Free Policies and Guideline templates

The awesome folks at SANS offer free policy templates to use and modify to your own needs. There’s no excuse for not having policies; remember to include your legal representative and get their input.

https://www.sans.org/security-resources/policies/

Some excellent starting policies to look at:

• Acceptable Use Policy

• Disaster Recovery Plan Policy

• Password Policy

The Canadian government also offers excellent best-practices and guidelines.

https://www.cse-cst.gc.ca/en/publication/list

Some quality ones to look at first:

• Top 10 IT Security Actions To Protect Internet-Connected Networks

• Application Whitelisting Explained

Application Whitelisting is how high security organizations operate. We will see more and more organizations take this on because of the gigantic benefits; including but not limited to, preventing malware from executing, preventing unlicensed and/or unapproved software.