Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management

Toggle navigation Current Site te

advertisement 
Toggle navigation

SANS Site Network
o Current Site
o
o
Security Training
Choose a different site Help
o
Security Certification
o
Internet Storm Center
o
Graduate Degree Programs
o
Security Awareness Training
o
Cyber Defense
o
Forensics & Incident Response
o
Penetration Testing
o
Industrial Control Systems
o
Software Security
o
Government Private Training


Login
Create Account

Find Training
o Search For Training
o Upcoming Events
o Online Training
o Private Training
o Course List
o
o
o



NetWars
Without Travel
Training Curricula »
 Cyber Defense
 System Administration
 Digital Forensic Investigations and Media Exploitation
 Penetration Testing
 Incident Response and Threat Hunting
 Management
 Secure Software Development
 Audit
 Intrusion Analysis
 Cyber Guardian
 Legal
 Industrial Control Systems
o Calendars
Live Training
o Overview
o Search For Training
o Upcoming Events
o Summits
o Community Events
o Mentor
o Private Training
o Work Study
o COINS
Online Training
o Overview
o Search For Training
o OnDemand
o vLive: Live Evening Courses
o Simulcast
o SelfStudy
o NetWars: Continuous
o Private Training
o Security Awareness
o Specials
Programs
o Overview
o Voucher Program
o CyberTalent
o ICS/SCADA
o Cyber Guardian
o NetWars
o Cybersecurity Innovation Awards
o Commercial Enterprise Solutions
o
o
o
o



CISSP Get Certified
DoD 8570
DoD 8140
NICE Framework
Resources
o Overview
o Reading Room
o Webcasts
o Newsletters
o Blogs
o Tip of The Day
o Posters
o Top 25 Programming Errors
o The Critical Security Controls
o Security Policy Project
o From Vendors
o Additional Resources
o Critical Vulnerability Recaps
Vendor
o Overview
o Sponsorship
o Demographics
o Analyst Program
o Webcasts
o Events
o WhatWorks
o CIS Critical Security Controls
o Contact
About
o About SANS
o Why SANS?
o Instructors
o Contact
o FAQ
o Link to SANS
o Press Room
o Careers
o PGP Key
Information Security Policy Templates
Welcome to the SANS Security Policy Resource page, a consensus research project of the SANS
community. The ultimate goal of the project is to offer everything you need for rapid
development and implementation of information security policies. You'll find a great set of
resources posted here already, including policy templates for twenty-seven important security
requirements.
Find the Policy Template You Need!
General












Acceptable Encryption Policy
Acceptable Use Policy
Clean Desk Policy
Disaster Recovery Plan Policy
Digital Signature Acceptance Policy
Email Policy
Ethics Policy
Pandemic Response Planning Policy
Password Construction Guidelines
Password Protection Policy
Security Response Plan Policy
End User Encryption Key Protection Policy
Network Security







Acquisition Assessment Policy
Bluetooth Baseline Requirements Policy
Remote Access Policy
Remote Access Tools Policy
Router and Switch Security Policy
Wireless Communication Policy
Wireless Communication Standard
Server Security







Database Credentials Policy
Technology Equipment Disposal Policy
Information Logging Standard
Lab Security Policy
Server Security Policy
Software Installation Policy
Workstation Security (For HIPAA) Policy
Application Security

