| HSPD-12 Privacy Policy - http://www.whitehouse.gov/omb/memoranda/fy2006/m06-06_att.doc Sample privacy policy including Privacy Act systems of records notices, Privacy Act statements and a privacy impact assessment, designed to satisfy the requirements of HSPD-12 “Policy for a Common Identification Standard for Federal Employees and Contractors” |
| Information Security Policies - http://www.upenn.edu/computing/policy/ Electronic resource usage and security policies from the University of Pennsylvania. |
| Information Security Policies - http://www.sans.org/resources/policies/ SANS consensus research project offering around 30 editable information security policies. |
| Information Security Policies - http://www.auckland.ac.nz/security/PoliciesandStatutes.htm Set of acceptable use and technical policies from the University of Auckland covering common information security issues. |
| ISO 27001 Policies - http://www.27001-online.com/secpols.htm Typical headings for a security policy aligned broadly with the ISO/IEC standard for information security management systems. |
| Network Security Policy - http://www.utoronto.ca/security/documentation/policies/policy_5.htm Example security policy for a data network from the University of Toronto. |
| Information Security Policies - http://csrc.nist.gov/fasp/jump.html NIST's extensive collection of well over 100 security policies and related awareness materials, mostly from US Government bodies. |
| Information Security Policy - http://www.obfs.uillinois.edu/manual/central_p/sec19-5.html An information security policy from the University of Illinois. |
| Email Policy - http://www.cli.org/emailpolicy/top.html A menu of clauses suitable for email acceptable use policies. |
| Security Policy Primer - http://www.sans.org/resources/policies/Policy_Primer.pdf General advice for those new to writing information security policies. |
| IT Security Policy - http://www.murdoch.edu.au/admin/policies/itsecurity/policy.html Information technology security policy at Murdoch University, complete wth supporting standards and guidelines. |
| Modem Policy - http://www.sandstorm.net/products/phonesweep/modempolicy.php Sample policy from Sandstorm, designed as an addition to an existing Remote Access Policy, if one exists, or simply to stand alone. |
| Information Security Policies - http://www.epolicyinstitute.com Policies on information security and other topics from ePolicy Institute. |
| K-20 Network Acceptable Use Policy - http://www.k12.wa.us/K-20/AUPSchBoardNetworkUse.aspx Policy on acceptable use of a school network, along with information for parents and an informed consent form. Developed in Washington State. |
| Network Security Policy Guide - http://www.watchguard.com/docs/whitepaper/securitypolicy_wp.pdf Watchguard's guide to creating an overarching network information security policy, supported by subsidiary policies. |
| Audit Policy - http://www.sans.org/newlook/resources/policies/Audit_Policy.pdf Defines requirements and provides authority for the information security team to conduct IT audits and risk assessments. |
| IP Network Security Policy - http://www.securityfocus.com/infocus/1497 Example security policy to demonstrate policy writing techniques introduced in three earlier articles. |
| Email Retention Policy - http://www.sans.org/resources/policies/email_retention.doc Sample policy to help employees determine which emails should be retained and for how long. |
| Internet DMZ Equipment Policy - http://www.sans.org/newlook/resources/policies/Internet_DMZ_Equipment_Policy.pdf Sample policy defining the minimum requirement for all equipment located outside the corporate firewall. |
| Information Sensitivity Policy - http://www.sans.org/newlook/resources/policies/Information_Sensitivity_Policy.pdf Sample policy defining the assignment of sensitivity levels to information. |
| Password Policy - http://www.sans.org/resources/policies/Password_Policy.doc Defines standards for creating, protecting and changing strong passwords. [MS Word] |
| Internet Acceptable Use Policy - http://www.ruskwig.com/docs/internet_policy.pdf One page Acceptable Use Policy example. |
| Acceptable Use Policy - http://www.sans.org/resources/policies/Acceptable_Use_Policy.doc Defines acceptable use of IT equipment and computing services, and the appropriate employee security measures to protect the organization's corporate resources and proprietary information. [MS Word] |
