Stunning.com Directory

Arts

Business

Computers

Games

Health

Home

Kids and Teens

News

Recreation

Reference

Regional

Science

Shopping

Society

Sports

Home / Computers / Security / Policy

Categories

Sample_Policies (29)

Web Sites

A Preparation Guide to Information Security Policies - This paper introduces security policies, as an information paper pertaining to what one should know prior to writing a security policy.
rr.sans.org/policy/prep_guide.php
A System Security Policy for You - The purpose of this document is to meet the requirements of the GIAC Security Essentials assignment and to provide other interested parties with a reference document that they can use to get their System Security Policy (SSP) document started.
www.sans.org/infosecFAQ/policy/sys_sec.htm
An Overview of Corporate Computer User Policy - A corporate security policy is the gateway to a companys intellectual property. In todays world of information technology, the main threat to information security within a company is its employees.
rr.sans.org/policy/corp_user.php
Applying IT Security Policies & Computer Security Standards - Security policies and computer security standards must be implemented to be effective. This site introduces an approach to easing the problem of organization wide implementation.
www.securitypolicy.co.uk/secpolicy
Baseline Software, Inc. - Information Security Policies Made Easy by Charles Cresson Wood, CISA, CISSP, noted international information security consultant and researcher.
www.baselinesoft.com/ispme.html
Best Practices in Network Security - Knowing how and what to protect and what controls to put in place is difficult. It takes security management, including planning, policy development and the design of procedures.
enterprisesecurity.symantec.com/article.cfm?articleid=42&PID=372347
Browsing with a Loaded Gun - A strong web Security Policy is key to keeping your company safe in the net-centric world. (PDF format)
www.pentasafe.com/whitepapers/LoadedGun.PDF
BS 7799 Security Standard & Compliance - BS 7799, first published in February 1995, is a comprehensive set of controls comprising best practices in information security. BS 7799 is intended to serve as a single reference point for identifying a range of controls needed for most situations where information systems are used in industry and commerce, and to be used by large, medium and small organizations. It was significantly revised and improved in May 1999.
www.securityrisk.co.uk/bs7799/bs7799.htm
BS7799 Security Standard: Compliance & Positioning - What it is and how to achieve BS7799 compliance - a starting point.
www.eon-solutions.com/bs7799
Building Effective, Tailored Information Security Policy - 20th NISSC Internet Technical Security Policy Panel
csrc.nist.gov/nissc/1997/panels/isptg/pescatore/html
CERT Practice Modules: Improving Security - Determine contractor ability to comply with your organization's security policy.
www.cert.org/security-improvement/practices/p019.html
CERT Practice Modules: Responding to Intrusions - Establish policies and procedures for responding to intrusions.
www.cert.org/security-improvement/modules/m06.html
CERT Practice Modules: Securing Desktop Workstations - Develop and promulgate an acceptable use policy for workstations.
www.cert.org/security-improvement/practices/p034.html
Company Email Policy - Every company needs to establish a policy regarding use of and access to company email systems -- and then tell all employees what it's policy is.
www.cli.org/emailpolicy/top.html
Computer and Information Security Policy - Formal IT security policy helps establish standards for IT resource protection by assigning program management responsibilities and providing basic rules, guidelines, and definitions for everyone in the organization. Policy thus helps prevent inconsistencies that can introduce risks, and policy serves as a basis for the enforcement of more detailed rules and procedures.
secinf.net/info/policy/hk_polic.html
Computer Policies for Employee Handbooks - Proven, affordable, ready made computer security and usage policies covering areas such as email, internet, virus, unauthorized changes, personal use, remote access and laptop precautions.
www.compupol.com
Computer Policy Guide - A commercial manual with sample policies. Topics include: Email; Internet Usage; Personal Computer Usage; Information Security; and Document Retention.
www.computerpolicy.com
Computing Policies - The electronic resource usage and security policy for the University of Pennsylvania.
www.upenn.edu/computing/policy
Considerations for an Acceptable Use Policy for a Commercial Enterprise - Computer security policies are the high cover that allow the computer security professional to effectively operate in an enterprise where the ultimate goal is to produce a product at a cost that allows the company to successfully compete in the marketplace.
www.sans.org/infosecFAQ/policy/considerations.htm
