 |
Remote Access Policy
Remote Access Policy: The purpose of this policy is to define standards for connecting to a corporate network from any host. (Sample Policies)
http://www.sans.org/newlook/resources/policies/Remote_Access_Policy.pdf |
 |
SANS Sample Security Policies
SANS Sample Security Policies: Policy templates for twenty-four important security requirements. (Sample Policies)
http://www.sans.org/resources/policies |
 |
Virtual Private Network Policy
Virtual Private Network Policy: Defines the requirements for Remote Access IPSec or L2TP Virtual Private Network (VPN) connections to the organization's network. (Sample Policies)
http://www.sans.org/newlook/resources/policies/Virtual_Private_Network.pdf |
 |
Router Security Policy
Router Security Policy: Sample policy establishing the minimum security requirements for all routers and switches connecting to production networks. (Sample Policies)
http://www.sans.org/newlook/resources/policies/Router_Security_Policy.pdf |
 |
Information Sensitivity Policy
Information Sensitivity Policy: Sample policy to assist users to assign sensitity levels to information they own. (Sample Policies)
http://www.sans.org/newlook/resources/policies/Information_Sensitivity_Policy.pdf |
 |
Automatically Forwarded Email Policy
Automatically Forwarded Email Policy: Documents the requirement that no email will be automatically forwarded to an external destination without prior approval from the appropriate manager or director. (Sample Policies)
http://www.sans.org/newlook/resources/policies/Automatically_Forwarded_Email_Policy.pdf |
 |
Computing Policies
Computing Policies: The electronic resource usage and security policy for the University of Pennsylvania. (Sample Policies)
http://www.upenn.edu/computing/policy/ |
 |
Password Protection Policy
Password Protection Policy: Defines standards for creating, protecting, and changing strong passwords. (Sample Policies)
http://www.sans.org/newlook/resources/policies/Password_Policy.pdf |
 |
Third Party Connection Agreement
Third Party Connection Agreement: Sample agreement for establishing a connection to an external party. (Sample Policies)
http://www.sans.org/newlook/resources/policies/Third_Party_Agreement.pdf |
 |
Dial-in Access Policy
Dial-in Access Policy: Sample policy controlling the use of dial-in connection to corporate networks. (Sample Policies)
http://www.sans.org/newlook/resources/policies/Dial-in_Access_Policy.pdf |
 |
Acquisition Assessment Policy
Acquisition Assessment Policy: Defines responsibilities regarding corporate acquisitions, and defines the minimum requirements of an acquisition assessment to be completed by the information security group. (Sample Policies)
http://www.sans.org/newlook/resources/policies/Aquisition_Assessment_Policy.pdf |
 |
Risk Assessment Policy
Risk Assessment Policy: Defines the requirements and provides the authority for the information security team to identify, assess, and remediate risks to the organization's information infrastructure associated with conducting business. [pdf format.] (Sample Policies)
http://www.sans.org/newlook/resources/policies/Risk_Assessment_Policy.pdf |
 |
DMZ Lab Security Policy
DMZ Lab Security Policy: Sample policy establishing the minimum security requirements of any equipment to be deployed in the corporate DMZ. (Sample Policies)
http://www.sans.org/newlook/resources/policies/DMZ_Lab_Security_Policy.pdf |
 |
Acceptable Encryption Policy
Acceptable Encryption Policy: Defines requirements for encryption algorithms used within the organization. (Sample Policies)
http://www.sans.org/newlook/resources/policies/Acceptable_Encryption_Policy.pdf |
 |
Database Password Policy
Database Password Policy: Defines requirements for securely storing and retrieving database usernames and passwords. (Sample Policies)
http://www.sans.org/newlook/resources/policies/DB_Credentials_Policy.pdf |
 |
Application Service Provider Standards
Application Service Provider Standards: Sample set of minimum security standards that an application service provider must meet to be considered for use by a corporation. (Sample Policies)
http://www.sans.org/newlook/resources/policies/asp_standards.pdf |
 |
Acceptable Use Policy Report
Acceptable Use Policy Report: This is a report on the Acceptable Usage Policy: what corporations expect of it, an instance of a commercially used policy, and a framework for creating your own policy. (Sample Policies)
http://members.iinet.net.au/~colinwee/mbt/acceptableuse/index.html |
 |
Wireless Communication Policy
