Apr 08 2019

Information Security Policy Templates

Category: Security policyDISC @ 9:04 pm

SANS offers 27 free #cybersecurity policy templates to help your organization develop and implement #infosec policies.

Free information security policy templates courtesy of the SANS Institute, Michele D. Guel, and other information security leaders.

Source: SANS Information Security Policy Templates

Enter your email address:

Delivered by FeedBurner

Tags: InfoSec Policies, InfoSec Policy

Mar 02 2012

What makes a good Information Security Policy?

Category: Security policyDISC @ 12:50 pm

Good policies should have five distinct attributes to become a successful and reasonably accepatable organization wide.

Specific: A policy must address a specific issue or objective clearly and thoroughly.

Measureable: To be effective, policy must have some condition of measuring adherence to the control. If people are not adhereing to policy then we may need better controls or perhaps better training program.

Achievable: To follow the policy, employee must have enough resources, tools and training to make policy objectives achieveable

Realistic: How realisticcally can we expect the policy will be followed and employee will be able to achieve his/her business objectives without any issues. This is where there is a need to balance security and availability. The question we need to ask how much should we Lock it Down or Free it Up?

Time Based: Specify when policy takes effect, when review will occurs and when conformance become required

To remember these five attributes here is an acronym “SMART”

Writing Information Security Policies