This page contains information on IT Security Policies and related documentation that can be used as a guide in the construction and implementation of a policy for an organization.

• A primer on writing information security policies.

• An excellent resource for building a solid information security policy and program is maintained by the US Federal Financial Institutions Examination Council (FFIEC). The audience of the the manual is federally regulated financial institutions.
  • FFIEC IT Security Booklet
• The NIST maintains a collection of excellent IT security publications, covering nearly every aspect of the field. Of particular note are:
  • NIST Introduction to computer security
  • Generally Accepted Principles and Practices for Securing Information Technology Systems
  • Guide for Developing Security Plans for Federal Information Systems
  • Engineering Principles for Information Technology Security (A Baseline for Achieving Security)
• SANS maintains a collection of editable IT security policies, covering the many aspects of IT security

If you know of a publicly accessible policy that should be included in this list, please leave a comment below.