Controlling Inside Threats: Stalking the Wild End User - Threats come to a computer system from two sources: those outside the firewall, and those inside the firewall. Outside threats are often more dramatic than inside threats - the cola crazed hacker breaching the firewall at 3 AM is a popular stereotype. However, inside threats will occur more often and consume more of a Security Manager's time.
www.sans.org/infosecFAQ/policy/wild_end.htm
Create Order with a Strong Policy - A well-written, well-run security policy keeps cracks from appearing in your network's foundation.
www.networkmagazine.com/article/NMG20000710S0015
Creating an Information Systems Security Policy - The following paragraphs are going to be a general outline as to what should be included in an Information Systems Security Policy.
rr.sans.org/policy/infosys.php
Creating Security Policies Lessons Learned - After attending SANS training or other security classes we return to work with an eagerness to move forward with hardening servers, tightening firewalls, and implementing intrusion detection systems. This paper shows the reader some steps we have taken on our continuing journey towards a full set of security policies and procedures.
www.sans.org/infosecFAQ/policy/creating.htm
Danger Within - The threats to a network come in many forms - from disgruntled employees, corporate espionage, lax system administrators, faulty products and poorly educated users. All of these fall into one of three categories: malicious attacks, misconfiguration (vendor or administrator), and user ignorance.
www.sans.org/infosecFAQ/policy/danger.htm
Defining Policies Using Meta Rules - This paper seeks to initiate a discussion on how to design and implement security policies within a company through the use of meta rules.
rr.sans.org/policy/meta_rules.php
Developing a Computer Security Proposal for Small Businesses - How to Start - It has been widely reported that computerization has played a significant role in the current economic expansion. However, when it comes to systems management in general, and systems security in particular, small businesses are ill prepared to deal with the challenges that increased automation and increased connectivity bring.
www.sans.org/infosecFAQ/policy/cssb.htm
Developing Effective Information Systems Security Policies - This paper takes a top-down approach and provides a high-level overview for developing effective information systems policies.
www.sans.org/infosecFAQ/policy/effective.htm
Developing Security Policies: Charting an Obstacle Course - This paper discusses the issues faced by those at my educational institution in trying to develop security policies. Some highlights include battling the myth of security, deciphering the meaning of security, receiving mixed signals about the importance of security, trying to keep it simple, trying to get it done quickly and trying to prevent it from failing.
rr.sans.org/policy/course.php
Development of an Effective Communications Use Policy - Development of a good Communications Use Policy (also called an Acceptable Use Policy) is the cornerstone of a strong information security program.
www.sans.org/infosecFAQ/policy/com_use.htm
Do you have an intrusion detection response plan? - Discussion of what should go into the creation of an intrusion detection plan and the expected results.
www.nwfusion.com/newsletters/sec/0913sec1.html
E-Policy - E-policy is a corporate statement and set-of-rules to protect the organisation from casual or intentional abuse that could result in the release of sensitive information, IT system failures or litigation against the organisation by employees or other parties.
www.c2c.com/industry/whitepapers_policy.htm
Email Policy.com - Learn how to create a company e-mail policy and enforce it using email security software. Also lists sample email policies, books and links.
www.email-policy.com
Encryption Policies: A Task-Oriented Approach - This paper presents a comprehensive set of encryption policies and best practices that should be considered by an organization.
rr.sans.org/policy/encryption_policies.php
Enhancing Enterprise Security - This is a solid site with a good overview of all factors which should go into to the design of a security policy.
www.3com.com/technology/tech_net/white_papers/503023.html
Enterprise Security Management (ESM): Centralizing Management of Your Security Policy - This paper will define Enterprise Security Management (ESM). It will discuss motivations for implementing ESM. It will also look at security policy development and overview some of the items that security policy should contain.
www.sans.org/infosecFAQ/policy/ESM.htm
Federal Systems Level Guidance for Securing Information Systems - The need for security guidelines and defense-in-depth strategies has never been greater. As a result Federal legislation has been / is being enacted to aid in securing of national information systems.
www.sans.org/infosecFAQ/policy/fed_sys.htm
Firewalls and Internet Security - Good paper with theory and firewalls description. Network security policy example.
secinf.net/info/fw/steph
Formulating a Wireless LAN Security Policy: Relevant Issues, Considerations and Implications - [Word Document] This paper represents the security issues related to the use of wireless (vs wired) LAN technology and recommends a number of key implementation guidelines to ensure the secure deployment of wireless LAN services in the company.
www.giac.org/practical/David_Quay_GSEC.doc
GASSP Home Page - Generally Accepted System Security Principles, developed by The International Information Security Foundation.
web.mit.edu/security/www/gassp1.html
Group Policy and Security - The use of Group Policy to simplify the network security tasks that you face as a network administrator. With Group Policy, you can ensure that the machines on your network remain in a secure configuration after you deploy them.
www.win2000mag.com/Articles/Index.cfm?ArticleID=9169
Herding Cats 101: Development & Implementation of Security Policies at a University - The widely-publicized denial of service attacks of February 2000 showcase the need for a basic security policy which governs and oversees the type of activities that are allowed on university computing and network resources.
www.sans.org/infosecFAQ/policy/herding.htm
HIPAA Security Policy Development: A Collaborative Approach - The Health Insurance Portability and Accountability Act of 1996 (HIPAA), enacted on August 21, 1996 as Public Law 104-191, authorized the Secretary of Health and Human Services (HHS) to develop security standards to prevent inadvertent or intentional unauthorized use or disclosure of any health information that is electronically maintained or used in an electronic transmission.
www.sans.org/infosecFAQ/policy/HIPAA_policy.htm
How to Develop a Network Secuity Policy White Paper - This document is for business executives, and others, who want to know more about Internet and internetworking security, and what measures you can take to protect your site.
www.sun.com/software/white-papers/wp-security-devsecpolicy
How to Develop Good Security Policies and Tips on Assessment and Enforcement - Invest the time up front to carefully develop sound policies and then identify ways to gauge their effectiveness and assess the level of compliance within your organization. Commit to spending the time and resources required to ensure that the policies are kept current and accurately reflect your company's security posture.
www.giac.org/practical/Kerry_McConnell_GSEC.doc
How to Develop Your Companys First Security Baseline Standard - The goal of this document is to provide a guide for those charged with designing and implementing baseline security standards for the first time.
www.sans.org/infosecFAQ/policy/baseline.htm
How to Develop Your Companys First Security Baseline Standard - In an age were security is becoming more important to many organisations, it is important for such organisations to document their security policy, just as they would document their marketing policy, client service policy or accounting policies. But the effort of just documenting policies is insufficient, since it is no use going through the effort and costs of developing a security policy and not implementing or updating it.
www.sans.org/infosecFAQ/policy/compliance.htm
Implementing an Encryption Policy for the Mac OS X User - This paper provides the derivation and implementation of a security policy for Mac OS X users.
www.giac.org/practical/Kenneth_Shur_GSEC.doc
Information Flow: Lessons Learned from the Old School - Understanding how information flows is core to being able to protect that information in transport.
www.sans.org/infosecFAQ/policy/flow.htm
Information Security - Discussion of topic with security policies and baseline standards information.
www.security.kirion.net/securitypolicy
Information Security Awarewness Policy - This document will explain the implementation of a security awareness policy and in what ways it is used to involve the user to be more alert towards security issues.
www.sans.org/infosecFAQ/policy/infosec_awareness.htm
Information Security Policies & Computer Security Policy Directory - This directory is intended to help you ensure that your policies actually meet your needs.
www.information-security-policies-and-standards.com
Information Security Program Development - Security standards are needed by organizations because of the amount of information, the value of the information, and ease with which the information can be manipulated or moved.
www.blackmagic.com/ses/bruceg/progmgt.html
Internet Security Policy: A Technical Guide - Contents - This document is intended to help an organization create a coherent Internet-specific information security policy.
secinf.net/info/policy/isptg.en/ISPTG-Contents.html
Internet/Network Security Policy Development - How to write an effective network security policy. This is Part 4 of a 5 part tutorial on Internet and network security.
netsecurity.about.com/compute/netsecurity/library/weekly/aa080299.htm?iam=mt
