In Partnership with AOL

See also:
  • Acceptable Use of Computing and Electronic Resources Policy - From the University of North Carolina. Specifies responsibilities and prohibited activities in relation to IT use.
    [!]
  • Acceptable Use Policy - Template policy clarifying the acceptable use of IT devices and networks. [MS Word]
    [!]
  • Acceptable Use Policy - Defines acceptable use of IT equipment and computing services, and the appropriate employee security measures to protect the organization's corporate resources and proprietary information. [MS Word]
    [!]
  • Acceptable Use Policy Template - A basic acceptable use policy, from the State of California Office of Information Security. [MS Word]
    [!]
  • Accidental Disclosure of Confidential Information Policy - An example from a dentistry company, primarily concerning the inadvertent disclosure of personal information. [PDF]
    [!]
  • Acquisition Assessment Policy - Defines responsibilities regarding corporate acquisitions and the minimum requirements of an acquisition assessment to be completed by the information security group. [MS Word]
    [!]
  • Analog/ISDN Line Policy - Defines policy for analog/ISDN lines used for FAXing and data connections. [MS Word]
    [!]
  • Antivirus Policy - From the State of Vermont Agency of Administration. Mandates the use of antivirus software on applicable systems. [PDF]
    [!]
  • Antivirus Policy - Requirements for effective virus detection and prevention. Written for a laboratory environment but readily adapted for other settings. [MS Word]
    [!]
  • Application Service Provider Policy - Security criteria for an ASP. [PDF]
    [!]
  • Audit Policy - Defines requirements and provides authority for the information security team to conduct IT audits and risk assessments. [PDF]
    [!]
  • Awareness and Training Policy - From Georgia Perimeter College. Mandates an ongoing and creative general security awareness program supplemented with more specific training where needed.
    [!]
  • Backup Policy - Sample policy requires a cycle of daily and weekly backups (although monthly backups are also advisable!).
    [!]
  • Blogging Policy - From the State of Vermont Agency of Administration. Policy re blogging and microblogging (e.g. on Twitter).
    [!]
  • Campus Security Policy - An overarching security policy from Berkeley University includes links to more specific and detailed policies.
    [!]
  • Campus Security Policy - High level information security policy from Washington University.
    [!]
  • Copyright Compliance Policy - From the University of North Carolina. Covers compliance with copyright law when using information belonging to others.
    [!]
  • Copyright Ownership and Use Policy - From the University of North Carolina. Policy on protecting the organization's own intellectual property through copyright.
    [!]
  • Data Classification Policy - From the University of North Carolina. Deliberately simple: defines just two classification levels. Includes responsibilities.
    [!]
  • Database Password Policy - Defines requirements for securely storing and retrieving database usernames and passwords. [MS Word]
    [!]
  • Dial-in Access Policy - Policy regarding the use of dial-in connections to corporate networks. [MS Word]
    [!]
  • Digital Media and Hardware Disposal Policy - From the State of Vermont Agency of Administration. Policy on disposing of IT systems and media securely, without carelessly discarding confidential data. [PDF]
    [!]
  • Disaster Recovery Policy - Basic DR policy in just over one side. [PDF]
    [!]
  • DMZ Security Policy - Sample policy establishing security requirements of equipment to be deployed in the corporate De-Militarized Zone. [MS Word]
    [!]
  • eCommerce Privacy Policy - Policy concerning privacy of visitors to websites, covering logs, cookies and information volunteered.
    [!]
  • Electronic Communications Policy - Formal policy from the University of California covering email and other electronic communications mechanisms [PDF]
    [!]
  • Electronic Records Retention Policy - From the University of North Carolina. Covers the retention of various data files, including those subject to litigation.
    [!]
  • Email Forwarding Policy - Email must not be forwarded automatically to an external destination without prior approval from the appropriate manager. [PDF]
    [!]
  • Email Policy - Policy from Northern Illinois University's IT Services group. Outlines some unacceptable uses.
    [!]
  • Email Policy - Policy from the University of Colorado on the use of, access to, and disclosure of electronic mail.
    [!]
  • Email Retention Policy - Sample policy to help employees determine which emails should be retained and for how long.
    [!]
  • Encryption Policy - Defines encryption algorithms that are suitable for use within the organization. [MS Word]
    [!]
  • Ethics Policy - Sample policy intended to 'establish a culture of openness, trust and integrity'.
    [!]
  • Extranet Policy - Defines the requirement that third party organizations requiring access to the organization's networks must sign a third-party connection agreement. [MS Word]
    [!]
  • FIPS 140-2 Security Policy - Security policy for the OpenSSL FIPS software object module, required for validation against FIPS (Federal Information Processing Standard) 140-2. [PDF]
    [!]
  • HIPAA Compliance Policy - From the University of North Carolina. Policy on compliance with the Health Insurance Portability and Accountability Act.
    [!]
  • Identity Theft Prevention Program Policy - From the University of North Carolina. Lays out controls for detecting and reacting to 'red flag' situations linked to identity theft.
    [!]
  • Incident Response Policy - Yale University's policy regarding assessing IT security incidents, forming response teams and responding. [PDF]
    [!]
  • Incident Response Policy - From the State of Vermont Agency of Administration. Policy defining the essential elements of the process for responding to security incidents. [PDF]
    [!]
  • Information Security Policies - Policies from CSPO Tools Inc., some of which are available without charge as PDF files or for an annual subscription as MS Word files, along with additional content.
