Add your Web Site - Policy - Sample Policies Add Search to your Site Search for: Internet Entire Directory Directory - Sample Policies Results per page: 10 20 50 Output format: Long Short URL Match: All Any Boolean Pages from: All Countries Afghanistan American Samoa Albania Algeria Andorra Angola Anguilla Antigua and Barbuda Antarctica Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos (Keeling) Islands Colombia Comoros Congo Cook Islands Costa Rica Cote D'Ivoire (Ivory Coast) Croatia (Hrvatska) Cuba Cyprus Czech Republic Czechoslovakia (former) Denmark Djibouti Dominica Dominican Republic East Timor Ecuador Egypt El Salvador Eritrea Estonia Ethiopia Equatorial Guinea Falkland Islands (Malvinas) Faroe Islands Fiji Finland France France, Metropolitan French Guiana French Polynesia French Southern Territories Gabon Gambia Germany Georgia Ghana Gibraltar Great Britain (UK) Greece Greenland Grenada Guadeloupe Guam Guatemala Guinea Guinea-Bissau Guyana Haiti Heard and McDonald Islands Honduras Hungary Hong Kong Iceland India Indonesia Iran Iraq Ireland Israel Italy Jamaica Japan Jordan Kazakhstan Kenya Kiribati Korea (North) Korea (South) Kuwait Kyrgyzstan Laos Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macau Macedonia Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands Netherlands Antilles Neutral Zone New Caledonia New Zealand (Aotearoa) Northern Mariana Islands Nicaragua Niue Niger Nigeria Norfolk Island Norway Oman Pakistan Palau Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Reunion Romania Russian Federation Rwanda Saint Kitts and Nevis Saint Lucia Saint Vincent and the Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Seychelles Sierra Leone Singapore Slovak Republic Slovenia Solomon Islands Somalia South Africa S. Georgia and S. Sandwich Isls. Spain Sri Lanka St. Pierre and Miquelon St. Helena Sudan Suriname Svalbard and Jan Mayen Islands Swaziland Sweden Switzerland Syria Taiwan Tajikistan Tanzania Thailand Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates United States Uruguay US Minor Outlying Islands Uzbekistan Vanuatu Vatican City State (Holy See) Venezuela Virgin Islands (British) Virgin Islands (U.S.) Viet Nam Wallis and Futuna Islands Western Sahara Yemen Yugoslavia Zaire Zambia Zimbabwe        Show pages from IntraNet   Show all pages  DIRECTORY/Computers/Security/Policy/Sample Policies (81) Acceptable Use Policy - http://www.sans.org/resources/policies/Acceptable_Use_Policy.doc - Defines acceptable use of IT equipment and computing services, and the appropriate employee security measures to protect the organization's corporate resources and proprietary information. [MS Word]   Acquisition Assessment Policy - http://www.sans.org/resources/policies/Aquisition_Assessment_Policy.doc - Defines responsibilities regarding corporate acquisitions and the minimum requirements of an acquisition assessment to be completed by the information security group. [MS Word]   Analog/ISDN Line Policy - http://www.sans.org/resources/policies/Analog_Line_Policy.doc - Defines policy for analog/ISDN lines used for FAXing and data connections.   Anti-Virus Policy - http://www.sans.org/resources/policies/Lab_Anti-Virus_Policy.doc - Requirements for effective virus detection and prevention. Written for a laboratory environment but easy to adapt for other settings. [MS Word]   Application Service Provider Policy - http://www.sans.org/resources/policies/Application_Service_Providers.pdf - Security criteria for an ASP.   Audit Policy - http://www.sans.org/resources/policies/Audit_Policy.pdf - Defines requirements and provides authority for the information security team to conduct IT audits and risk assessments.   Backup Policy - http://its.uncg.edu/Policy_Manual/Computer_Backup/ - Sample policy from the University of North Carolina requires daily, weekly and monthly backups (sometimes known as 'grandfather, father, son').   Backup Policy - http://www.comptechdoc.org/independent/security/policies/backup-policy.html - Sample policy requires a cycle of daily and weekly backups (monthly backups are also advisable).   Backup Policy - http://bizsecurity.about.com/od/securitypolices/a/backupprimer.htm - A primer to help small businesses write their own backup policies.   Campus Security Policy - https://security.berkeley.edu/IT.sec.policy.html - An overarching security policy from Berkeley University includes links to more specific and detailed policies.   Campus Security Policy - http://www.wustl.edu/policies/infosecurity.html - High level information security policy from Washington University.   Certification and Accreditation Policy - http://www.tess-llc.com/Certification%20&%20Accreditation%20PolicyV4.pdf - Policy template by Walt Kobus defines requirements and responsibilities for security assurance throughout the system development process.   Communications Policy - http://www.tess-llc.com/Communications%20PolicyV4.pdf - Datacommunications security policy template by Walt Kobus defines network security control requirements.   Cryptography Policy - http://www.tess-llc.com/Cryptography%20PolicyV4.pdf - Cryptographic policy template by Walt Kobus.   DMZ Security Policy - http://www.sans.org/resources/policies/DMZ_Lab_Security_Policy.doc - Sample policy establishing security requirements of equipment to be deployed in the corporate De-Militarized Zone. [MS Word]   Data Classification Policy - http://www.tess-llc.com/Data%20Classification%20PolicyV4.pdf - Policy template by Walt Kobus describes the classification of information according to sensitivity (primarily confidentiality).   Database Password Policy - http://www.sans.org/resources/policies/DB_Credentials_Policy.doc - Defines requirements for securely storing and retrieving database usernames and passwords. [MS Word]   Dial-in Access Policy - http://www.sans.org/resources/policies/Dial-in_Access_Policy.doc - Policy regarding the use of dial-in connections to corporate networks. [MS Word]   Disaster Recovery Policy - http://www3.imperial.ac.uk/secretariat/policiesandpublications/disasterrecovery/policy/ - Succinct DR policy from Imperial College, London.   Disaster Recovery Policy - http://www.templatezone.com/pdfs/Disaster-Recovery-policy.pdf - Basic DR policy in just over one side.   Electronic Communications Policy - http://www.ucop.edu/ucophome/coordrev/policy/PP081805ECP.pdf - Formal policy from the University of California covering email and other electronic communications mechanisms   Email Forwarding Policy - http://www.sans.org/resources/policies/Automatically_Forwarded_Email_Policy.pdf - Email must not be forwarded automatically to an external destination without prior approval from the appropriate manager.   Email Policy - http://www.its.niu.edu/its/Policies/email_pol.shtml - Northern Illinois University email policy   Email Retention Policy - http://www.sans.org/resources/policies/email_retention.doc - Sample policy to help employees determine which emails should be retained and for how long.   Encryption Policy - http://www.sans.org/resources/policies/Acceptable_Encryption_Policy.doc - Defines encryption algorithms that are suitable for use within the organization. [MS Word]   Ethics Policy - http://www.sans.org/resources/policies/Ethics_Policy.doc - Sample policy intended to 'establish a culture of openness, trust and integrity'.   Ethics Policy - http://www.spirent.com/about/technology.cfm?media=7&ws=324&ss=177 - Ethical behavior underpins all procedural security controls. This ethics policy from Spirent is a useful model.   Extranet Policy - http://www.sans.org/resources/policies/Extranet_Policy.doc - Defines the requirement that third party organizations requiring access to the organization's networks must sign a third-party connection agreement. [MS Word]   Government Security Policy - http://www.security.govt.nz/sigs/sigs.zip - The New Zealand Government's information security policy, based on the 2000 version of ISO/IEC 17799. [ZIP file containing PDF and MS Word versions]   HSPD-12 Privacy Policy - http://www.whitehouse.gov/omb/memoranda/fy2006/m06-06_att.doc - Sample privacy policy including Privacy Act systems of records notices, Privacy Act statements and a privacy impact assessment, designed to satisfy the requirements of HSPD-12 “Policy for a Common Identification Standard for Federal Employees and Contractors”   Holistic Operational Security Readiness Evaluation - http://www.lazarusalliance.com/horsewiki/index.php/Documents - Collaborative open project building a library of sample information security policies, supporting standards and other documents through a wiki.   IP Network Security Policy - http://www.securityfocus.com/infocus/1497 - Example security policy to demonstrate policy writing techniques introduced in three earlier articles.   ISO/IEC 27001 Policies - http://www.27001-online.com/secpols.htm - Typical headings for a security policy aligned broadly with the ISO/IEC 27002 standard for information security management systems.   ISO27k Toolkit - http://www.iso27001security.com/html/iso27k_toolkit.html - Collection of information security policies, procedures etc. aligned with the ISO/IEC 27000-series standards and provided under the Creative Commons license.   IT Security Policy - http://www.murdoch.edu.au/admin/policies/itsecurity/policy.html - Information technology security policy at Murdoch University, complete wth supporting standards and guidelines.   