Manage Learn to apply best practices and optimize your operations.

Policy management resources

Learn where to find resources that will help you create and manage security policies, procedures and checklists.

Are there any sites that provide free security policies, procedures, checklists, etc. for security management. If so, could you please direct me to them?
For security policies, a good place to start is the SANS™ Institute (https://www.sans.org/resources/policies/), where you can find many examples, templates, and a policy primer.

Often, it is useful to see how other organizations execute their policies. The following sites show you how the National Institute of Heath (http://cio.berkeley.edu/policies.html) and Berkeley University (http://irm.cit.nih.gov/security/sec_policy.html) created their policies.

The following links provide an extensive bouquet of information and examples pertaining to policies:

  • http://secinf.net/ipolicye.html
  • http://www.information-security-policies-and-standards.com

The following site will point you to a relatively inexpensive tool for policy creation http://www.network-and-it-security-policies.com.

NIST develops a majority of the standards embodied in the industry. At the following Web site, you can find a wealth of information on checklists, guidelines and procedures from topics ranging from incident response, wireless security, HIPPA, Voice over IP and much more. This should be a familiar Web site to anyone in the security field http://csrc.nist.gov/publications/nistpubs.

For security checklists there are a number of sites to visit, depending upon what you need to evaluate.

  • https://www.sans.org/score/
  • http://www.cert.org/tech_tips/
  • http://csrc.nist.gov/pcig/cig.html
  • http://www.microsoft.com/technet/archive/security/chklist/default.mspx

More Information
  • Learn how security policies differ from guidelines and standards.
  • Visit our creating and managing policy resource center for news, tips and expert advice.

  • This was last published in September 2005

    Dig Deeper on Information security policies, procedures and guidelines

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.