Ask the Expert

End to end security policies for beginners

I have two questions:


  1. What is a good resource for security policies. We are a small company, and are starting from scratch, so we are looking for freeware type solution, End to End Security Policy for Dummies!
  2. What is a good source for Security Audit checklists, which are linked to aspects of Compliance? HIPPA, SoX, GLB etc.

    Requires Free Membership to View

For question number 1, check out my stories for SearchSecurity that include "Security Policy By Example" in their titles:

These should help get you started down the road toward formulating security policy: though most of the resources mentioned cost something, most of them don't cost very much, either.

For question number 2, I'd look around at and SANS (the latter is well-known for providing security checklists of all kinds, including for audit purposes). You might also want to troll around at ISACA where you can probably find such things as well. Then, too, there's always the brute force technique of using, for example, "HIPAA security audit checklist" as a search string in your favorite search engine (I found one direct hit at using a literal string search, and thousands of hits using less demanding criteria).

This was first published in October 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: