Information security policies are the foundation, the bottom line, of information security within an organization. Whereas risk analysis strives to ensure that security matches need, policies define the baseline - the minimum acceptable security level.

The following sites contain information and resources for the creation of comprehensive information security policies:

• Information Security Policies and Standards
  Major policy portal, including templates (chargable) and advice on deployment.
• Directory of Network Security Policies and IT Security Policies
  Popular directory of information security policy resources.
• RUsecure Information Security Policies
  The major site for the RUsecure information security policy suite.
• Electronic Privacy
  Major privacy portal by EPIC.
• Security Policies and Compliance
  Describes a formal methodology for managing the deployment and implementation of security policies.










Return To Main Page