| Directory > Computers > Security > Policy > Sample Policies SANS Sample Security Policies
Policy templates for twenty-four important security requirements.
http://www.sans.org/resources/policies
Reviews Rating: Not yet Rated
Whois Check
Sample Policies
Sample Perimeter Defense and Vulnerability Assessment Policies.
http://www.attackprevention.com/ap/policy.htm
Reviews Rating: Not yet Rated
Whois Check
Acceptable Use Policy Report
This is a report on the Acceptable Usage Policy: what corporations expect of it, an instance of a
commercially used policy, and a framework for creating your own policy.
http://members.iinet.net.au/~colinwee/mbt/acceptableuse/index.html
Reviews Rating: Not yet Rated
Whois Check
Hennepin County E-mail Policy
The Hennepin County Electronic Mail System (e-mail) is designed to facilitate County business
communication among employees and other business associates for messages or memoranda. Since no
computer system is completely secure, the e-mail system is not intended to transmit sensitive
materials, such as personnel decisions and other similar information which may be more
appropriately communicated by written memorandum or personal conversation.
http://www.co.hennepin.mn.us/emailpolicy.html
Reviews Rating: Not yet Rated
Whois Check
Sandstorm Modem Policy
This policy is designed to be an addition to an existing corporate security policy. It can be an
addition to a Remote Access Policy, if one exists, or to simply stand alone as a Modem Access
policy if no current policy of this sort exists at the Company.
http://www.sandstorm.net/phonesweep/ModemPolicy.shtml
Reviews Rating: Not yet Rated
Whois Check
Computing Policies
The electronic resource usage and security policy for the University of Pennsylvania.
http://www.upenn.edu/computing/policy/
Reviews Rating: Not yet Rated
Whois Check
Company Email Policy
Every company needs to establish a policy regarding use of and access to company email systems --
and then tell all employees what its policy is.
http://www.cli.org/emailpolicy/top.html
Reviews Rating: Not yet Rated
Whois Check
University of Colorado Email Policy
This administrative policy statement sets forth the University's policy with regard to use of,
access to, and disclosure of electronic mail to assist in ensuring that the University's resources
serve those purposes.
http://www.cusys.edu/~policies/General/email.html
Reviews Rating: Not yet Rated
Whois Check
Lab Anti-Virus Policy
Defines requirements which must be met by all computers connected to the organization's lab
networks to ensure effective virus detection and prevention.
http://www.sans.org/newlook/resources/policies/Lab_Anti-Virus_Policy.pdf
Reviews Rating: Not yet Rated
Whois Check
Internet DMZ Equipment Policy
Sample policy defining the minimum requirement for all equipment located outside the corporate
firewall.
http://www.sans.org/newlook/resources/policies/Internet_DMZ_Equipment_Policy.pdf
Reviews Rating: Not yet Rated
Whois Check
Server Security Policy
Defines standards for minimal security configuration for servers inside the organization's
production network, or used in a production capacity.
http://www.sans.org/newlook/resources/policies/Server_Security_Policy.pdf
Reviews Rating: Not yet Rated
Whois Check
Internal Lab Security Policy
Defines requirements for internal labs to ensure that confidential information and technologies are
not compromised, and that production services and interests of the organization are protected from
lab activities.
http://www.sans.org/newlook/resources/policies/Internal_Lab%20Security_Policy.pdf
Reviews Rating: Not yet Rated
Whois Check
Router Security Policy
Sample policy establishing the minimum security requirements for all routers and switches
connecting to production networks.
http://www.sans.org/newlook/resources/policies/Router_Security_Policy.pdf
Reviews Rating: Not yet Rated
Whois Check
Information Sensitivity Policy
Sample policy to assist users to assign sensitity levels to information they own.
http://www.sans.org/newlook/resources/policies/Information_Sensitivity_Policy.pdf
Reviews Rating: Not yet Rated
Whois Check
DMZ Lab Security Policy
Sample policy establishing the minimum security requirements of any equipment to be deployed in the
corporate DMZ.
http://www.sans.org/newlook/resources/policies/DMZ_Lab_Security_Policy.pdf
Reviews Rating: Not yet Rated
Whois Check
Acceptable Encryption Policy
Defines requirements for encryption algorithms used within the organization.
http://www.sans.org/newlook/resources/policies/Acceptable_Encryption_Policy.pdf
Reviews Rating: Not yet Rated
Whois Check
Acquisition Assessment Policy
Defines responsibilities regarding corporate acquisitions, and defines the minimum requirements of
an acquisition assessment to be completed by the information security group.