Introduction and Education of Information Security Policies to Employees - Information Security Policies are necessary to ensure that important data, business plans and other confidential information are protected from theft or unauthorized disclosure. If employees of any organization are not aware of these policies, they will not know what is expected of them.
www.sans.org/infosecFAQ/aware/infosec_policies.htm
ISO 17799 Resource - A guide to ISO 17799 the International standard for Information Security Management, based on the British Standard BS 7799 - Building awareness of Information Security Management, implementation of an information security management system and BS 7799 registration and assessment.
www.iso17799resource.com/index.xalter
ISO 17799 Service & Software Directory - Services and software for ISO 17799 audit, compliance, implementation and security risk analysis.
www.iso17799software.com
ISO 17799 Standard: ISO17799 Compliance & Positioning - The ISO 17799 security standard: How to achieve full ISO17799 compliance
www.securityauditor.net/iso17799
ISO17799 Official Source - The official source document and copyright holder for the ISO17799 security standard.
https://www.bspsl.com/secure/iso17799software/cvm.cfm
Issues in a Computer Acceptable Use Policy - This document is a list of issues and reasons to consider when preparing a university-wide policy on the proper use of computers.
www.rbs2.com/policy.htm
ITworld.com - Security's human side - When it comes to keeping your company's systems secure, employees and managers play roles as important as those of the technological gadgets they deploy.
www.itworld.com/Man/3903/IWD010529securityshuman
Leveraging a Securing Awareness Program from a Security Policy - Activities and procedures that give the Security Polices credibility and visibility. That is, a program that uses activities such as news and anecdotal stories, situational examples and discussion to lend relevance and pertinence to the policies.
www.sans.org/infosecFAQ/policy/leveraging.htm
Make Your Web Site P3P Compliant - How to create and publish your company's platform for privacy perfomance policy, a W3C initiative, in 6 easy steps.
www.w3.org/P3P/details.html
Managing Internet Use: Big Brother or Due Diligence? - This paper describes the major risks of granting widespread Internet access along with suggestions to mitigate them. It also covers monitoring policies and the privacy issues that arise from monitoring Internet use.
www.sans.org/infosecFAQ/policy/internet_use.htm
Model Security Policies - Sample of 25 model security policies for use as templates or guides when developing policies for your own environment.
www.sans.org/newlook/resources/policies/policies.htm
Network & IT Security Policies - Where to find IT security policies, network security policies and a unique method to deliver them. Site includes trial downloads for all software offered.
www.network-and-it-security-policies.com
Network Security Policy A Managers Perspective - The tool that a Network Manager has to facilitate and manage good Network Security is policy.
www.sans.org/infosecFAQ/policy/netsec_policy.htm
Outsourcing Security Management - This purpose of this paper is to highlight some high-level security issues, faced by organizations when outsourcing security management. Some key factors regarding preparation and management of the outsourcing partnership are also included.
www.sans.org/infosecFAQ/policy/outsourcing.htm
P3P Guiding Principles - Principles behind the W3C Platform for Privacy Preferences initiative.
www.w3.org/TR/NOTE-P3P10-principles
PKI Policy Whitepaper - This PKI Note provides general information about PKI policy, the role that policy plays in a PKI and how that policy applies to both traditional and PKI-enabled business environments.
www.pkiforum.org/pdfs/pki_policy.pdf
Policies and Procedures - A presentation from the SANS institute course "Building an Effective Security Infrastructure", which outlines the elements to be included when designing a corporate security policy. Also available for download in Power Point format.
www.sans.org/newlook/resources/policies/bssi3/index.htm
Policy Manager - Cisco Systems - Cisco Secure Policy Manager is a scalable, powerful security policy management system for Cisco firewalls and Virtual Private Network (VPN) gateways. Assistance is also provided with the development and audititing of security policy.
www.cisco.com/warp/public/cc/pd/sqsw/sqppmn/index.shtml
Policy Over Policing - It's easy to develop e-mail and Internet policies, but education and documentation are crucial to their success.
archive.infoworld.com/cgi-bin/displayArchive.pl?/96/34/e01-34.55.htm
Policy Standards and IETF Terminology - The goal of this series of papers is to present the elements of Policy-based Network Management (PBNM) and Quality of Service (QoS) in an organized and thorough manner.
www.iphighway.com/2_policy_standards_and_ietf_terminology.pdf
Policy-Based Network Architecture - This paper outlines the goals of the policy-based network architecture including the creation of a standards-based system that addresses both the enforcement and the administration of policies.
