We're creating a Security Policy for our company. I'm looking for examples I can use as a boiler plate for ours.
Thanks
SnapOverflow
We're creating a Security Policy for our company. I'm looking for examples I can use as a boiler plate for ours.
Thanks
There are quite a few out there. If you haven't found them already, the SANS institute has a broad selection of template policies:
http://www.sans.org/security-resources/policies/#template
They've been around for a long time. Those policies are really good reading, and should allow you to build your own.
Wouldn't this kind of depend on your company, size, configuration, and culture for the business?
What things do you already allow or disallow?
Do you lock down your systems? Allow installation of things by users? Are your users developers or are they mostly secretarial or are your systems used as kiosks or are they customized? Are they shared?
Are you mostly roaming users? Workstations? Do you allow visitor systems on your network?
Do you deal with intellectual property like your own software, so you disallow USB drives or burnable CD's? Monitor electronic communication?
The basics are things that are covered in a number of places I think. But a general boiler plate policy might not be a great idea in my opinion. There's no single answer to this. You might be better off asking as a wiki question what should be considered in creating a security policy so you can customize it to your own needs and experiences.