Awareness

Security Tools, Templates, Policies

industrialtools
Credit: Thinkstock

CSOonline's Security Tools, Templates & Policies page provides sample documents contributed by the security community. Feel free to use or adapt them for your own organization.*

Want to provide a policy or checklist? Contributions are welcome, as is expert commentary on any of the articles here. We will add materials on an ongoing basis. Send your thoughts to Senior Editor Joan Goodchild at jgoodchild@cxo.com.

*Though not for re-publication or for-profit use.

Sample Policies - Computers and Internet

Computer and E-Mail Acceptable Use Policy

Manufacturing company, <50 employees

Internet Acceptable Use Policy

Manufacturing company, <50 employees

Password Protection Policy

Large financial services company, more than 5,000 employees

Sample Social Media and Blogging Policies From Other Sites

Links to examples of the social media, internet posting and blogging policies of several large companies

Also see How to Write an Information Security Policy

Sample Policies - Physical Security and Emergency Management

A 10-Question Guide for Pandemic Planning

Clean Desk Policy

Service company, 2000 employees

Cell Phone Use While Driving Policy

Company has many employees who travel frequently

Workplace Violence Prevention Policy

Detailed policy of mid-sized company. Includes harassment, stalking, domestic violence concerns

Concealed Weapon Policy

Hospital, 10,000 employees. Makes allowance for security personnel.

Bomb threat procedures

Includes good checklist of questions to ask caller.

Sample Policies - Privacy

Personnel Access/Changes Policy

Large, private university

Other Security Tools and Worksheets

Several sample policies used by institutions of higher education from Educause. Examples policies include student privacy, digital assets, campus video surveiilance and social media use.

Sample Business Impact Analysis Form

How to do a disaster recovery business impact analysis. From Kelley Okolita's book "Building an Enterprise-Wide Business Continuity Program"

Sample Report Form for Shopping/Retail Investigation

A report form to capture retail transactions during field tests for employee/clerk honesty and customer service

Sample Employee Termination Checklist

An employee termination checklist from security expert Tim Giles' book "How to Develop and Implement a Security Master Plan"

Sample organizational charts for an Enterprise Risk Management function

[Requires free Insider registration]

Comparison of two actual data breach disclosure letters

Links to actual letters; includes expert commentary

Sample diagnostic questions for finding information security weaknesses

Book excerpt

Risk assessment questions for loading docks in multitenant buildings

Risk assessment questions for call centers

Risk assessment tool for use of USB drives

Three sample scenarios for tabletop exercises

Covering digital and physical business interruptions and threats

CSO dashboard for security and business continuity alerts

The CSO Daily Dashboard provides at-a-glance updates from across the Web. See alerts pertaining to IT vulnerabilities, disruptive weather, travel hazards, legal developments and more.

Updated security lists and directories on CSOonline.com

The security research and survey data directory NEW

Need numbers? Empirical data to support (or refute) a point? Here's a list with links to numerous security surveys across the industry.

The security laws, regulations and guidelines directory NEW

Summaries and links to full text of various North American and European security regs and requirements.

The security certification directory

Certifications in information and network security, fraud, physical security, business continuity, and more.

The security recruiter directory

Looking to fill a position on your staff, or find a new job yourself? This directory offers contact information and basic descriptions for security recruiters in the US and Europe.

Security jobs board

Post or find security jobs at no cost.

Join the discussion
Be the first to comment on this article. Our Commenting Policies