Re: RE: How to design Security Policies

[rohnskii () gmail com]

To add to Jayson's list:

http://www.kaonsecurity.com/html_pages/policy_main.htm - Kaon SecurITy Ltd, this is a good one to check out.

http://www.first.org/resources/guides/ - Forum of Incident Response & Security Teams

http://www.bitpipe.com/detail/RES/1170864207_476.html - link to a 6 page doc:   Best Practices on Implementing an 
Effective Security Policy 

http://searchsecurity.techtarget.com/topics/0,295493,sid14_tax300019,00.html - Creating and Managing Information 
Security Policies - page of many links 

http://csrc.nist.gov/index.html - NIST (National Institute of Standards) you can drown in all the paper work here ...

http://www.informationshield.com/products.html - they have several LARGE books of prewritten polices that you can base 
your own on.  ie "Information Security Policies Made Easy, Version 10" By Charles Cresson Wood, CISSP, CISA, CISM 
(1300+ written policies you can pick from).  I haven't seen them myself.

http://www.informationshield.com/ipme.html - Security Awareness with Information Protection Made Easy (another book, 
small)

http://www.informationshield.com/whitepapers.html#regs - links to lots of other sites and docs

http://www.computersecuritynow.com/ - ISO 17779, not security policy per se, more a policy about policies

http://www.newboundary.com/products/policycommander/index.htm - tool for managing/updating policies

http://www.ciscowebtools.com/spb/?POSITION=SyndicatedContent&COUNTRY_SITE=us&CAMPAIGN=MidMarket&CREATIVE=POLICYBUILDER&REFERRING_SITE=ITTOOLBOX
 - Security Policy Builder, Create a custom security policy for your business.  Steps you through a series of questions