See also:

• Computers: Security: FAQs, Help, and Tutorials  (11)

Acceptable Encryption Policy - - Defines requirements for encryption algorithms used within the organization. [PDF.

Acceptable Use Policy - - Defines acceptable use of equipment and computing services, and the appropriate employee security measures to protect the organization's corporate resources and proprietary information. [PDF.

Acquisition Assessment Policy - - Defines responsibilities regarding corporate acquisitions, and defines the minimum requirements of an acquisition assessment to be completed by the information security group. [PDF.

Analog/ISDN Line Policy - - Defines standards for use of analog/ISDN lines for Fax sending and receiving, and for connection to computers. [PDF.

Anti-Virus Guidelines - - Defines guidelines for effectively reducing the threat of computer viruses on the organization's network.

Application Service Provider Policy - - Defines minimum security criteria that an ASP must fulfil in order to be considered for use on a project by the organization.

Application Service Provider Standards - - Sample set of minimum security standards that an application service provider must meet to be considered for use by a corporation.

Audit Policy - - Defines the requirements and provides the authority for the information security team to conduct audits and risk assessments.

Automatically Forwarded Email Policy - - Documents the requirement that no email will be automatically forwarded to an external destination without prior approval from the appropriate manager or director.

Company Email Policy - - A menu of clauses suitable for email acceptable use policies.

Computing Policies - - The electronic resource usage and security policy for the University of Pennsylvania.

Database Password Policy - - Defines requirements for securely storing and retrieving database usernames and passwords.

Dial-in Access Policy - - Sample policy controlling the use of dial-in connection to corporate networks.

DMZ Lab Security Policy - - Sample policy establishing the minimum security requirements of any equipment to be deployed in the corporate De-Militarized Zone.

Enterprise Ireland How To Guides - - A combined security policy and security procedures example document.

ePolicy Institute - - Policies on information security and other topics.

Extranet Policy - - Defines the requirement that third party organizations requiring access to the organization's networks must sign a third-party connection agreement. [PDF.

Information Sensitivity Policy - - Sample policy defining the assignment of sensitivity levels to information.

Internal Lab Security Policy - - Defines requirements for internal labs to ensure that confidential information and technologies are not compromised, and that production services and interests of the organization are protected from lab activities. [PDF.

Internet DMZ Equipment Policy - - Sample policy defining the minimum requirement for all equipment located outside the corporate firewall.

Introduction to Security Policies, Part Four: A Sample Policy - - Examples of security policies to demonstrate writing styles.

K-20 Network Acceptable Use Policy - - Policy on acceptable use of a school network, along with information for parents and an informed consent form.

Lab Anti-Virus Policy - - Defines requirements which must be met by all computers connected to an organization's lab networks to ensure effective virus detection and prevention. [PDF.

New York State Office for Technology - Information Security Policy - - Example of how to define high level information security principles and architecture, leading to an overall information security policy.

Password Protection Policy - - Defines standards for creating, protecting and changing strong passwords.

Remote Access Policy - - Defines standards for connecting to a corporate network from any host. [PDF.

Risk Assessment Policy - - Defines the requirements and provides the authority for the information security team to identify, assess and remediate risks to the organization's information infrastructure. [PDF.

Router Security Policy - - Sample policy establishing the minimum security requirements for all routers and switches connecting to production networks. [PDF.

Sample ISO 27001 Policies - - A policy template consisting of headings aligned with the new ISO standard for information security management.

Sample Policies - - Handy collection of information security policy samples.

Sandstorm Modem Policy - - This policy is designed to be an addition to an existing Remote Access Policy, if one exists, or to simply stand alone.

SANS Security Policy Project - - A consensus research project supporting rapid development and implementation of information security policies.

Server Security Policy - - Defines standards for minimal security configuration for servers inside the organization's production network, or used in a production capacity.

Telecommuting/Teleworking Sample Policy - - Sample policy on teleworking covering employment as well as information security issues.

Third Party Connection Agreement - - Sample agreement for establishing a connection to an external party.

Total Enterprise Security Solutions LLC - - Templates for information security policies, guidelines, checklists and procedures, including PDF samples of several common policies.

University of Auckland Information Security Management Policies - - Set of acceptable use and technical policies covering common information security issues.

University of Colorado Email Policy - - This administrative policy statement sets forth the University's policy with regard to use of, access to, and disclosure of electronic mail to assist in ensuring that the University's resources serve those purposes.

Virtual Private Network Policy - - Defines the requirements for Remote Access IPSec or L2TP Virtual Private Network (VPN) connections to the organization's network.

Wireless Communication Policy - - Sample policy concerning the use of unsecured wireless communications technology.