www.allot.com/pdf/products/policymgmt.pdf
RFC2196 (Site Security Handbook) - a guide to developing computer security policies and procedures for sites that have systems on the Internet.
www.cis.ohio-state.edu/htbin/rfc/rfc2196.html
Sandstorm Modem Policy - This policy is designed to be an addition to an existing corporate security policy. It can be an addition to a Remote Access Policy, if one exists, or to simply stand alone as a Modem Access policy if no current policy of this sort exists at the Company.
www.sandstorm.net/phonesweep/ModemPolicy.shtml
Security Awareness Are Your Users "clued in" or "clueless"? - A sound security policy is the foundation of any successful security program. The policy defines the organizations overall posture toward security.
www.sans.org/infosecFAQ/policy/sec_aware.htm
Security Framework and Principles - The section of the Workstation Support Services Security Framework and Principles document from the University of California, Berkley.
securityinfo.berkeley.edu/reports/framework.html#SecurityPolicy
Security Information Web Site - Content rich ready for publication security information web site enables companies to JUMP-START their security management program with policies, plans, techniques, and countermeasures
www.securitywebsites.com
Security Planning - This paper provides guidelines for developing security policies and implementing controls to prevent computer risks from becoming reality.
www.microsoft.com/technet/security/secplan.asp
Security Policies in a Global Organization - In order to deal with the issues around security policies in a global organization it is probably necessary to create a tiered structure of information security policies with some policies applying globally throughout the organization, and other policies applying to individual geographical, or regional entities.
rr.sans.org/policy/global_org.php
Security Policy Roadmap Process for Creating Security Policies - The very first thing in information security is to set up policies and procedures on how to protect information. This paper presents a systematic approach in developing computer security policies and procedures.
www.sans.org/infosecFAQ/policy/roadmap.htm
Security Policy Roadmap Process for Creating Security Policies - This paper presents a systematic approach in developing computer security policies and procedures.
rr.sans.org/policy/roadmap.php
Security Policy: What it is and Why - The Basics - A security policy is nothing more than a well-written strategy on protecting and maintaining availability to your network and its resources.
www.sans.org/infosecFAQ/policy/sec_policy.htm
Security, It's Not Just Technical - The goal of this paper is to introduce the need for an adequate information security policy within your respective workplace/organization.
rr.sans.org/policy/tech.php
Sensitive But Unclassified - As a portion of virtually every organizations policy, there will necessarily be rules and procedures that address the handling of information within that organization. Whether it is a corporation or a non-profit organization or the federal government, the loss of critical information can be damaging.
rr.sans.org/policy/sensitive.php
Shelfware: How to Avoid Writing Security Policy and Documentation That Doesnt Work - This paper explores the "GIAC Basic Security Policy" material (Part V of the course), looking into pitfalls that can make security policy and similar documentation unwieldy and unreadable.
www.sans.org/infosecFAQ/policy/shelfware.htm
Site Security Policy Development - Article by Rob McMillan outlining the importance and characteristics of a good security policy. This article is slightly dated, but provides a good starting point.
security.tsu.ru/info/policy/AusCERT.html
Site Security Policy Development - This paper outlines some issues that the writer of a Site Computer Security Policy may need to consider when formulating such a document.
secinf.net/info/policy/AusCERT.html
Steps to a Secure Network - The typical corporate security objective of the past has been to protect the Enterprise network from the Internet, but as we are reading in the news today, this has not been enough. The first step in protecting the Enterprise is to set realistic expectations.
www.sans.org/infosecFAQ/policy/steps.htm
Structured Approach to Computer Security - A security policy is a set of rules written in general terms stating what is permitted and what is not permitted in a system during normal operation.
www.ce.chalmers.se/staff/ulfl/pubs/tr122to.pdf
Sun Tzu and the Art of (Cyber) War: Ancient Advice for Developing an Information Security Program - Though the battles fought are quite different from ancient China, Sun Tzus philosophies can aid when setting up a security program at your company.
www.sans.org/infosecFAQ/policy/sun_tzu.htm
