pdf » Email Forwarding Policy
Email must not be forwarded automatically to an external destination without prior approval from the appropriate manager. http://www.sans.org/resources/policies/Automatically_Forwarded_Email_Policy.pdf » Email Policy
Policy from the University of Colorado on the use of, access to, and disclosure of electronic mail. https://www.cusys.edu/policies/policies/IT_Email.html » Email Retention Policy
Sample policy to help employees determine which emails should be retained and for how long. http://www.sans.org/resources/policies/email_retention.doc » Encryption Policy
Defines encryption algorithms that are suitable for use within the organization. [MS Word] http://www.sans.org/resources/policies/Acceptable_Encryption_Policy.doc » Ethics Policy
Ethical behavior underpins all procedural security controls. This ethics policy from Spirent is a useful model. http://www.spirent.com/about/technology.cfm?media=7&ws=324&ss=177 » Extranet Policy
Defines the requirement that third party organizations requiring access to the organization's networks must sign a third-party connection agreement. [MS Word] http://www.sans.org/resources/policies/Extranet_Policy.doc » FIPS 140-2 Security Policy
Security policy for the OpenSSL FIPS software object module, required for validation against FIPS (Federal Information Processing Standard) 140-2. http://openssl.org/docs/fips/SecurityPolicy-1.1.1.pdf » IP Network Security Policy
Example security policy to demonstrate policy writing techniques introduced in three earlier articles. http://www.securityfocus.com/infocus/1497 » ISMS Policy
A high level (single page) policy statement from Ricoh, supporting their Information Security Management System. http://www.ricoh.ca/pdfs/ISMS%20Policy%20Statement.pdf » ISO/IEC 27001 Policies
Typical headings for a security policy aligned broadly with the ISO/IEC 27002 standard for information security management systems. http://www.27001-online.com/secpols.htm » ISO27k Toolkit
Collection of information security policies, procedures etc. aligned with the ISO/IEC 27000-series standards and provided under the Creative Commons license. http://www.iso27001security.com/html/iso27k_toolkit.html » IT Security Policy
IT security policy example/how-to guide from Enterprise Ireland. http://www.enterprise-ireland.com/ebusinesssite/guides/internal_security/internal_security_index.asp » Incident Response Policy
Yale University's policy regarding assessing IT security incidents, forming response teams and responding. http://www.yale.edu/ppdev/policy/5143/5143.pdf » Information Security Policies
The Information Security Toolkit from UCISA (University Colleges and Information Systems Association) contains a suite of security policy and guidance documents reflecting and cross-referenced against BS7799, intended for use in universities. [PDF documen http://www.ucisa.ac.uk/ist/ » Information Security Policy
High level security policy/guideline from the Department of Health and Human Resources. http://www.pdfku.com/download-pdf-828.html » Information Sensitivity Policy
Sample policy defining the assignment of sensitivity levels to information. http://www.sans.org/resources/policies/Information_Sensitivity_Policy.pdf » Internet Acceptable Use Policy
One page Acceptable Use Policy example. http://www.ruskwig.com/docs/internet_policy.pdf » Internet DMZ Equipment Policy
Sample policy defining the minimum requirement for all equipment located outside the corporate firewall. http://www.sans.org/resources/policies/Internet_DMZ_Equipment_Policy.pdf » Laboratory Security Policy
Policy to secure confidential information and technologies in the labs and protect production services and the rest of the organization from lab activities. [MS Word] http://www.sans.org/resources/policies/Internal_Lab_Security_Policy.doc » Laptop Security Policy
From the National Health Service. [MS Word] https://www.igt.connectingforhealth.nhs.uk/WhatsNewDocuments/Exemplar%20Laptop%20Security%20Policy.doc » Law Enforcement Data Security Standards
IT security policy applicable to the Victoria Police in Australia. 93 pages based on ISO/IEC 27002 and related standards. http://www.cleds.vic.gov.au/retrievemedia.asp?Media_ID=20338 » Modem Policy
Sample policy from Sandstorm, designed as an addition to an existing Remote Access Policy, if one exists, or simply to stand alone. http://www.sandstorm.net/products/phonesweep/modempolicy.php » Network Security Policy
Example security policy for a data network from the University of Toronto. http://www.utoronto.ca/security/documentation/policies/policy_5.htm » Network Security Policy Guide
Watchguard's guide to creating an overarching network information security policy, supported by subsidiary policies. http://www.watchguard.com/docs/whitepaper/securitypolicy_wp.pdf » Password Policy
A password policy presented in the form of a series of security awareness posters. "Passwords are like underwear ..." http://www.umflint.edu/its/units/initiatives/publicity/password.htm » Password Standard
32 page extended policy document from the New Zealand government, explains both risks and control requirements. http://plone.e.govt.nz/standards/e-gif/authentication/password/password.pdf » Personnel Security Policy
Example policy covering pre-employment screening, security policy training etc. http://www.datasecuritypolicies.com/wp-content/uploads/2007/04/generic-personnel-security-policy.pdf » Privacy Policy
Concise policy (just 3 paragraphs) published by the School of Graduate Studies at Norwich University. http://www.graduate.norwich.edu/privacy_policy.php » Remote Access Policy
Defines standards for connecting to a corporate network from any host. [MS Word] http://www.sans.org/resources/policies/Remote_Access_Policy.doc » Resource Utilization Policy
Policy template by Walt Kobus defines requirements for resilience, redundancy and fault tolerance in information systems. http://www.tess-llc.com/Resource Utilization PolicyV4.pdf » Risk Assessment Policy
Defines requirements and authorizes the information security team to identify, assess and remediate risks to the organization's information infrastructure. [MS Word] http://www.sans.org/resources/policies/Risk_Assessment_Policy.doc » Router Security Policy
Sample policy establishing the minimum security requirements for all routers and switches connecting to production networks. [MS Word] http://www.sans.org/resources/policies/Router_Security_Policy.doc » Security Policy Primer
General advice for those new to writing information security policies. http://www.sans.org/resources/policies/Policy_Primer.pdf » Server Security Policy
Defines standards for minimal security configuration for servers inside the organization's production network, or used in a production capacity. http://www.sans.org/resources/policies/Server_Security_Policy.pdf » Standard Practice Guide
Policy covering appropriate use of information resources and IT at the University of Michigan. http://spg.umich.edu/pdf/601.07-0.pdf » Telecommuting/Teleworking Policy
Sample policy on teleworking covering employment as well as information security issues. http://www.womans-work.com/teleworking_policy.htm » The ePolicy Institute
Provides policies and resources on information security and other related topics. http://www.epolicyinstitute.com » Third Party Connection Agreement
Sample agreement for establishing a connection to an external party. http://www.sans.org/resources/policies/Third_Party_Agreement.pdf » University Information Security Policies
A set of information security policies from the University of Louisville. http://security.louisville.edu/PolStds » Virtual Private Network Policy
Defines the requirements for Remote Access IPSec or L2TP Virtual Private Network (VPN) connections to the organization's network. http://www.sans.org/resources/policies/Virtual_Private_Network.pdf » Wireless Communication Policy
Sample policy concerning the use of unsecured wireless communications technology. http://www.sans.org/resources/policies/Wireless_Communication_Policy.pdf Category Editor: garyhins
Last Updated: 2010-06-16 05:14:02
The content of this directory is based on the Open Directory and has been modified by GoSearchFor.com |