Web Application Security Policy
Old/Retired

Analog/ISDN Line Security Policy





















Anti-Virus Guidelines
Server Audit Policy
Automatically Forwarded Email Policy
Communications Equipment Policy
Dial In Access Policy
Extranet Policy
Internet DMZ Equipment Policy
Internet Usage Policy
Mobile Device Encryption Policy
Personal Communication Devices and Voicemail Policy
Removable Media Policy
Risk Assessment Policy
Server Malware Protectoin Policy
Social Engineering Awareness Policy
DMZ Lab Security Policy
Email Retention Policy
Employee Internet Use Monitoring and Filtering Policy
Lab Anti Virus Policy
Mobile Employee Endpoint Responsibility Policy
Remote Access Mobile Computing Storage
Virtual Private Network Policy
There is no cost for using these resources. They were compiled to help the people attending
SANS training programs, but security of the Internet depends on vigilance by all participants, so
we are making this resource available to the entire community.
Over the years a frequent request of SANS attendees has been for consensus policies, or at least
security policy templates, that they can use to get their security programs updated to reflect 21st
century requirements. While SANS has provided some policy resources for several years, we felt
we could do more if we could get the community to work together. This page provides a vastly
improved collection of policies and policy templates.
This page will continue to be a work in-progress and the policy templates will be living
documents. We hope all of you who are SANS attendees will be willing and able to point out any
problems in the models we post by emailing us at policies@sans.org. We also hope that you will
share policies your organization has written if they reflect a different need from those provided
here or if they do a better job of making the policies brief, easy to read, feasible to implement,
and effective.
We'll make improvements and add new resources and sample policies as we discover them.
Is it a Policy, a Standard or a Guideline?
What's in a name? We frequently hear people use the names "policy", "standard", and
"guideline" to refer to documents that fall within the policy infrastructure. So that those who
participate in this consensus process can communicate effectively, we'll use the following
definitions.
A policy is typically a document that outlines specific requirements or rules that must be met. In
the information/network security realm, policies are usually point-specific, covering a single
area. For example, an "Acceptable Use" policy would cover the rules and regulations for
appropriate use of the computing facilities.
A standard is typically a collection of system-specific or procedural-specific requirements that
must be met by everyone. For example, you might have a standard that describes how to harden
a Windows 8.1 workstation for placement on an external (DMZ) network. People must follow
this standard exactly if they wish to install a Windows 8.1 workstation on an external network
segment. In addition, a standard can be a technology selection, e.g. Company Name uses Tenable
SecurityCenter for continuous monitoring, and supporting policies and procedures define how it
is used.
A guideline is typically a collection of system specific or procedural specific "suggestions" for
best practice. They are not requirements to be met, but are strongly recommended. Effective
security policies make frequent references to standards and guidelines that exist within an
organization.
Information Security Policy Templates



Policies Home
References
About Project Team
Latest Whitepapers
The Case for PIM/PAM in Today's Infosec
By Barbara Filkins
SANS 2016 State of ICS Security Survey
By
Incident Response Capabilities in 2016: The 2016 SANS Incident Response Survey
By Matt Bromiley
Last 25 Papers »
Latest Tweets @SANSEMEA
Upcoming #CyberSecurity Training Event in #Brussels. Registe [...]
July 5, 2016 - 8:47 AM
Good foundation for #security incidents. Must have for secur [...]
July 4, 2016 - 3:26 PM
Attend our 1 day European #ICS #Security Summit on Monday 19 [...]
July 4, 2016 - 10:47 AM
Contact Us
24/7 Contact
Tel +44 203 384 3470
emea@sans.org
"This has been a great way to get working knowledge that would have taken years of experience
to learn."
- Josh Carlson, Nelnet
"SANS always provides you what you need to become a better security professional at the right
price."
- Rasik Vekaria, BP
"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best
training ever!"
- Jerry Robles de Medina, Godo CU

SANS Site Network
o Current Site
o
o
Security Training
Choose a different site Help
o
Security Certification
o
Internet Storm Center
o
Graduate Degree Programs
o
Security Awareness Training
o
Cyber Defense
o
Forensics & Incident Response
o
Penetration Testing
o
Industrial Control Systems
o
Software Security
o
Government Private Training






Why SANS
Training Options
Courses
GIAC Certifications
Register
Resources




Privacy Policy
Trademark Usage Policy
Credits
© 2000-2016 SANS™ Institute
Related documents
Why is this class required?
Why is this class required?
Document14176757 14176757
Document14176757 14176757
Ageing poems
Ageing poems
Social Interaction Theories
Social Interaction Theories
Copies of "The Road not Taken"
Copies of "The Road not Taken"
As You Like It - Presdales School
As You Like It - Presdales School
Download
advertisement