Sample InfoSec Policy – Computer And Communications Facility Location


Written by Phil on November 11, 2010 in InfoSecurity, Standards.

This is a sample policy from Information Security Policies Made Easy, by Charles Cresson Wood.

Policy: Multi-user computers and communications facilities must be located above the first floor in buildings, away from kitchens, away from bathrooms, in a location separated from the building’s exterior wall by an additional internal wall, as well as in a room without windows.

Commentary: This policy provides guidance for those responsible for the location of a multi-user computer facility within a building. Many of the managers responsible for locating computer centers do not consider these matters, and problems are encountered after the installation is complete. At least the awareness of these problems will help management install other controls that would reduce or eliminate losses, even if the location of a computer center did not change. Among other things, this policy is intended to prevent serious damage from a bomb or other environmental disaster that may damage the exterior wall of the building. The policy is additionally intended to prevent those with high-power telescopes from looking in a window and seeing sensitive information.

======================================

(One of over 1,400 sample policies and commentary from Information Security Policies Made Easy, by Charles Cresson Wood, available from Rothstein Associates Inc.).

We are now shipping the 11th Edition – $795.00!

Information Security Policies Made Easy Version 11 is your definitive resource for a comprehensive information security policies for your enterprise.

Information Security Policies Made Easy Version 11 is the “gold standard” information security policy resource based on the 25 year consulting experience of Charles Cresson Wood, CISSP, CISA. The most complete security policy library available, ISPME contains over 1400 pre-written information security policies covering over 200 security topics and organized in ISO 17799 format. Take the work out of creating, writing, and implementing security policies for only $795.00!

Information Security Policies Made Easy Version 11 has everything you need to save time and money building or updating written security policies, including:

1. A complete information security policy library with over 1360 individual pre-written security policies including:

  • Coverage of the latest technical, legal and regulatory issues
  • ISO 17799 outline format, allowing for easy gap-analysis against existing standards and security frameworks
  • Expert commentary discussing the risks mitigated by each policy
  • Target audience (management, technical, or user) and security environment (low, medium, high) for each policy
  • Policy coverage maps for Sarbanes-Oxley (COBIT) and HIPAA security

2. Eighteen complete pre-written security policy documents that every company should have, updated and ready to use “as is” or with easy customization, including:

  • User-targeted policies such as: Electronic Mail Policy, Internet Security Policy for End Users and Web Privacy Policy
  • Organization-wide policies such as: High-Level Security Policy, Privacy policy, Information Ownership Policy
  • Technology-based policies such as: Firewall Policy, Data Classification Policy and Network Security Policy
  • Sample risk acceptance memo for the approval of out of compliance situations, a sample non-disclosure agreement, and a user policy acceptance agreement.

3. Expert advice on the security policy development and review process, including:

  • A step-by-step checklist of security policy development tasks to quickly start a policy development project
  • Helpful tips and tricks for getting management buy-in for information security policies and education
  • Tips and techniques for raising security policy awareness
  • Real-world examples of problems caused by missing or poor information security policies
  • Policy development resources such as Information Security Periodicals, professional associations and related security organizations

4. All content included on an easy-to-use CD-ROM with an indexed and searchable HTML interface for easy location, featuring:

  • Policies available in HTML, PDF, MS-Word format
  • Easy cut-and-paste into existing corporate documents
  • Extensive cross-references between policies that help the user quickly understand alternative solutions and complimentary controls

Information Security Policies Made Easy Version 11 covers virtually every aspect of corporate information security including:

  • Privacy issues
  • Identity Theft
  • Web pages
  • Firewalls
  • Employee surveillance
  • Electronic commerce
  • Digital signatures
  • Computer viruses
  • Encryption
  • Contingency planning
  • Logging controls
  • Internet
  • Intranets
  • Corporate Governance
  • Outsourcing security functions
  • Computer emergency response teams
  • Microcomputers
  • Local area networks
  • Voice Over IP
  • Password selection
  • Electronic mail
  • SPAM Prevention
  • Data Classification
  • Telecommuting
  • Telephone systems
  • Portable computers
  • User security training
  • Information Security Related Terrorism

=====================================================================

What’s new in ISPME V11?

Information Security Policies Made Easy, Version 11 contains these updates:

  • Security Policy Library Update for ISO 17799:2005 (27002)
    • The ISPME Version 11 security policy library has been updated to reflect the latest ISO 17799:2005 (ISO 27002) information security standard, making it easier for organizations to become ISO 27001 certified. ISPME is the most complete library of security policies available covering over 200 different information security topics.
  • New and Updated “Ready-to-Go” Sample Documents
    • Version 11 now contains 18 complete, pre-written sample policy documents in MS-Word format including:
  • New Best Practices Policy Template
  • New Pre-written Sample Wireless Security Policy
  • New Pre-written Sample Incident Response policy
  • Updated internet and email acceptable use policy documents
  • New Compliance Tools
  • The updated Master Policy List allows easy gap-analysis for your existing policies. A newly-added Best Practices Policy Template enables your organization to easily reference existing policies to compliance frameworks such as HIPAA, COBIT or PCI-DSS.
  • 100 New Information Security Policies
  • Version 11 contains over 100 additional pre-written information security policies with expert commentary covering the latest security threats and technologies, including:
  • Google “hacking”
  • Corporate governance
  • Electronic evidence
  • Instant messaging
  • Blogging
  • USB storage
  • Mobile device security
  • Logging
  • Email security including phishing
  • Policy review and exception process
  • Risk reporting and governance
  • Security Department coordination
  • Outsourcing
  • Use of cryptographic libraries
  • FAX and office machine security
  • Third-Party Software Development
  • And much more!

Tags: , , , ,