Here is a quick list of policies we use out there in the real world. Use it as a checklist to see if any apply to you. (Yes, you should feel a little overwhelmed from this list.) Our friends at SANSprovided the list, culled from their extensive list of policies and more importantly, policy templates for your use.
- Acceptable Encryption Policy
- Acceptable Use Policy
- Analog/ISDN Line Policy
- Anti-Virus Process
- Application Service Provider Policy
- Application Service Provider Standards
- Acquisition Assessment Policy
- Audit Vulnerability Scanning Policy
- Automatically Forwarded Email Policy
- Bluetooth Device Security Policy
- Database Credentials Coding Policy
- Dial-in Access Policy
- DMZ Lab Security Policy
- E-mail Policy
- E-mail Retention
- Ethics Policy
- Extranet Policy
- Information Sensitivity Policy
- Information System Audit Logging Requirements
- Internal Lab Security Policy
- Internet DMZ Equipment Policy
- Lab Anti-Virus Policy
- Password Protection Policy
- Personal Communication Device
- Remote Access Policy
- Removable Media Policy
- Remote Access - Mobile Computing and Storage Devices
- Risk Assessment Policy
- Router Security Policy
- Server Security Policy
When we go into a customers' network, management usually will ask us to recommend some basic policies that should be in place. Those basic policies usually recommended are:
- Acceptable Use Policy (AUP)
- Logging Policy
- Remote Access Policy
- Password Protection Policy
- Domain Controller/Domain Security Policy
- Switch Security Policy
- Router Security Policy
- Firewall Security Policy
- Security Monitoring Policy
