Solved

Security Policy for a small business

Posted on 2016-09-01
2
53 Views
Last Modified: 2016-09-01
I am looking for a security policy for a small business to use for their employees.
Are there any good templates to start from?
0
Comment
Question by:ie0
2 Comments
 
LVL 29

Accepted Solution

by:
Rich Weissler earned 500 total points
Comment Utility
"Security Policy" covers a lot of ground.  I can suggest looking over the SANS Security Policy template library though.
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
I suggest your policy follows the ISO 27001 headings such as these but it may be quite non-trivial to cover all quickly - esp if you intend to make it simpler at the first place (for small set)
http://www.27001-online.com/secpols.htm

Otherwise, go specific for a "scoped" policies in area of main concern. Here is one comprehensive coverage of samples and toolkit for the various IT & cyber security scope
https://www.dmoz.org/Computers/Security/Policy/Sample_Policies/

Additional supplementary alternatives include
-Clean desk policy
-Computer and e-mail acceptable use policy
-Internet acceptable use policy
-Password protection policy
-Social media and blogging policies
-Personnel access/changes policy
http://www.csoonline.com/article/3019126/security/security-policy-samples-templates-and-tools.html

If you wanted a more clean cut to have small win or glimpse to poll the stakeholders, you may check out the attached (though can be quite old). It give some sensing on coverage and simple straight to the point mandates
NHS-CFH_Corporate-InfoSec-Policy-Tem.doc
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now