Wireless Communication Policy: Sample policy controlling the use of unsecured wireless communications technology. (Sample Policies)
http://www.sans.org/newlook/resources/policies/Wireless_Communication_Policy.pdf |
 |
Sample Policies
Sample Policies: Sample Perimeter Defense and Vulnerability Assessment Policies. (Sample Policies)
http://www.attackprevention.com/ap/policy.htm |
 |
Acceptable Use Policy (pdf)
Acceptable Use Policy (pdf): Defines acceptable use of equipment and computing services, and the appropriate employee security measures to protect the organization's corporate resources and proprietary information. (Sample Policies)
http://www.sans.org/newlook/resources/policies/Acceptable_Use_Policy.pdf |
 |
Lab Anti-Virus Policy
Lab Anti-Virus Policy: Defines requirements which must be met by all computers connected to an organization's lab networks to ensure effective virus detection and prevention. (Sample Policies)
http://www.sans.org/resources/policies/Lab_Anti-Virus_Policy.pdf |
 |
Analog/ISDN Line Policy
Analog/ISDN Line Policy: Defines standards for use of analog/ISDN lines for Fax sending and receiving, and for connection to computers. (Sample Policies)
http://www.sans.org/newlook/resources/policies/Analog_Line_Policy.pdf |
 |
Sandstorm Modem Policy
Sandstorm Modem Policy: This policy is designed to be an addition to an existing corporate security policy. It can be an addition to a Remote Access Policy, if one exists, or to simply stand alone as a Modem Access policy if no current policy of this sort exists at the Company. (Sample Policies)
http://www.sandstorm.net/phonesweep/ModemPolicy.shtml |
 |
Application Service Provider Policy
Application Service Provider Policy: Defines minimum security criteria that an ASP must execute in order to be considered for use on a project by the organization. (Sample Policies)
http://www.sans.org/newlook/resources/policies/Application_Service_Providers.pdf |
 |
Audit Policy
Audit Policy: Defines the requirements and provides the authority for the information security team to conduct audits and risk assessments to ensure integrity of information/resources, to investigate incidents, to ensure conformance to security policies, or to monitor (Sample Policies)
http://www.sans.org/newlook/resources/policies/Audit_Policy.pdf |
 |
Server Security Policy
Server Security Policy: Defines standards for minimal security configuration for servers inside the organization's production network, or used in a production capacity. (Sample Policies)
http://www.sans.org/newlook/resources/policies/Server_Security_Policy.pdf |
 |
Anti-Virus Guidelines
Anti-Virus Guidelines: Defines guidelines for effectively reducing the threat of computer viruses on the organization's network. (Sample Policies)
http://www.sans.org/resources/policies/Anti-virus_Guidelines.pdf |
 |
Internet DMZ Equipment Policy
Internet DMZ Equipment Policy: Sample policy defining the minimum requirement for all equipment located outside the corporate firewall. (Sample Policies)
http://www.sans.org/newlook/resources/policies/Internet_DMZ_Equipment_Policy.pdf |
 |
University of Colorado Email Policy
University of Colorado Email Policy: This administrative policy statement sets forth the University's policy with regard to use of, access to, and disclosure of electronic mail to assist in ensuring that the University's resources serve those purposes. (Sample Policies)
http://www.cusys.edu/~policies/General/email.html |
 |
Company Email Policy
Company Email Policy: Every company needs to establish a policy regarding use of and access to company email systems -- and then tell all employees what its policy is. (Sample Policies)
http://www.cli.org/emailpolicy/top.html |
 |
Internal Lab Security Policy
Internal Lab Security Policy: Defines requirements for internal labs to ensure that confidential information and technologies are not compromised, and that production services and interests of the organization are protected from lab activities. (Sample Policies)
http://www.sans.org/newlook/resources/policies/Internal_Lab%20Security_Policy.pdf |
 |
Extranet Policy
Extranet Policy: Defines the requirement that third party organizations requiring access to the organization's networks must sign a third-party connection agreement. [PDF, 80 KB] (Sample Policies)
http://www.sans.org/newlook/resources/policies/Extranet_Policy.pdf |
Additional
Information: These are examples of IT security policies, some are policies which have been created and implemented in specific organizations, others are simply samples to provide guidance in the creation of policy for others. Examples include policies in the areas of
-