    [!]
  • Information Security Policies - SANS consensus research project offering around 30 editable information security policies.
    [!]
  • Information Security Policies - NIST's collection of well over 100 security policies and related awareness materials, mostly from US federal agencies.
    [!]
  • Information Security Policies - A suite of BS7799-related security policy and guidance documents for universities from UCISA (University Colleges and Information Systems Association) [PDF]
    [!]
  • Information Security Policy - An information security policy from the University of Illinois.
    [!]
  • Information Security Policy - High-level information security policy statement for the Childhood Cancer Research Group at Oxford University.
    [!]
  • Information Security Policy - From the New School university in New York. Includes a set of 21 high level principles, cross-referenced to ISO/IEC 27002:2005. [PDF]
    [!]
  • Information Security Policy - From the University of North Carolina. Very succinct - just 5 policy goals.
    [!]
  • Information Sensitivity Policy - Sample policy defining the assignment of sensitivity levels to information. [PDF]
    [!]
  • Internet Acceptable Use Policy - One page Acceptable Use Policy example. [PDF]
    [!]
  • Internet DMZ Equipment Policy - Sample policy defining the minimum requirement for all equipment located outside the corporate firewall. [PDF]
    [!]
  • Intrusion Detection and Prevention Policy - From the State of Vermont Agency of Administration. Policy on specifying, installing and using IDS/IPS. [PDF]
    [!]
  • IP Network Security Policy - Example security policy to demonstrate policy writing techniques introduced in three earlier articles.
    [!]
  • ISMS Policy - A high level (single page) policy statement from Ricoh, supporting their Information Security Management System. [PDF]
    [!]
  • ISO/IEC 27001 Policies - Typical headings for a security policy aligned broadly with the ISO/IEC 27002 standard for information security management systems.
    [!]
  • ISO27k Toolkit - Collection of information security policies, procedures etc. aligned with the ISO/IEC 27000-series standards and provided under the Creative Commons license.
    [!]
  • Laboratory Security Policy - Policy to secure confidential information and technologies in the labs and protect production services and the rest of the organization from lab activities. [MS Word]
    [!]
  • Laptop Security Policy - From the National Health Service. [MS Word]
    [!]
  • Law Enforcement Data Security Standards - IT security policy applicable to the Victoria Police in Australia. 93 pages based on ISO/IEC 27002 and related standards. [PDF]
    [!]
  • Network Security Policy Guide - Watchguard's guide to creating an overarching network information security policy, supported by subsidiary policies. [PDF]
    [!]
  • Password Policy - Defines standards for creating, protecting and changing strong passwords. [MS Word]
    [!]
  • Personal Information Security Breach Notification Policy - From the University of North Carolina. Policy about mandatory notification of breaches involving the disclosure of personal information.
    [!]
  • Personnel Security Policy - Example policy covering pre-employment screening, security policy training etc. [PDF]
    [!]
  • Physical Security for Computer Protection Policy - From the State of Vermont Agency of Administration. Covers physical access controls and the secure provision of power etc. to a computer room. [PDF]
    [!]
  • Privacy Policy - Concise policy (just 3 paragraphs) published by the School of Graduate Studies at Norwich University.
    [!]
  • Providing and Using Information Technology Policy - Concerns ownership and rights over corporate IT equipment, in the University of Colorado. This policy includes an explanatory FAQ section.
    [!]
  • Remote Access Policy - Defines standards for connecting to a corporate network from any host. [MS Word]
    [!]
  • Router Security Policy - Sample policy establishing the minimum security requirements for all routers and switches connecting to production networks. [MS Word]
    [!]
  • Security Policy Primer - General advice for those new to writing information security policies. [PDF]
    [!]
  • Server Security Policy - Defines standards for minimal security configuration for servers inside the organization's production network, or used in a production capacity. [PDF]
    [!]
  • Social Security Numbers Policy - From the University of North Carolina. Specifies security controls to protect SSNs.
    [!]
  • Standard Practice Guide - Policy covering appropriate use of information resources and IT at the University of Michigan.
    [!]
  • System Security Policy - From the University of East Stroudsburg. Detailed IT security policy.
    [!]
  • Telecommuting/Teleworking Policy - Sample policy on teleworking covering employment as well as information security issues.
    [!]
  • Third Party Connection Agreement - Sample agreement for establishing a connection to an external party. [PDF]
    [!]
  • Third Party Connectivity Policy - From the State of Vermont Agency of Administration. Connections require business cases, audits etc. [PDF]
    [!]
  • University Information Security Policies - Electronic resource usage and security policies from the University of Pennsylvania.
    [!]
  • University Information Security Policies - A set of information security policies from the University of Louisville.
    [!]
  • Virtual Private Network Policy - Defines the requirements for Remote Access IPSec or L2TP Virtual Private Network (VPN) connections to the organization's network. [PDF]
    [!]
  • Wireless Communication Policy - Sample policy concerning the use of unsecured wireless communications technology. [PDF]
    [!]
  • Wireless Communications Policy - From the University of North Carolina. Prohibits wireless devices that may interfere with authorized wireless systems.
    [!]
Category editor: garyhins
[WWW Mozilla]
Copyright © 1998-2014 AOL Inc. Terms of Use
Visit our sister sites  mozilla.org | MusicMoz | Wikipedia

Last update: June 29, 2014 at 16:05:04 UTC - edit