Skip to content Skip to footer

Information Security Policies Made Easy – Version 14 NOW AVAILABLE


If you have a previous version of Information Security Policies Made Easy, see below for a special upgrade offer!

The new Version 14 of Information Security Policies Made Easy, written by security policy expert Charles Cresson Wood, includes over 1500 sample information security policies covering all ISO 27002 information security domains. Take the work out of writing security policies.


See below for a special upgrade discount!

Information Security Policies Made Easy has everything you need to build a robust security policy program, including:

Thirty-eight (38) essential sample information security policy documents:

  • Complete coverage of essential security topics including: Access Control Policy, Network Security Policy, Personnel Security, Information Classification, Physical Security, Acceptable Use of Assets, and many more.
  • All samples policies in our MS-Word Best Practices Policy Template. Customized in minutes!

Complete 1500+ information security policy statement library

  • 1500 individual pre-written security policies covering of the latest technical, legal and regulatory issues
  • ISO 17799:2005 (ISO 27002) outline format, allowing for easy gap-analysis against existing standards and security frameworks
  • Expert commentary discussing the risks mitigated by each policy
  • Target audience (management, technical, or user) and security environment (low, medium, high) for each policy
  • Policy coverage maps for PCI-DSS, NIST, ISO 27002, FFIEC and HIPAA-HiTECH security

Expert information security policy development advice and tools

  • A step-by-step checklist of security policy development tasks to quickly start a policy development project
  • Helpful tips and tricks for getting management buy-in for information security policies and education
  • Tips and techniques for raising security policy awareness
  • Real-world examples of problems caused by missing or poor information security policies
  • Essential policy compliance forms such as Risk acceptance memo, incident Reporting Form and Security Policy Compliance Agreement.

Comprehensive Information Security Policy Coverage

Information Security Policies Made Easy covers over 200 essential information security topics including:

  • Access Control
  • Acceptable Use
  • Application Development
  • Biometrics
  • Computer emergency response teams
  • Computer viruses
  • Contingency planning
  • Corporate Governance
  • Data Classification and Labeling
  • Data Destruction
  • Digital signatures
  • Economic Espionage
  • Electronic commerce
  • Electronic mail
  • Employee surveillance
  • Encryption
  • Firewalls
  • FAX communications
  • Incident Response
  • Identity Theft
  • Information Ownership
  • Information Security Related Terrorism
  • Internet
  • Local area networks
  • Intranets
  • Logging controls
  • Microcomputers
  • Mobile Devices
  • Network Security
  • Outsourcing security functions
  • Password Management
  • Personnel Screening and Security
  • Portable computers (PDA, Laptops)
  • Physical Security
  • Privacy issues
  • Security Roles and Responsibilities
  • Social Engineering (including “phishing”)
  • SPAM Prevention
  • Telecommuting
  • Telephone systems
  • Third Party Access
  • User security training
  • Web Site Security
  • Wireless Security
  • Voice Over IP (VOIP)
  • And many more!

What’s new in ISPME V14?

Information Security Policies Made Easy, Version 14 contains these updates:

Security Policy Library Update for the Common Policy Library (CPL)

Over 60 information security policies have been added to the Common Policy Library (CPL).  Areas of focus for this update include Privileged Account Management, Third Party Security and Data Privacy Governance for the General Data Protection Regulation (GDPR).

Updated Security Policy Mappings

Version 14 contains updated mappings between the ISPME policy documents and leading regulatory frameworks.   Among the updated mappings are NIST 800-53 Revision 5 and US Cyber Security Framework Version 1.1.   Mappings include:

  1. ISO 27002:2013
  2. NIST 800-53 Revision 5
  3. PCI-DSS 3.2
  4. US Cyber Security Framework V 1.1
  6. FFIEC (Financial Services)
  7. New York DFS

39 Updated “Ready-to-Go” Sample Security Policy Templates

Version 14 now contains 39 complete, pre-written sample security policy documents in MS-Word format. Twenty 20 new policy documents have been added including:

  1.  High-Level Information Security Policy
  2.  IT Risk Management Security Policy
  3.  Information Security Program Policy
  4.  Information Security Organization Policy
  5.  Audit and Compliance Assessment Policy
  6.  Asset Management Policy
  7.  Acceptable Use of Assets Policy
  8.  Acceptable Use of Social Networking Policy
  9.  Cloud Computing Security Policy
  10.  Mobile Computing Security Policy
  11.  Remote Working (Telecommuting) Security Policy
  12.  Personally Owned Devices (BYOD) Security Policy
  13.  Information Classification Policy
  14.  Information Exchange Policy
  15.  Information Storage and Retention Policy
  16.  Information and Media Disposal Policy
  17.  Third Party Security Management Policy
  18.  Personnel Security Management Policy
  19.  Security Awareness and Training Policy
  20.  Access Control Security Policy
  21.  Account and Privilege Management Policy
  22.  Remote Access Security Policy
  23.  Network Security Management Policy
  24.  Firewall Security Policy
  25.  Wireless Network Security Policy
  26.  Physical Access Security Policy *
  27.  Data Center Security Policy *
  28.  IT Operations Security Policy *
  29.  System Configuration Management Policy
  30.  Change Management Policy
  31.  Malicious Software Management Policy
  32.  Encryption and Key Management Policy
  33.  Application Development Security Policy
  34.  Security Incident Response Policy
  35.  Data Breach Response Policy
  36.  Backup and Recovery Policy
  37.  IT Business Continuity Policy
  38.  Log Management and Monitoring Policy
  39.  Customer Data Privacy Policy
  40.  Data Privacy Management Policy *

Additional New Compliance Documents

Version 14 has dramatically expanded additional documents to enable security policy governance and compliance management.   We have added a formal “Information Security Governance Framework” and supported templates with policies, standards and procedures.

00 Security Policy Development Project Plan

  1. Information Security Management Statement (External)
  2. Information Security Policy Compliance Agreement
  3. Policy Exception Procedure / Risk Acceptance Form * Updated
  4. Information Security Governance Framework * New
  5. Security Policy Template * Updated
  6. Security Standard Template * New
  7. Security Procedure Template * New
  8. Information Handling Standard * New
  9. Employment Termination Procedure * Updated
  10. Change Management Procedure * New
  11. Security Incident Response Procedure * New
  12. Security Incident Reporting Form
  13. Identity Token Responsibility Statement
  14. Two-Page Non-Disclosure Agreement
  15. Network Harmonization Standard * Updated
  16. Information Security Policy Glossary * Updated

60+ New Information Security Policies

Version 14 contains 60+ additional pre-written information security policy statements with expert commentary covering the latest security threats and technologies, including:

  • Audit Logging
  • BYOD (Bring Your Own Device)
  • Cloud Computing
  • Corporate governance
  • Data Breaches Response
  • Disposal of equipment
  • Email security including phishing
  • Instant messaging
  • Information Security Coordination
  • USB storage
  • Mobile device security
  • Personnel Security
  • Physical Security
  • Risk Management
  • Social Networking
  • Supply Chain Security
  • Security Department coordination
  • Remote Access and Teleworking
  • FAX and office machine security
  • Third-Party Software Development
  • Third-Party Service Management
  • Third-Party Information Disclosure
  • And much more!

Information Security Policies Made Easy, Version 14 is available for electronic download (sent by next business day). Each product contains a print-ready PDF, MS-Word templates and an organization-wide license to republish the materials. (No physical CD or book).

SEE ALSO: Information Security Roles and Responsibilities Made Easy (version 3): Includes time-saving tools and practical, step-by-step instructions on how to develop and document specific information security responsibilities for over 40 different key organizational roles.

Click HERE for special pricing for both products purchased together!


If you have a previous version of Information Security Policies Made Easy, you may be eligible for a 10% discount! This limited offer is only available until September 30, 2020.

To claim your discount:

  • Enter discount code ISPME14UP at checkout.
  • Email your proof of purchase for the previous version to [email protected].


Rothstein Publishing Logo

Stay in touch with Our Updates

We don’t spam!