|
 Directories
|
Top > Computers >
Security >
Policy >
Sample Policies
|
|
|
Information Security Policies
NIST's collection of well over 100 security policies and related awareness materials, mostly from US Government bodies.
University Information Security Policies
A set of information security policies from the University of Louisville.
Password Policy
A password policy presented in the form of a security awareness poster. "Passwords are like underwear ..."
ISO 27001 Policies
Typical headings for a security policy aligned broadly with the ISO/IEC standard for information security management systems.
Information Security Policies
US Postal Service's information security policy manual. 264 pages of security controls, broadly similar in structure to ISO/IEC 27002.
Information Security Policies
Collection of information security policy samples covering PKI, antivirus, ethics, email and several other topics, from AttackPrevention.
Information Security Policies
Set of acceptable use and technical policies from the University of Auckland covering common information security issues.
Privacy Policy
Generic policy for websites offering goods and services, with an important warning to seek qualified legal advice in this area.
Information Security Policy
High-level information security policy statement for the Childhood Cancer Research Group at Oxford University.
Law Enforcement Data Security Standards
IT security policy applicable to the Victoria Police in Australia. 93 pages based on ISO/IEC 27002 and related standards.
Company Email Policy
A menu of clauses suitable for email acceptable use policies.
Use of Electronic Mail
Policy from the University of Colorado on the use of, access to, and disclosure of electronic mail.
Personnel Security Policy
Example policy covering pre-employment screening, security policy training etc.
IT Security Policy
IT security policy example/how-to guide from Enterprise Ireland.
Information Security Policies
Policies on information security and other topics from ePolicy Institute.
Information Security Policies
111-page security policy manual from the Australian New South Wales Department of Commerce, based on ISO/IEC 27001.
K-20 Network Acceptable Use Policy
Policy on acceptable use of a school network, along with information for parents and an informed consent form. Developed in Washington State.
Holistic Operational Security Readiness Evaluation
Collaborative open project building a library of sample information security policies, supporting standards and other documents through a wiki.
IT Security Policy
Information technology security policy at Murdoch University, complete wth supporting standards and guidelines.
Information Security Policy
An information security policy from the University of Illinois.
Internet Acceptable Use Policy
One page Acceptable Use Policy example.
Modem Policy
Sample policy from Sandstorm, designed as an addition to an existing Remote Access Policy, if one exists, or simply to stand alone.
Encryption Policy
Defines encryption algorithms that are suitable for use within the organization. [MS Word]
Acceptable Use Policy
Defines acceptable use of IT equipment and computing services, and the appropriate employee security measures to protect the organization's corporate resources and proprietary information. [MS Word]
Analog/ISDN Line Policy
Defines policy for analog/ISDN lines used for FAXing and data connections.
Application Service Provider Policy
Security criteria for an ASP.
Acquisition Assessment Policy
Defines responsibilities regarding corporate acquisitions and the minimum requirements of an acquisition assessment to be completed by the information security group. [MS Word]
Audit Policy
Defines requirements and provides authority for the information security team to conduct IT audits and risk assessments.
Email Forwarding Policy
Email must not be forwarded automatically to an external destination without prior approval from the appropriate manager.
Database Password Policy
Defines requirements for securely storing and retrieving database usernames and passwords. [MS Word]
DMZ Security Policy
Sample policy establishing security requirements of equipment to be deployed in the corporate De-Militarized Zone. [MS Word]
Dial-in Access Policy
Policy regarding the use of dial-in connections to corporate networks. [MS Word]
Ethics Policy
Sample policy intended to 'establish a culture of openness, trust and integrity'.
Extranet Policy
Defines the requirement that third party organizations requiring access to the organization's networks must sign a third-party connection agreement. [MS Word]
Information Sensitivity Policy
Sample policy defining the assignment of sensitivity levels to information.