IT Security Policy - http://www.enterprise-ireland.com/ebusinesssite/guides/internal_security/internal_security_index.asp - IT security policy example/how-to guide from Enterprise Ireland.   Identification and Authentication Policy - http://www.tess-llc.com/Identification%20&%20Authentication%20PolicyV4.pdf - I&A policy template by Walt Kobus defines requirements for access control.   Information Data Ownership Policy - http://www.tess-llc.com/Information%20Data-Ownership%20PolicyV4.pdf - Policy template by Walt Kobus defines the roles and responsibilities of owners, custodians and users of information systems.   Information Security Policies - http://www.ucisa.ac.uk/publications/ist.aspx - The Information Security Toolkit from UCISA (University Colleges and Information Systems Association) contains a suite of security policy and guidance documents reflecting and cross-referenced against BS7799, intended for use in universities. [PDF documents]   Information Security Policies - http://www.gcio.nsw.gov.au/documents/Information%20Security%20Guideline%20V1.1.pdf - 111-page security policy manual from the Australian New South Wales Department of Commerce, based on ISO/IEC 27001.   Information Security Policies - http://csrc.nist.gov/fasp/jump.html - NIST's collection of well over 100 security policies and related awareness materials, mostly from US Government bodies.   Information Security Policies - http://www.tess-llc.com/TESS-DOR-EXAMPLES.htm - Templates for information security policies, guidelines, checklists and procedures by Walt Kobus.   Information Security Policies - http://www.securitydocs.com/Security_Policies/Sample_Policies - An extensive collection of information security policy samples at SecurityDocs.   Information Security Policies - http://www.auckland.ac.nz/security/PoliciesandStatutes.htm - Set of acceptable use and technical policies from the University of Auckland covering common information security issues.   Information Security Policies - http://www.sans.org/resources/policies/ - SANS consensus research project offering around 30 editable information security policies.   Information Security Policy - http://www.ccrg.ox.ac.uk/datasets/policystatement.htm - High-level information security policy statement for the Childhood Cancer Research Group at Oxford University.   Information Security Policy - http://www.obfs.uillinois.edu/manual/central_p/sec19-5.html - An information security policy from the University of Illinois.   Information Security Policy - http://www.pdfku.com/download-pdf-828.html - High level security policy/guideline from the Department of Health and Human Resources.   Information Sensitivity Policy - http://www.sans.org/resources/policies/Information_Sensitivity_Policy.pdf - Sample policy defining the assignment of sensitivity levels to information.   Internet Acceptable Use Policy - http://www.ruskwig.com/docs/internet_policy.pdf - One page Acceptable Use Policy example.   Internet DMZ Equipment Policy - http://www.sans.org/resources/policies/Internet_DMZ_Equipment_Policy.pdf - Sample policy defining the minimum requirement for all equipment located outside the corporate firewall.   K-20 Network Acceptable Use Policy - http://www.k12.wa.us/K-20/AUPSchBoardNetworkUse.aspx - Policy on acceptable use of a school network, along with information for parents and an informed consent form. Developed in Washington State.   Laboratory Security Policy - http://www.sans.org/resources/policies/Internal_Lab_Security_Policy.doc - Policy to secure confidential information and technologies in the labs and protect production services and the rest of the organization from lab activities. [MS Word]   Law Enforcement Data Security Standards - http://www.cleds.vic.gov.au/retrievemedia.asp?Media_ID=20338 - IT security policy applicable to the Victoria Police in Australia. 93 pages based on ISO/IEC 27002 and related standards.   Modem Policy - http://www.sandstorm.net/products/phonesweep/modempolicy.php - Sample policy from Sandstorm, designed as an addition to an existing Remote Access Policy, if one exists, or simply to stand alone.   Network Security Policy - http://www.utoronto.ca/security/documentation/policies/policy_5.htm - Example security policy for a data network from the University of Toronto.   Network Security Policy Guide - http://www.watchguard.com/docs/whitepaper/securitypolicy_wp.pdf - Watchguard's guide to creating an overarching network information security policy, supported by subsidiary policies.   Password Policy - http://www.umflint.edu/its/units/initiatives/publicity/password.htm - A password policy presented in the form of a series of security awareness posters. "Passwords are like underwear ..."   