IASAbout IASDesignHostingPromotionConsultingContact

    Sample Policies Policy Security













Sample Policies Policy Security


These are examples of computer security policies. Some are policies which have been created and implemented in specific organizations, others are simply samples to provide guidance to those writing their own policies. Example policies include those for IT/computer security, Internet and email usage, remote network access etc.

    Top: Computers: Security: Policy: Sample Policies
See Also:

  • Information Security Policy - High level security policy/guideline from the Department of Health and Human Resources. [PDF]
  • Security Management Policy - General information security policy template by Walt Kobus. [PDF]
  • Email Forwarding Policy - Email must not be forwarded automatically to an external destination without prior approval from the appropriate manager. [PDF]
  • Telecommuting/Teleworking Policy - Sample policy on teleworking covering employment as well as information security issues.
  • Network Security Policy - Example security policy for a data network from the University of Toronto.
  • Information Security Policies - An extensive collection of information security policy samples at SecurityDocs.
  • Router Security Policy - Sample policy establishing the minimum security requirements for all routers and switches connecting to production networks. [MS Word]
  • Email Retention Policy - Sample policy to help employees determine which emails should be retained and for how long.
  • Personnel Security Policy - Example policy covering pre-employment screening, security policy training etc. [PDF]
  • ISO27k Toolkit - Collection of information security policies, procedures etc. aligned with the ISO/IEC 27000-series standards and provided under the Creative Commons license. [PDF]
  • Communications Policy - Datacommunications security policy template by Walt Kobus defines network security control requirements. [PDF]
  • Security Audit Policy - Audit policy template by Walt Kobus. [PDF]
  • K-20 Network Acceptable Use Policy - Policy on acceptable use of a school network, along with information for parents and an informed consent form. Developed in Washington State.
  • The ePolicy Institute - Provides policies and resources on information security and other related topics.
  • Extranet Policy - Defines the requirement that third party organizations requiring access to the organization's networks must sign a third-party connection agreement. [MS Word]
  • Analog/ISDN Line Policy - Defines policy for analog/ISDN lines used for FAXing and data connections.
  • Acquisition Assessment Policy - Defines responsibilities regarding corporate acquisitions and the minimum requirements of an acquisition assessment to be completed by the information security group. [MS Word]
  • IP Network Security Policy - Example security policy to demonstrate policy writing techniques introduced in three earlier articles.
  • Internet DMZ Equipment Policy - Sample policy defining the minimum requirement for all equipment located outside the corporate firewall. [PDF]
  • Anti-Virus Policy - Requirements for effective virus detection and prevention. Written for a laboratory environment but easy to adapt for other settings. [MS Word]
  • DMZ Security Policy - Sample policy establishing security requirements of equipment to be deployed in the corporate De-Militarized Zone. [MS Word]
  • Holistic Operational Security Readiness Evaluation - Collaborative open project building a library of sample information security policies, supporting standards and other documents through a wiki.
  • Government Security Policy - The New Zealand Government's information security policy, based on the 2000 version of ISO/IEC 17799. [ZIP file containing PDF and MS Word versions]
  • Privacy Policy - Concise policy (just 3 paragraphs) published by the School of Graduate Studies at Norwich University.
  • Information Sensitivity Policy - Sample policy defining the assignment of sensitivity levels to information. [PDF]
  • Encryption Policy - Defines encryption algorithms that are suitable for use within the organization. [MS Word]
  • Resource Utilization Policy - Policy template by Walt Kobus defines requirements for resilience, redundancy and fault tolerance in information systems. [PDF]
  • Security Policy Primer - General advice for those new to writing information security policies. [PDF]
  • University Information Security Policies - A set of information security policies from the University of Louisville.
  • Law Enforcement Data Security Standards - IT security policy applicable to the Victoria Police in Australia. 93 pages based on ISO/IEC 27002 and related standards. [PDF]
  • Campus Security Policy - High level information security policy from Washington University.
  • Virtual Private Network Policy - Defines the requirements for Remote Access IPSec or L2TP Virtual Private Network (VPN) connections to the organization's network. [PDF]
  • Ethics Policy - Ethical behavior underpins all procedural security controls. This ethics policy from Spirent is a useful model.
  • Cryptography Policy - Cryptographic policy template by Walt Kobus. [PDF]
  • Application Service Provider Policy - Security criteria for an ASP. [PDF]
  • Backup Policy - Sample policy from the University of North Carolina requires daily, weekly and monthly backups (sometimes known as 'grandfather, father, son').
  • Electronic Communications Policy - Formal policy from the University of California covering email and other electronic communications mechanisms [PDF]
  • Wireless Communication Policy - Sample policy concerning the use of unsecured wireless communications technology. [PDF]
  • HSPD-12 Privacy Policy - Sample privacy policy including Privacy Act systems of records notices, Privacy Act statements and a privacy impact assessment, designed to satisfy the requirements of HSPD-12 “Policy for a Common Identification Standard for Federal Employees and Contra
  • ISO/IEC 27001 Policies - Typical headings for a security policy aligned broadly with the ISO/IEC 27002 standard for information security management systems.
  • Identification and Authentication Policy - I&A policy template by Walt Kobus defines requirements for access control. [PDF]
  • Modem Policy - Sample policy from Sandstorm, designed as an addition to an existing Remote Access Policy, if one exists, or simply to stand alone.
  • Audit Policy - Defines requirements and provides authority for the information security team to conduct IT audits and risk assessments. [PDF]
  • Data Classification Policy - Policy template by Walt Kobus describes the classification of information according to sensitivity (primarily confidentiality). [PDF]
  • Internet Acceptable Use Policy - One page Acceptable Use Policy example. [PDF]
  • Risk Assessment Policy - Defines requirements and authorizes the information security team to identify, assess and remediate risks to the organization's information infrastructure. [MS Word]
  • Database Password Policy - Defines requirements for securely storing and retrieving database usernames and passwords. [MS Word]
  • Password Policy - A password policy presented in the form of a series of security awareness posters. "Passwords are like underwear ..." [PDF]
  • Email Policy - Northern Illinois University email policy
  • Server Security Policy - Defines standards for minimal security configuration for servers inside the organization's production network, or used in a production capacity. [PDF]
  • Information Data Ownership Policy - Policy template by Walt Kobus defines the roles and responsibilities of owners, custodians and users of information systems. [PDF]
  • Acceptable Use Policy - Defines acceptable use of IT equipment and computing services, and the appropriate employee security measures to protect the organization's corporate resources and proprietary information. [MS Word]
  • Laboratory Security Policy - Policy to secure confidential information and technologies in the labs and protect production services and the rest of the organization from lab activities. [MS Word]
  • Network Security Policy Guide - Watchguard's guide to creating an overarching network information security policy, supported by subsidiary policies. [PDF]
  • Remote Access Policy - Defines standards for connecting to a corporate network from any host. [MS Word]
  • User Data Protection Policy - Policy template by Walt Kobus defines requirements for access controls, least privilege, integrity etc. to secure personal data. [PDF]
  • Dial-in Access Policy - Policy regarding the use of dial-in connections to corporate networks. [MS Word]
  • Physical Security Policy - Policy template by Walt Kobus defines requirements for physical access control to sensitive facilities and use of ID badges. [PDF]
  • Standard Practice Guide - Policy covering appropriate use of information resources and IT at the University of Michigan. [PDF]
  • Use of Electronic Mail - Policy from the University of Colorado on the use of, access to, and disclosure of electronic mail.
  • Disaster Recovery Policy - Succinct DR policy from Imperial College, London.
  • Third Party Connection Agreement - Sample agreement for establishing a connection to an external party. [PDF]
  • Certification and Accreditation Policy - Policy template by Walt Kobus defines requirements and responsibilities for security assurance throughout the system development process. [PDF]
  • IT Security Policy - IT security policy example/how-to guide from Enterprise Ireland.


Help build the largest human-edited directory on the web.
Submit a Site - Open Directory Project - Become an Editor
Click here to add, change or remove your listing

Top


Home | About IAS | Web Design | Web Hosting | Promotion | Consulting | Support | Contact IAS

Copyright © 1995-2009 Internet Advertising Solutions, Inc.
 Copyright Notice | Privacy Policy | Site Map | APR







  MySQL - Cache Direct sec.