Laboratory Security Policy
Policy to secure confidential information and technologies in the labs and protect production services and the rest of the organization from lab activities. [MS Word]
Internet DMZ Equipment Policy
Sample policy defining the minimum requirement for all equipment located outside the corporate firewall.
Anti-Virus Policy
Requirements for effective virus detection and prevention. Written for a laboratory environment but easy to adapt for other settings. [MS Word]
Password Policy
Defines standards for creating, protecting and changing strong passwords. [MS Word]
Security Policy Primer
General advice for those new to writing information security policies.
Remote Access Policy
Defines standards for connecting to a corporate network from any host. [MS Word]
Risk Assessment Policy
Defines requirements and authorizes the information security team to identify, assess and remediate risks to the organization's information infrastructure. [MS Word]
Router Security Policy
Sample policy establishing the minimum security requirements for all routers and switches connecting to production networks. [MS Word]
Server Security Policy
Defines standards for minimal security configuration for servers inside the organization's production network, or used in a production capacity.
Third Party Connection Agreement
Sample agreement for establishing a connection to an external party.
Virtual Private Network Policy
Defines the requirements for Remote Access IPSec or L2TP Virtual Private Network (VPN) connections to the organization's network.
Wireless Communication Policy
Sample policy concerning the use of unsecured wireless communications technology.
Information Security Policies
SANS consensus research project offering around 30 editable information security policies.
Email Retention Policy
Sample policy to help employees determine which emails should be retained and for how long.
Government Security Policy
The New Zealand Government's information security policy, based on the 2000 version of ISO/IEC 17799. [ZIP file containing PDF and MS Word versions]
IP Network Security Policy
Example security policy to demonstrate policy writing techniques introduced in three earlier articles.
Disaster Recovery Policy
Basic DR policy in just over one side.
Certification and Accreditation Policy
Policy template by Walt Kobus defines requirements and responsibilities for security assurance throughout the system development process.
Communications Policy
Datacommunications security policy template by Walt Kobus defines network security control requirements.
Cryptography Policy
Cryptographic policy template by Walt Kobus.
Data Classification Policy
Policy template by Walt Kobus describes the classification of information according to sensitivity (primarily confidentiality).
Identification and Authentication Policy
I&A policy template by Walt Kobus defines requirements for access control.
Information Data Ownership Policy
Policy template by Walt Kobus defines the roles and responsibilities of owners, custodians and users of information systems.
Physical Security Policy
Policy template by Walt Kobus defines requirements for physical access control to sensitive facilities and use of ID badges.
Resource Utilization Policy
Poilicy template by Walt Kobus defines requirements for resilience, redundancy and fault tolerance in information systems.
Security Audit Policy
Audit policy template by Walt Kobus.
Security Management Policy
General information security policy template by Walt Kobus.
Information Security Policies
Templates for information security policies, guidelines, checklists and procedures by Walt Kobus.
User Data Protection Policy
Policy template by Walt Kobus defines requirements for access controls, least privilege, integrity etc. to secure personal data.
Information Security Policies
The Information Security Toolkit from UCISA (University Colleges and Information Systems Association) contains a suite of security policy and guidance documents reflecting and cross-referenced against BS7799. [PDF documents]
Information Security Policies
Electronic resource usage and security policies from the University of Pennsylvania.
Network Security Policy
Example security policy for a data network from the University of Toronto.
Network Security Policy Guide
Watchguard's guide to creating an overarching network information security policy, supported by subsidiary policies.
HSPD-12 Privacy Policy
Sample privacy policy including Privacy Act systems of records notices, Privacy Act statements and a privacy impact assessment, designed to satisfy the requirements of HSPD-12 “Policy for a Common Identification Standard for Federal Employees and Contractors”
Telecommuting/Teleworking Policy
Sample policy on teleworking covering employment as well as information security issues.
Disaster Recovery Policy
Succinct DR policy from Imperial College, London.
|
|
|
|
|
|
 Sponsor
|
|
|
|
|
Internet Tools
Feature Sites