This page contains information on IT Security Policies and related documentation that can be used as a guide in the construction and implementation of a policy for an organization.
- An excellent resource for building a solid information security policy and program is maintained by the US Federal Financial Institutions Examination Council (FFIEC). The audience of the the manual is federally regulated financial institutions.
- The NIST maintains a collection of excellent IT security publications, covering nearly every aspect of the field. Of particular note are:
- SANS maintains a collection of editable IT security policies, covering the many aspects of IT security
If you know of a publicly accessible policy that should be included in this list, please leave a comment below.