| Information Security Policies - http://www.lazarusalliance.com/horsewiki/index.php/Documents Collection of policies relating to SOX, GLBA, HIPAA and the ISO/IEC 27000-series on the HORSE (Holistic Operational Readiness Security Evaluation) wiki. |
| Information Security Policies - http://www.tess-llc.com/TESS-DOR-EXAMPLES.htm Templates for information security policies, guidelines, checklists and procedures by Walt Kobus. |
| Risk Assessment Policy - http://www.sans.org/resources/policies/Risk_Assessment_Policy.doc Defines requirements and authorizes the information security team to identify, assess and remediate risks to the organization's information infrastructure. [MS Word] |
| Information Security Policies - http://www.gcio.nsw.gov.au/documents/Information%20Security%20Guideline%20V1.1.pdf 111-page security policy manual from the Australian New South Wales Department of Commerce, based on ISO 27001. |
| Personnel Security Policy - http://www.datasecuritypolicies.com/wp-content/uploads/2007/04/generic-personnel-security-policy.pdf Example policy covering pre-employment screening, security policy training etc. |
| Information Security Policies - http://www.apwu.org/dept/ind-rel/USPS_hbks/AS-Series/AS-805%20Information%20Security%209-05%20(1.21%20MB).pdf US Postal Service's information security policy manual. 264 pages of security controls, broadly similar in structure to ISO 17799. |
| Analog/ISDN Line Policy - http://www.sans.org/resources/policies/Analog_Line_Policy.doc Defines policy for analog/ISDN lines used for FAXing and data connections. |
| Anti-Virus Policy - http://www.sans.org/resources/policies/Lab_Anti-Virus_Policy.doc Requirements for effective virus detection and prevention. Written for a laboratory environment but easy to adapt for other settings. [MS Word] |
| Acquisition Assessment Policy - http://www.sans.org/resources/policies/Aquisition_Assessment_Policy.doc Defines responsibilities regarding corporate acquisitions and the minimum requirements of an acquisition assessment to be completed by the information security group. [MS Word] |
| Dial-in Access Policy - http://www.sans.org/resources/policies/Dial-in_Access_Policy.doc Policy regarding the use of dial-in connections to corporate networks. [MS Word] |
| Ethics Policy - http://www.sans.org/resources/policies/Ethics_Policy.doc Sample policy intended to 'establish a culture of openness, trust and integrity'. |
| Extranet Policy - http://www.sans.org/resources/policies/Extranet_Policy.doc Defines the requirement that third party organizations requiring access to the organization's networks must sign a third-party connection agreement. [MS Word] |
| Privacy Policy - http://www.cbe.uidaho.edu/wegman/404/PRIVACY%20POLICY%20IVI%20Generic.htm Generic policy for websites offering goods and services, with an important warning to seek qualified legal advice in this area. |
| Cryptography Policy - http://www.tess-llc.com/Cryptography%20PolicyV4.pdf Cryptographic policy template by Walt Kobus. |
| Communications Policy - http://www.tess-llc.com/Communications%20PolicyV4.pdf Datacommunications security policy template by Walt Kobus defines network security control requirements. |
| Physical Security Policy - http://www.tess-llc.com/Physical%20Security%20PolicyV4.pdf Policy template by Walt Kobus defines requirements for physical access control to sensitive facilities and use of ID badges. |
| Data Classification Policy - http://www.tess-llc.com/Data%20Classification%20PolicyV4.pdf Policy template by Walt Kobus describes the classification of information according to sensitivity (primarily confidentiality). |
| User Data Protection Policy - http://www.tess-llc.com/User%20Data%20Protection%20PolicyV4.pdf Policy template by Walt Kobus defines requirements for access controls, least privilege, integrity etc. to secure personal data. |
| Information Data Ownership Policy - http://www.tess-llc.com/Information%20Data-Ownership%20PolicyV4.pdf Policy template by Walt Kobus defines the roles and responsibilities of owners, custodians and users of information systems. |
| Resource Utilization Policy - http://www.tess-llc.com/Resource%20Utilization%20PolicyV4.pdf Poilicy template by Walt Kobus defines requirements for resilience, redundancy and fault tolerance in information systems. |
| Security Audit Policy - http://www.tess-llc.com/Security%20Audit%20PolicyV4.pdf Audit policy template by Walt Kobus. |
