Home
Certification Preparation
(ISC)²
SSCP
Security Policy
yrcissp
Hello All,
I am tasked with writing a security policy. I was wondering if there is a template available that i can customize or use as a guideline. Furthermore, i was wondering what are the most common program and issue specific policies organizations employ. Thanks!
Find more posts tagged with
Comments
JDMurray
You should use the security policies previously created by your business as a template. Contact your policy review board to learn the process. Security policies are reviewed by an organization's legal team, so you might be dealing with your company's lawyers directly.
yrcissp
Great idea, the only problem, there isn't one previously created
JDMurray
Check with your org's lawyers. They are the ones that make the final decisions, so go to them first. They should already know what they want in the form, fit, and functions of policy documents.
Security policies are usually created as one way an organization seeks to limit its legal liabilities. First, you must have a buy-in from the executives of the organization for the need to create and enforce security policies. Therefore, the creation of security policies starts at the very top of an organization and not at the bottom. Once you have executive approval to create the processes necessary to maintain security policies, start looking into the details of what to put on paper. The lawyers will have a strong opinion there too.
Darril
SANS has several templates as part of their SANS Security Policy Template that you can access here as downloadable PDF and Word docs:
SANS: Information Security Policy Templates
HTH,
Darril Gibson
Security Blog
yrcissp
Darril, perfect, thanks, that's exactly what i was looking for, more or less practical application
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
