CSO — CSOonline's Security Tools, Templates & Policies page provides sample documents contributed by the security community. Feel free to use or adapt them for your own organization.*
Want to provide a policy or checklist? Contributions are welcome, as is expert commentary on any of the articles here. We will add materials on an ongoing basis. Send your thoughts to Senior Editor Joan Goodchild at jgoodchild@cxo.com.
*Though not for re-publication or for-profit use.
Sample Policies - Computers and Internet
Computer and E-Mail Acceptable Use Policy
Manufacturing company, <50 employees
Internet Acceptable Use Policy
Manufacturing company, <50 employees
Password Protection Policy
Large financial services company, more than 5,000 employees
Sample Social Media and Blogging Policies From Other Sites
Links to examples of the social media, internet posting and blogging policies of several large companies
Also see How to Write an Information Security Policy
Sample Policies - Physical Security and Emergency Management
A 10-Question Guide for Pandemic Planning
Clean Desk Policy
Service company, 2000 employees
Cell Phone Use While Driving Policy
Company has many employees who travel frequently
Workplace Violence Prevention Policy
Detailed policy of mid-sized company. Includes harassment, stalking, domestic violence concerns
Concealed Weapon Policy
Hospital, 10,000 employees. Makes allowance for security personnel.
Bomb threat procedures
Includes good checklist of questions to ask caller.
Sample Policies - Privacy
Personnel Access/Changes Policy
Large, private university
Other Security Tools and Worksheets
Several sample policies used by institutions of higher education from Educause. Examples policies include student privacy, digital assets, campus video surveiilance and social media use.
Sample Business Impact Analysis Form
How to do a disaster recovery business impact analysis. From Kelley Okolita's book "Building an Enterprise-Wide Business Continuity Program"
Sample Report Form for Shopping/Retail Investigation
A report form to capture retail transactions during field tests for employee/clerk honesty and customer service
Sample Employee Termination Checklist
An employee termination checklist from security expert Tim Giles' book "How to Develop and Implement a Security Master Plan"
Sample organizational charts for an Enterprise Risk Management function
[Requires free Insider registration]
Comparison of two actual data breach disclosure letters
Links to actual letters; includes expert commentary
Sample diagnostic questions for finding information security weaknesses
Book excerpt
Risk assessment questions for loading docks in multitenant buildings
Risk assessment questions for call centers
Risk assessment tool for use of USB drives
Three sample scenarios for tabletop exercises
Covering digital and physical business interruptions and threats
CSO dashboard for security and business continuity alerts
The CSO Daily Dashboard provides at-a-glance updates from across the Web. See alerts pertaining to IT vulnerabilities, disruptive weather, travel hazards, legal developments and more.
Updated security lists and directories on CSOonline.com
The security research and survey data directory NEW
Need numbers? Empirical data to support (or refute) a point? Here's a list with links to numerous security surveys across the industry.
The security laws, regulations and guidelines directory NEW
Summaries and links to full text of various North American and European security regs and requirements.
The security certification directory
Certifications in information and network security, fraud, physical security, business continuity, and more.
The security recruiter directory
Looking to fill a position on your staff, or find a new job yourself? This directory offers contact information and basic descriptions for security recruiters in the US and Europe.
Security jobs board
Post or find security jobs at no cost.
Read more about data protection in CSOonline's Data Protection section.
Other stories by Joan Goodchild
The challenge of true data protection spans databases, internal and external networks, physical and offsite storage, business partners and more. These resources offer expert perspective from the basics through specific key elements of data protection strategies.
Network security basics
Protection, detection, and reaction—those are the three underlying principles your security program must embody
Computer incident detection, response, forensics
Richard Bejtlich shows how to measure and improve the maturity of your incident response
A few good IT security metrics
Stop counting blocked malware attachments and measure things that can contribute to meaningful change
5 key cloud security trends
Cloud security is evolving rapidly—stay on top of it
Database security: At rest, not at risk
IT risk assessment frameworks
How to do end-to-end encryption
Also find sample data protection policies in CSO's tools, templates and policies library
- Forrester Research and EMC on Continuous Availability
- Big Ideas; Big Tech-Continuous Availability for VMware
- HIPAA Hiccup Solved
- Enterprise File Sharing: All You Need to Know
- Reduce Costs, Maximize Performance and Ensure High Availability of your Business Critical Applications
- Software Asset Management - Program Considerations to Help Reduce Risk and Lower Costs
- Mandiant's APT1: Revisited
The Mandiant APT1 report made our industry stronger by encouraging -- if not forcing -- information sharing. By Nick Selby - Attacks from China: A survival guide
- #FFSec: Infosec pros who bring value to Twitter
More Salted Hash with Bill Brenner