| Security Management Policy - http://www.tess-llc.com/Security%20Mngt%20PolicyV4.pdf General information security policy template by Walt Kobus. |
| Router Security Policy - http://www.sans.org/resources/policies/Router_Security_Policy.doc Sample policy establishing the minimum security requirements for all routers and switches connecting to production networks. [MS Word] |
| Remote Access Policy - http://www.sans.org/resources/policies/Remote_Access_Policy.doc Defines standards for connecting to a corporate network from any host. [MS Word] |
| IT Security Policy - http://www.enterprise-ireland.com/ebusinesssite/guides/internal_security/internal_security_index.asp IT security policy example/how-to guide from Enterprise Ireland. |
Database Password Policy - http://www.sans.org/resources/policies/DB_Credentials_Policy.doc Defines requirements for securely storing and retrieving database usernames and passwords. [MS Word] | |
DMZ Security Policy - http://www.sans.org/resources/policies/DMZ_Lab_Security_Policy.doc Sample policy establishing security requirements of equipment to be deployed in the corporate De-Militarized Zone. [MS Word] |
Government Security Policy - http://www.security.govt.nz/sigs/sigs.zip The New Zealand Government's information security policy, based on the 2000 version of ISO/IEC 17799. [ZIP file containing PDF and MS Word versions] | |
Identification and Authentication Policy - http://www.tess-llc.com/Identification%20&%20Authentication%20PolicyV4.pdf I&A policy template by Walt Kobus defines requirements for access control. | |
Certification and Accreditation Policy - http://www.tess-llc.com/Certification%20&%20Accreditation%20PolicyV4.pdf Policy template by Walt Kobus defines requirements and responsibilities for security assurance throughout the system development process. | |
Laboratory Security Policy - http://www.sans.org/resources/policies/Internal_Lab_Security_Policy.doc Policy to secure confidential information and technologies in the labs and protect production services and the rest of the organization from lab activities. [MS Word] | |
Encryption Policy - http://www.sans.org/resources/policies/Acceptable_Encryption_Policy.doc Defines encryption algorithms that are suitable for use within the organization. [MS Word] |
Password Policy - http://ww2.umflint.edu/its/helpdesk/security/passwords/passwords.pdf A password policy presented in the form of a security awareness poster. "Passwords are like underwear ..." | |
Telecommuting/Teleworking Policy - http://www.womans-work.com/teleworking_policy.htm Sample policy on teleworking covering employment as well as information security issues. | |
Information Security Policies - http://www.attackprevention.com/Policies_and_Procedures/Sample_Policies Collection of information security policy samples covering PKI, antivirus, ethics, email and several other topics, from AttackPrevention. | |
Email Policy - http://www.cusys.edu/~policies/General/email.html Policy from the University of Colorado on the use of, access to, and disclosure of electronic mail. | |
Server Security Policy - http://www.sans.org/newlook/resources/policies/Server_Security_Policy.pdf Defines standards for minimal security configuration for servers inside the organization's production network, or used in a production capacity. |
Application Service Provider Policy - http://www.sans.org/newlook/resources/policies/Application_Service_Providers.pdf Security criteria for an ASP. | |
Virtual Private Network Policy - http://www.sans.org/newlook/resources/policies/Virtual_Private_Network.pdf Defines the requirements for Remote Access IPSec or L2TP Virtual Private Network (VPN) connections to the organization's network. | |
Email Forwarding Policy - http://www.sans.org/newlook/resources/policies/Automatically_Forwarded_Email_Policy.pdf Email must not be forwarded automatically to an external destination without prior approval from the appropriate manager. | |
Third Party Connection Agreement - http://www.sans.org/newlook/resources/policies/Third_Party_Agreement.pdf Sample agreement for establishing a connection to an external party. | |
Wireless Communication Policy - http://www.sans.org/newlook/resources/policies/Wireless_Communication_Policy.pdf Sample policy concerning the use of unsecured wireless communications technology. |
Source : directory.google.com