Adaptive Best Practices Policy Samples:: Difference between revisions

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search
No edit summary
 
No edit summary
Line 2: Line 2:
Policies are the broad rules for ensuring the protection of information assets, and for implementing a security strategy or program. Generally brief in length, policies are independent of particular technologies and specific solutions. This section provides sample security policies that an organization can clone and tailor to its unique requirements.<br>
Policies are the broad rules for ensuring the protection of information assets, and for implementing a security strategy or program. Generally brief in length, policies are independent of particular technologies and specific solutions. This section provides sample security policies that an organization can clone and tailor to its unique requirements.<br>
<br>
<br>
[[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']]<br>
:[[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']]<br>
The Information Security Program Charter serves as the capstone document for the Information Security Program and empowers the Information Security Program to manage Information Security-related business risks.<br>
:The Information Security Program Charter serves as the capstone document for the Information Security Program and empowers the Information Security Program to manage Information Security-related business risks.<br>
<br>
<br>
[[Sample Asset Identification and Classification Policy:|'''Sample Asset Identification and Classification Policy''']]<br>
:[[Sample Asset Identification and Classification Policy:|'''Sample Asset Identification and Classification Policy''']]<br>
The Asset Identification and Classification Policy defines objectives for establishing specific standards to define, identify, classify, and label information assets.<br>
:The Asset Identification and Classification Policy defines objectives for establishing specific standards to define, identify, classify, and label information assets.<br>
<br>
<br>
[[Sample Asset Protection Policy:|'''Sample Asset Protection Policy''']]<br>
:[[Sample Asset Protection Policy:|'''Sample Asset Protection Policy''']]<br>
The Asset Protection Policy defines objectives for establishing specific standards for providing an appropriate degree of confidentiality, integrity, and availability for information assets.<br>
:The Asset Protection Policy defines objectives for establishing specific standards for providing an appropriate degree of confidentiality, integrity, and availability for information assets.<br>
<br>
<br>
[[Sample Asset Management Policy:|'''Sample Asset Management Policy''']]<br>
:[[Sample Asset Management Policy:|'''Sample Asset Management Policy''']]<br>
The Asset Management Policy defines objectives for properly managing Information Technology infrastructure, including networks, systems, and applications that store, process and transmit information assets throughout the entire life cycle.<br>
:The Asset Management Policy defines objectives for properly managing Information Technology infrastructure, including networks, systems, and applications that store, process and transmit information assets throughout the entire life cycle.<br>
<br>
<br>
[[Sample Acceptable Use Policy:|'''Sample Acceptable Use Policy''']]<br>
:[[Sample Acceptable Use Policy:|'''Sample Acceptable Use Policy''']]<br>
The Acceptable Use Policy defines objectives for ensuring the appropriate business use of information assets.<br>
:The Acceptable Use Policy defines objectives for ensuring the appropriate business use of information assets.<br>
<br>
<br>
[[Sample Vulnerability Assessment and Management Policy:|'''Sample Vulnerability Assessment and Management Policy''']]<br>
:[[Sample Vulnerability Assessment and Management Policy:|'''Sample Vulnerability :Assessment and Management Policy''']]<br>
The Vulnerability Assessment and Management Policy defines objectives for vulnerability assessment activities and ongoing vulnerability management efforts.<br>
The Vulnerability Assessment and Management Policy defines objectives for vulnerability assessment activities and ongoing vulnerability management efforts.<br>
<br>
<br>
[[Sample Threat Assessment and Monitoring Policy:|'''Sample Threat Assessment and Monitoring Policy''']]<br>
:[[Sample Threat Assessment and Monitoring Policy:|'''Sample Threat Assessment and Monitoring Policy''']]<br>
The Threat Assessment and Monitoring Policy defines objectives for threat assessment activities and ongoing threat monitoring efforts.<br>
:The Threat Assessment and Monitoring Policy defines objectives for threat assessment activities and ongoing threat monitoring efforts.<br>
<br>
<br>
[[Sample Security Awareness Policy:|'''Sample Security Awareness Policy''']]<br>
:[[Sample Security Awareness Policy:|'''Sample Security Awareness Policy''']]<br>
The Security Awareness Policy defines objectives for establishing a formal Security Awareness Program.<br>
:The Security Awareness Policy defines objectives for establishing a formal Security Awareness Program.<br>
<br>
<br>
--[[User:Mdpeters|Mdpeters]] 10:02, 14 July 2006 (EDT)
--[[User:Mdpeters|Mdpeters]] 10:02, 14 July 2006 (EDT)

Revision as of 14:35, 14 July 2006

Policies

Policies are the broad rules for ensuring the protection of information assets, and for implementing a security strategy or program. Generally brief in length, policies are independent of particular technologies and specific solutions. This section provides sample security policies that an organization can clone and tailor to its unique requirements.

Sample Information Security Program Charter
The Information Security Program Charter serves as the capstone document for the Information Security Program and empowers the Information Security Program to manage Information Security-related business risks.


Sample Asset Identification and Classification Policy
The Asset Identification and Classification Policy defines objectives for establishing specific standards to define, identify, classify, and label information assets.


Sample Asset Protection Policy
The Asset Protection Policy defines objectives for establishing specific standards for providing an appropriate degree of confidentiality, integrity, and availability for information assets.


Sample Asset Management Policy
The Asset Management Policy defines objectives for properly managing Information Technology infrastructure, including networks, systems, and applications that store, process and transmit information assets throughout the entire life cycle.


Sample Acceptable Use Policy
The Acceptable Use Policy defines objectives for ensuring the appropriate business use of information assets.


Sample Vulnerability :Assessment and Management Policy

The Vulnerability Assessment and Management Policy defines objectives for vulnerability assessment activities and ongoing vulnerability management efforts.

Sample Threat Assessment and Monitoring Policy
The Threat Assessment and Monitoring Policy defines objectives for threat assessment activities and ongoing threat monitoring efforts.


Sample Security Awareness Policy
The Security Awareness Policy defines objectives for establishing a formal Security Awareness Program.


--Mdpeters 10:02, 14 July 2006 (EDT)