Sample Policies - Policy, Security - classifiedslister.com

Policy, Security, Computers – Top

Sample Policies

FAQs, Help, and Tutorials - Security, Computers 8

Acceptable Use Policy Acceptable Use Policy

Defines acceptable use of IT equipment and computing services, and the appropriate employee security measures to protect the organization's corporate resources and proprietary information. [MS Word]

www.sans.org

Acquisition Assessment Policy Acquisition Assessment Policy

Defines responsibilities regarding corporate acquisitions and the minimum requirements of an acquisition assessment to be completed by the information security group. [MS Word]

www.sans.org

Analog/ISDN Line Policy Analog/ISDN Line Policy

Defines policy for analog/ISDN lines used for FAXing and data connections.

www.sans.org

Anti-Virus Policy Anti-Virus Policy

Requirements for effective virus detection and prevention. Written for a laboratory environment but easy to adapt for other settings. [MS Word]

www.sans.org

Application Service Provider Policy Application Service Provider Policy

Security criteria for an ASP. [PDF]

www.sans.org

Audit Policy Audit Policy

Defines requirements and provides authority for the information security team to conduct IT audits and risk assessments. [PDF]

www.sans.org

Backup Policy Backup Policy

Sample policy from the University of North Carolina requires daily, weekly and monthly backups (sometimes known as 'grandfather, father, son').

its.uncg.edu

Backup Policy Backup Policy

A primer to help small businesses write their own backup policies.

bizsecurity.about.com

Backup Policy Backup Policy

Sample policy requires a cycle of daily and weekly backups (monthly backups are also advisable).

www.comptechdoc.org

Campus Security Policy Campus Security Policy

An overarching security policy from Berkeley University includes links to more specific and detailed policies.

security.berkeley.edu

Campus Security Policy Campus Security Policy

High level information security policy from Washington University.

www.wustl.edu

Certification and Accreditation Policy Certification and Accreditation Policy

Policy template by Walt Kobus defines requirements and responsibilities for security assurance throughout the system development process. [PDF]

www.tess-llc.com

Communications Policy Communications Policy

Datacommunications security policy template by Walt Kobus defines network security control requirements. [PDF]

www.tess-llc.com

Cryptography Policy Cryptography Policy

Cryptographic policy template by Walt Kobus. [PDF]

www.tess-llc.com

Data Classification Policy Data Classification Policy

Policy template by Walt Kobus describes the classification of information according to sensitivity (primarily confidentiality). [PDF]

www.tess-llc.com

Database Password Policy Database Password Policy

Defines requirements for securely storing and retrieving database usernames and passwords. [MS Word]

www.sans.org

Dial-in Access Policy Dial-in Access Policy

Policy regarding the use of dial-in connections to corporate networks. [MS Word]

www.sans.org

Disaster Recovery Policy Disaster Recovery Policy

Basic DR policy in just over one side. [PDF]

www.templatezone.com

Disaster Recovery Policy Disaster Recovery Policy

Succinct DR policy from Imperial College, London.

www3.imperial.ac.uk

DMZ Security Policy DMZ Security Policy

Sample policy establishing security requirements of equipment to be deployed in the corporate De-Militarized Zone. [MS Word]

www.sans.org

Electronic Communications Policy Electronic Communications Policy

Formal policy from the University of California covering email and other electronic communications mechanisms [PDF]

www.ucop.edu

Email Forwarding Policy Email Forwarding Policy

Email must not be forwarded automatically to an external destination without prior approval from the appropriate manager. [PDF]

www.sans.org

Email Policy Email Policy

Northern Illinois University email policy

www.its.niu.edu

Email Retention Policy Email Retention Policy

Sample policy to help employees determine which emails should be retained and for how long.

www.sans.org

Encryption Policy Encryption Policy

Defines encryption algorithms that are suitable for use within the organization. [MS Word]

www.sans.org

The ePolicy Institute The ePolicy Institute

Provides policies and resources on information security and other related topics.

www.epolicyinstitute.com

Ethics Policy Ethics Policy

Ethical behavior underpins all procedural security controls. This ethics policy from Spirent is a useful model.

www.spirent.com

Ethics Policy Ethics Policy

Sample policy intended to 'establish a culture of openness, trust and integrity'.

www.sans.org

Extranet Policy Extranet Policy

Defines the requirement that third party organizations requiring access to the organization's networks must sign a third-party connection agreement. [MS Word]

www.sans.org

Government Security Policy Government Security Policy

The New Zealand Government's information security policy, based on the 2000 version of ISO/IEC 17799. [ZIP file containing PDF and MS Word versions]

www.security.govt.nz

Holistic Operational Security Readiness Evaluation Holistic Operational Security Readiness Evaluation

Collaborative open project building a library of sample information security policies, supporting standards and other documents through a wiki.

www.lazarusalliance.com

HSPD-12 Privacy Policy HSPD-12 Privacy Policy

Sample privacy policy including Privacy Act systems of records notices, Privacy Act statements and a privacy impact assessment, designed to satisfy the requirements of HSPD-12 “Policy for a Common Identification Standard for Federal Employees and Contractors”

www.whitehouse.gov

Identification and Authentication Policy Identification and Authentication Policy

I&A policy template by Walt Kobus defines requirements for access control. [PDF]

www.tess-llc.com

Information Data Ownership Policy Information Data Ownership Policy

Policy template by Walt Kobus defines the roles and responsibilities of owners, custodians and users of information systems. [PDF]

www.tess-llc.com

Information Security Policies Information Security Policies

Templates for information security policies, guidelines, checklists and procedures by Walt Kobus.

www.tess-llc.com

Information Security Policies Information Security Policies

The Information Security Toolkit from UCISA (University Colleges and Information Systems Association) contains a suite of security policy and guidance documents reflecting and cross-referenced against BS7799, intended for use in universities. [PDF documents]

www.ucisa.ac.uk

Information Security Policies Information Security Policies

NIST's collection of well over 100 security policies and related awareness materials, mostly from US Government bodies.

csrc.nist.gov

Information Security Policies Information Security Policies

An extensive collection of information security policy samples at SecurityDocs.

www.securitydocs.com

Information Security Policies Information Security Policies

111-page security policy manual from the Australian New South Wales Department of Commerce, based on ISO/IEC 27001. [PDF]

www.gcio.nsw.gov.au

Information Security Policies Information Security Policies

Set of acceptable use and technical policies from the University of Auckland covering common information security issues.

www.auckland.ac.nz

Information Security Policies Information Security Policies

SANS consensus research project offering around 30 editable information security policies.

www.sans.org

Information Security Policy Information Security Policy

High level security policy/guideline from the Department of Health and Human Resources. [PDF]

www.pdfku.com

Information Security Policy Information Security Policy

An information security policy from the University of Illinois.

www.obfs.uillinois.edu

Information Security Policy Information Security Policy

High-level information security policy statement for the Childhood Cancer Research Group at Oxford University.

www.ccrg.ox.ac.uk

Information Sensitivity Policy Information Sensitivity Policy

Sample policy defining the assignment of sensitivity levels to information. [PDF]

www.sans.org

Internet Acceptable Use Policy Internet Acceptable Use Policy

One page Acceptable Use Policy example. [PDF]

www.ruskwig.com

Internet DMZ Equipment Policy Internet DMZ Equipment Policy

Sample policy defining the minimum requirement for all equipment located outside the corporate firewall. [PDF]

www.sans.org

IP Network Security Policy IP Network Security Policy

Example security policy to demonstrate policy writing techniques introduced in three earlier articles.

www.securityfocus.com

ISO/IEC 27001 Policies ISO/IEC 27001 Policies

Typical headings for a security policy aligned broadly with the ISO/IEC 27002 standard for information security management systems.

www.27001-online.com

ISO27k Toolkit ISO27k Toolkit

Collection of information security policies, procedures etc. aligned with the ISO/IEC 27000-series standards and provided under the Creative Commons license. [PDF]

www.iso27001security.com

IT Security Policy IT Security Policy

Information technology security policy at Murdoch University, complete wth supporting standards and guidelines.

www.murdoch.edu.au

IT Security Policy IT Security Policy

IT security policy example/how-to guide from Enterprise Ireland.

www.enterprise-ireland.com

K-20 Network Acceptable Use Policy K-20 Network Acceptable Use Policy

Policy on acceptable use of a school network, along with information for parents and an informed consent form. Developed in Washington State.

