Info Security Policy

Info Security Policy Summary

As apart of my Information Security project, I created a template basis for generic Information Security Policies, audits, documents, risk assessments, and Security Awareness Training programs. I’ve outlined each below in section based on need. You can find similar information for free on several Security websites. Such as:

Policy Summary

Below are links to each section of the policy template I have written. Some areas may not be applicable to every organization, but some might. It gives each company and individual an idea of what areas they must cover.

  • Table of Contents
  • 1.0 Purpose
  • 2.0 Scope
  • 3.0 Policy
    • 3.1 Human Resources
      • 3.1.1 New Hire Process
      • 3.1.2 Exiting Employee Process
      • 3.2 Privacy and Confidentiality
      • 3.3 Physical and Environmental Security
        • 3.3.1 Facility & Access
        • 3.3.2 Co-Locations & Data Storage Facilities
        • 3.3.3 Security Monitoring Company
        • 3.3.4 Security Camera Monitoring
        • 3.3.5 Identification for Employees
        • 3.3.6 Identification for Non-Employees
        • 3.3.7 Personal Property
        • 3.3.8 Company Property
        • 3.3.9 Unauthorized Vehicles
        • 3.3.10 Emergency Evacuation
        • 3.3.11 Inventory
        • 3.3.12 Sensitive Document Disposal
        • 3.3.13 Storage Media Re-Use & Disposal
      • 3.4 Internet Usage and Web Access
      • 3.5 Email
      • 3.6 Security Software
  • 4.0 Definitions

© Kana Kennedy, Kennedy Info Sec, and Kennedyinfosec.com , 2011 – 2014. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Kana Kennedy and Kennedy Info Sec with appropriate and specific direction to the original content.