http://www.sans.org/newlook/resources/policies/Aquisition_Assessment_Policy.pdf
Reviews Rating: Not yet Rated
Whois Check
Dial-in Access Policy
Sample policy controlling the use of dial-in connection to corporate networks.
http://www.sans.org/newlook/resources/policies/Dial-in_Access_Policy.pdf
Reviews Rating: Not yet Rated
Whois Check
Database Password Policy
Defines requirements for securely storing and retrieving database usernames and passwords.
http://www.sans.org/newlook/resources/policies/DB_Credentials_Policy.pdf
Reviews Rating: Not yet Rated
Whois Check
Audit Policy
Defines the requirements and provides the authority for the information security team to conduct
audits and risk assessments to ensure integrity of information/resources, to investigate incidents,
to ensure conformance to security policies, or to monitor user/system activity where appropriate.
http://www.sans.org/newlook/resources/policies/Audit_Policy.pdf
Reviews Rating: Not yet Rated
Whois Check
Application Service Provider Policy
Defines minimum security criteria that an ASP must execute in order to be considered for use on a
project by the organization.
http://www.sans.org/newlook/resources/policies/Application_Service_Providers.pdf
Reviews Rating: Not yet Rated
Whois Check
Virtual Private Network Policy
Defines the requirements for Remote Access IPSec or L2TP Virtual Private Network (VPN) connections
to the organization's network.
http://www.sans.org/newlook/resources/policies/Virtual_Private_Network.pdf
Reviews Rating: Not yet Rated
Whois Check
Application Service Provider Standards
Sample set of minimum security standards that an application service provider must meet to be
considered for use by a corporation.
http://www.sans.org/newlook/resources/policies/asp_standards.pdf
Reviews Rating: Not yet Rated
Whois Check
Automatically Forwarded Email Policy
Documents the requirement that no email will be automatically forwarded to an external destination
without prior approval from the appropriate manager or director.
http://www.sans.org/newlook/resources/policies/Automatically_Forwarded_Email_Policy.pdf
Reviews Rating: Not yet Rated
Whois Check
Analog/ISDN Line Policy
Defines standards for use of analog/ISDN lines for Fax sending and receiving, and for connection to
computers.
http://www.sans.org/newlook/resources/policies/Analog_Line_Policy.pdf
Reviews Rating: Not yet Rated
Whois Check
Password Protection Policy
Defines standards for creating, protecting, and changing strong passwords.
http://www.sans.org/newlook/resources/policies/Password_Policy.pdf
Reviews Rating: Not yet Rated
Whois Check
Anti-Virus Guidelines
Defines guidelines for effectively reducing the threat of computer viruses on the organization's
network.
http://www.sans.org/newlook/resources/policies/Anti-virus_Guidelines.pdf
Reviews Rating: Not yet Rated
Whois Check
Third Party Connection Agreement
Sample agreement for establishing a connection to an external party.
http://www.sans.org/newlook/resources/policies/Third_Party_Agreement.pdf
Reviews Rating: Not yet Rated
Whois Check
Wireless Communication Policy
Sample policy controlling the use of unsecured wireless communications technology.
http://www.sans.org/newlook/resources/policies/Wireless_Communication_Policy.pdf
Reviews Rating: Not yet Rated
Whois Check
Risk Assessment Policy
Defines the requirements and provides the authority for the information security team to identify,
assess, and remediate risks to the organization's information infrastructure associated with
conducting business. [pdf format.]
http://www.sans.org/newlook/resources/policies/Risk_Assessment_Policy.pdf
Reviews Rating: Not yet Rated
Whois Check
Extranet Policy
Defines the requirement that third party organizations requiring access to the organization's
networks must sign a third-party connection agreement. [PDF, 80 KB]
http://www.sans.org/newlook/resources/policies/Extranet_Policy.pdf
Reviews Rating: Not yet Rated
Whois Check
Remote Access Policy
The purpose of this policy is to define standards for connecting to a corporate network from any
host.
http://www.sans.org/newlook/resources/policies/Remote_Access_Policy.pdf
Reviews Rating: Not yet Rated
Whois Check
Acceptable Use Policy (pdf)
Defines acceptable use of equipment and computing services, and the appropriate employee security
measures to protect the organization's corporate resources and proprietary information.
http://www.sans.org/newlook/resources/policies/Acceptable_Use_Policy.pdf
Reviews Rating: Not yet Rated
Whois Check
|
