Security Policies & Tools
If you require help developing your own policies and processes please contact us for a quotation and we would be glad to help you out with development of these documents.
Microsoft Windows Common Criteria - The award of Windows 2000 Common Criteria (CC) impacts everyone who uses, deploys, and manages Windows 2000 based infrastructures. Common Criteria provides a certain level of quality assurance by allowing customers to apply a consistent, stringent, and independently verified set of evaluation requirements. It also provides customers with detailed information on enabling higher security in their actual implementation and deployment of Windows 2000. Windows 2000 CC empowers customers to make informed security decisions in several ways.
NIST (sp800-55) - This document provides guidance on how an organization, through the use of metrics, identifies the adequacy of in-place security controls, policies, and procedures. It provides an approach to help management decide where to invest in additional security protection resources or identify and evaluate nonproductive controls. It explains the metric development and implementation process and how it can also be used to adequately justify security control investments. The results of an effective metric program can provide useful data for directing the allocation of information security resources and should simplify the preparation of performance-related reports.
Acceptable Use Policy - Here is a sample Acceptable Usage Policy to get things started
http://www.ietf.org/rfc/rfc2196.txt?Number=2196 - The Site Security Policies Procedure Handbook.
Why Security Policies Fail - A white paper (PDF)
Some General Websites With Information Security Policies.
http://www.security.kirion.net/securitypolicy/
http://www.network-and-it-security-policies.com/
http://www.brown.edu/Research/Unix_Admin/cuisp/
http://iatservices.missouri.edu/security/
http://www.utoronto.ca/security/policies.html
http://irm.cit.nih.gov/security/sec_policy.html
http://w3.arizona.edu/~security/pandp.htm
http://secinf.net/ipolicye.html
http://ist-socrates.berkeley.edu:2002/pols.html
http://www.ruskwig.com/security_policies.htm
http://razor.bindview.com/publish/presentations/InfoCarePart2.html