www.k12.wa.us

Laboratory Security Policy Laboratory Security Policy

Policy to secure confidential information and technologies in the labs and protect production services and the rest of the organization from lab activities. [MS Word]

www.sans.org

Law Enforcement Data Security Standards Law Enforcement Data Security Standards

IT security policy applicable to the Victoria Police in Australia. 93 pages based on ISO/IEC 27002 and related standards. [PDF]

www.cleds.vic.gov.au

Modem Policy Modem Policy

Sample policy from Sandstorm, designed as an addition to an existing Remote Access Policy, if one exists, or simply to stand alone.

www.sandstorm.net

Network Security Policy Network Security Policy

Example security policy for a data network from the University of Toronto.

www.utoronto.ca

Network Security Policy Guide Network Security Policy Guide

Watchguard's guide to creating an overarching network information security policy, supported by subsidiary policies. [PDF]

www.watchguard.com

Password Policy Password Policy

A password policy presented in the form of a series of security awareness posters. "Passwords are like underwear ..." [PDF]

www.umflint.edu

Password Policy Password Policy

Defines standards for creating, protecting and changing strong passwords. [MS Word]

www.sans.org

Personnel Security Policy Personnel Security Policy

Example policy covering pre-employment screening, security policy training etc. [PDF]

www.datasecuritypolicies.com

Physical Security Policy Physical Security Policy

Policy template by Walt Kobus defines requirements for physical access control to sensitive facilities and use of ID badges. [PDF]

www.tess-llc.com

Generic policy for websites offering goods and services, with an important warning to seek qualified legal advice in this area.

www.cbe.uidaho.edu

Concise policy (just 3 paragraphs) published by the School of Graduate Studies at Norwich University.

www.graduate.norwich.edu

Remote Access Policy Remote Access Policy

Defines standards for connecting to a corporate network from any host. [MS Word]

www.sans.org

Resource Utilization Policy Resource Utilization Policy

Poilicy template by Walt Kobus defines requirements for resilience, redundancy and fault tolerance in information systems. [PDF]

www.tess-llc.com

Risk Assessment Policy Risk Assessment Policy

Defines requirements and authorizes the information security team to identify, assess and remediate risks to the organization's information infrastructure. [MS Word]

www.sans.org

Router Security Policy Router Security Policy

Sample policy establishing the minimum security requirements for all routers and switches connecting to production networks. [MS Word]

www.sans.org

Security Audit Policy Security Audit Policy

Audit policy template by Walt Kobus. [PDF]

www.tess-llc.com

Security Management Policy Security Management Policy

General information security policy template by Walt Kobus. [PDF]

www.tess-llc.com

Security Policy Primer Security Policy Primer

General advice for those new to writing information security policies. [PDF]

www.sans.org

Server Security Policy Server Security Policy

Defines standards for minimal security configuration for servers inside the organization's production network, or used in a production capacity. [PDF]

www.sans.org

Standard Practice Guide Standard Practice Guide

Policy covering appropriate use of information resources and IT at the University of Michigan. [PDF]

spg.umich.edu

Telecommuting/Teleworking Policy Telecommuting/Teleworking Policy

Sample policy on teleworking covering employment as well as information security issues.

www.womans-work.com

Third Party Connection Agreement Third Party Connection Agreement

Sample agreement for establishing a connection to an external party. [PDF]

www.sans.org

University Information Security Policies University Information Security Policies

Electronic resource usage and security policies from the University of Pennsylvania.

www.upenn.edu

University Information Security Policies University Information Security Policies

A set of information security policies from the University of Louisville.

security.louisville.edu

Use of Electronic Mail Use of Electronic Mail

Policy from the University of Colorado on the use of, access to, and disclosure of electronic mail.

www.cusys.edu

User Data Protection Policy User Data Protection Policy

Policy template by Walt Kobus defines requirements for access controls, least privilege, integrity etc. to secure personal data. [PDF]

www.tess-llc.com

Virtual Private Network Policy Virtual Private Network Policy

Defines the requirements for Remote Access IPSec or L2TP Virtual Private Network (VPN) connections to the organization's network. [PDF]

www.sans.org

Wireless Communication Policy Wireless Communication Policy

Sample policy concerning the use of unsecured wireless communications technology. [PDF]

www.sans.org


E-Mail
Password

E X P A N D m i n i m i z e

Home | Contact | Policies

Help build the largest human-edited directory on the web.

Submit a Site - Open Directory Project - Become an Editor