Technical Writing for IT Security Policies in Five Easy Steps - This paper points new policy technical writers in the right direction and provides a solid foundation from which to start. Follow these five easy steps when writing IT Security policies.
rr.sans.org/policy/tech_writing.php
The Basics of an IT Security Policy - This paper is intended to address the importance of having a written and enforceable Information Technology (IT) security policy, and to provide an overview of the necessary components of an effective policy.
www.giac.org/practical/jack_albright_gsec.doc
The BS7799 Security Zone - Information, guidence and resources to address the BS7799 security standard.
www.thewindow.to/bs7799
The Clark-Wilson Security Model - Much of the attention in the security arena has been devoted to developing sophisticated models (e.g. Bell-LaPadula model) and mechanisms for confidentiality, capabilities to provide confidentiality in information systems are considerably more advanced than those providing integrity. In this paper, we will explore the nature and scope of the Clark-Wilson (CW) model, which focuses on the information integrity issue.
www.sans.org/infosecFAQ/policy/clark-wilson.htm
The Information Security Forum - The Forum's Standard of Good Practice for Information Security - The Information Security Forum has produced the Standard to provide guidelines on all aspects of information security including, IT, Data and Computer controls.
www.isfsecuritystandard.com
The Necessity of a Corporate Policy on E-mail Use and Retention - Few firms have documented, legally enforceable use and retention policies for electronic messages. However, an appropriately implemented policy can help you reduce your company's legal exposure and the possibility of confidentiality breaches.
www.authentica.com/products/whitepapers/Retentionpolicy.pdf
The Use of Case Law in Negotiating the Acceptance of Post Secondary Computer Policies - This paper will assist the reader in facilitating user cooperation and "buy in" while providing a framework to establish their policies.
rr.sans.org/policy/case_law.php
Toward Standardization of Information Security: BS 7799 - This paper describes BS 7799, the "Code of Practice for Information Security Management" as an information security management system, identifies the industry movement toward BS 7799 certification, reports the current effort involving the transformation of BS 7799 into ISO 17799 and suggests a need for the information security professional to familiar with BS 7799.
www.sans.org/infosecFAQ/policy/standardization.htm
Understanding the Virus Threat and Developing Effective Anti-Virus Policy - This paper focuses on providing the reader with an overview of the current virus landscape and aids in developing best practice anti-virus policies.
rr.sans.org/malicious/virus_threat.php
What Do I Put in a Security Policy? - Discussion of how to use all the available information on security policies to create a client specific policy. Contains a sample policy outline.
www.sans.org/infosecFAQ/policy/policy.htm
What makes a good security policy and why is one necessary? - Security does not come from automated applications, rather it is compromised of security applications or systems, processes and procedures and the personnel to implement both the systems and processes. In order to properly address security, the most fundamental item necessary is a security policy.
www.giac.org/practical/Caroline_Reyes_GSEC.doc
What's Your Policy? - If your company doesn't have written security policies, it's time it did, and Mark Edwards has some resources to help.
www.ntsecurity.net/Articles/Index.cfm?ArticleID=9764
When a Security Policy Matures into a Security Solution - It is only through the implementation of security policies with a policy framework and testing to see whether the security exposures were reduced that one can measure if the security policy matured into a security solution.
www.sans.org/infosecFAQ/policy/matures.htm
When Policies that have Always Worked, Don't - The scenario described in this paper outlines a failure of our human systems due to a limitation in our thinking about our procedures that could easily have had catastrophic results.
rr.sans.org/signup/login.php?e327cfa29894664110d30f2e80d45368
Why Security Policies Fail - Objective analysis reveals that many breaches are linked to common weaknesses in the security policy...accidents waiting to happen. This article focuses on strategic and systematic weaknesses that can slowly degrade security operations.
www.securityfocus.com/data/library/Why_Security_Policies_Fail.pdf
World of Information Security Management - This site contains information on BS 7799 (ISO/IEC 17799) including the official Register of BS 7799 Certificates, International BS 7799 User Group, papers on the application of BS 7799 produced by business around the world.
www.xisec.com
IT Security Cookbook - An excellent guide to computer & network security with a strong focus on writing and implementing security policy. This is primarily for security managers and system administrators.
www.boran.com/security