Template
Security Tools, Templates, Policies
Sample policies with expert commentary; templates and checklists for security, business continuity, risk assessment and more.
CSO — CSOonline's Security Tools, Templates & Policies page provides sample documents contributed by the security community. Feel free to use or adapt them for your own organization.*
Want to provide a policy or checklist? Contributions are welcome, as is expert commentary on any of the articles here. We will add materials on an ongoing basis. Send your thoughts to Senior Editor Joan Goodchild at jgoodchild@cxo.com.
*Though not for re-publication or for-profit use.
Sample Policies - Computers and Internet
Computer and E-Mail Acceptable Use Policy
Manufacturing company, <50 employees
Internet Acceptable Use Policy
Manufacturing company, <50 employees
Password Protection Policy
Large financial services company, more than 5,000 employees
Sample Policies - Physical Security and Emergency Management
A 10-Question Guide for Pandemic Planning
Clean Desk Policy
Service company, 2000 employees
Cell Phone Use While Driving Policy
Company has many employees who travel frequently
Workplace Violence Prevention Policy
Detailed policy of mid-sized company. Includes harassment, stalking, domestic violence concerns
Concealed Weapon Policy
Hospital, 10,000 employees. Makes allowance for security personnel.
Bomb threat procedures
Includes good checklist of questions to ask caller.
Sample Policies - Privacy
Personnel Access/Changes Policy
Large, private university
Other Security Tools and Worksheets
Sample Business Impact Analysis Form
How to do a disaster recovery business impact analysis. From Kelley Okolita's book "Building an Enterprise-Wide Business Continuity Program"
Sample Employee Termination Checklist
An employee termination checklist from security expert Tim Giles' book "How to Develop and Implement a Security Master Plan"
Comparison of two actual data breach disclosure letters
Links to actual letters; includes expert commentary
Sample diagnostic questions for finding information security weaknesses
Book excerpt
Risk assessment questions for loading docks in multitenant buildings
Risk assessment questions for call centers
Risk assessment tool for use of USB drives
Three sample scenarios for tabletop exercises
Covering digital and physical business interruptions and threats
Read more about data protection in CSOonline's Data Protection section.
security policies
Log Management in a Cyber World
With so many potential cyber villains poking around the gates, enterprises must have strong protections and pristine visibility into what's happening on the network. Explore the increasing importance of log management as cybercrime and other malicious threats grow.
Comparing Research in Motion and Microsoft Mobile Solutions
Organizations must look carefully at the requirements of mobile devices and accompanying middleware that can increase cost, complexity and administrative overhead. This white paper provides an independent analysis and detailed comparison of RIM and Microsoft's mobile solution.
- Continuous PCI Compliance and Security with Tripwire Solutions
- The Pursuit of a Standardized Solution for Secure Enterprise RBAC
- Building a Secure and Compliant Windows Desktop
- Root Access Risk Control for the Enterprise
- Demystifying IT Risk to Achieve Greater Security & Compliance
- Cyber Crime: A Clear and Present Danger
Stay current with insightful news and analysis on information security, business continuity, identity and access management, loss prevention and more with CSO newsletters!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