Password Policy - http://www.sans.org/resources/policies/Password_Policy.doc - Defines standards for creating, protecting and changing strong passwords. [MS Word]   Personnel Security Policy - http://www.datasecuritypolicies.com/wp-content/uploads/2007/04/generic-personnel-security-policy.pdf - Example policy covering pre-employment screening, security policy training etc.   Physical Security Policy - http://www.tess-llc.com/Physical%20Security%20PolicyV4.pdf - Policy template by Walt Kobus defines requirements for physical access control to sensitive facilities and use of ID badges.   Privacy Policy - http://www.cbe.uidaho.edu/wegman/404/PRIVACY%20POLICY%20IVI%20Generic.htm - Generic policy for websites offering goods and services, with an important warning to seek qualified legal advice in this area.   Privacy Policy - http://www.graduate.norwich.edu/privacy_policy.php - Concise policy (just 3 paragraphs) published by the School of Graduate Studies at Norwich University.   Remote Access Policy - http://www.sans.org/resources/policies/Remote_Access_Policy.doc - Defines standards for connecting to a corporate network from any host. [MS Word]   Resource Utilization Policy - http://www.tess-llc.com/Resource%20Utilization%20PolicyV4.pdf - Poilicy template by Walt Kobus defines requirements for resilience, redundancy and fault tolerance in information systems.   Risk Assessment Policy - http://www.sans.org/resources/policies/Risk_Assessment_Policy.doc - Defines requirements and authorizes the information security team to identify, assess and remediate risks to the organization's information infrastructure. [MS Word]   Router Security Policy - http://www.sans.org/resources/policies/Router_Security_Policy.doc - Sample policy establishing the minimum security requirements for all routers and switches connecting to production networks. [MS Word]   Security Audit Policy - http://www.tess-llc.com/Security%20Audit%20PolicyV4.pdf - Audit policy template by Walt Kobus.   Security Management Policy - http://www.tess-llc.com/Security%20Mngt%20PolicyV4.pdf - General information security policy template by Walt Kobus.   Security Policy Primer - http://www.sans.org/resources/policies/Policy_Primer.pdf - General advice for those new to writing information security policies.   Server Security Policy - http://www.sans.org/resources/policies/Server_Security_Policy.pdf - Defines standards for minimal security configuration for servers inside the organization's production network, or used in a production capacity.   Standard Practice Guide - http://spg.umich.edu/pdf/601.07-0.pdf - Policy covering appropriate use of information resources and IT at the University of Michigan.   Telecommuting/Teleworking Policy - http://www.womans-work.com/teleworking_policy.htm - Sample policy on teleworking covering employment as well as information security issues.   The ePolicy Institute - http://www.epolicyinstitute.com - Provides policies and resources on information security and other related topics.   Third Party Connection Agreement - http://www.sans.org/resources/policies/Third_Party_Agreement.pdf - Sample agreement for establishing a connection to an external party.   University Information Security Policies - http://www.upenn.edu/computing/policy/ - Electronic resource usage and security policies from the University of Pennsylvania.   University Information Security Policies - http://security.louisville.edu/PolStds - A set of information security policies from the University of Louisville.   Use of Electronic Mail - http://www.cusys.edu/~policies/General/email.html - Policy from the University of Colorado on the use of, access to, and disclosure of electronic mail.   User Data Protection Policy - http://www.tess-llc.com/User%20Data%20Protection%20PolicyV4.pdf - Policy template by Walt Kobus defines requirements for access controls, least privilege, integrity etc. to secure personal data.   Virtual Private Network Policy - http://www.sans.org/resources/policies/Virtual_Private_Network.pdf - Defines the requirements for Remote Access IPSec or L2TP Virtual Private Network (VPN) connections to the organization's network.   Wireless Communication Policy - http://www.sans.org/resources/policies/Wireless_Communication_Policy.pdf - Sample policy concerning the use of unsecured wireless communications technology.    E-Mail: webmaster@teradex.com Copyright © 2007 Aaex Corp. all rights reserved.

Help build the largest human-edited directory on the web. Submit a Site - Open Directory Project - Become an Editor This site is presented in modified Open Directory form