Archive

SANS Policy Templates: Pandemic and Business Continuity Policy

The SANS Institute has published several information security policy templates describing best data security practices in template format. This largely means that you can ‘fill in the blanks’ when developing a security policy (although some modification will be in order for your specific circumstances). In this post we’ll look at the SANS template for a pandemic response and business continuity policy. As a pandemic is different from a disaster, so is the planning which goes into mitigating the effects of a pandemic different from normal disaster recovery planning. The primary difference is in terms of scope, but that does not mean that a…

Read more

SANS Policy Templates: Disaster Recovery

The SANS Institute has published several information security policy templates describing best data security practices in template format. This largely means that you can ‘fill in the blanks’ when developing a security policy (although some modification will be in order for your specific circumstances). In this post we’ll look at the SANS template for disaster recovery planning. Disaster recovery planning is like security policy in two important ways. Like security policy, the reason for developing, updating and reviewing a disaster recovery policy is not always obvious in terms of immediate benefit. That is to say, a manager can quantify precisely how and why…

Read more

SANS Policy Templates: Digital Signature Acceptance Policy

The SANS Institute has published several information security policy templates describing best data security practices in template format. This largely means that you can ‘fill in the blanks’ when developing a security policy (although some modification will be in order for your specific circumstances). In this post we’ll look at the SANS template for digital signature acceptance as part of email and network security. In this SANS policy template, purpose and scope are very important. External customers sign for products and services, and these signing mechanisms have a variety of rapidly changing requirements and standards. The SANS digital signature policy explicitly does not…

Read more

SANS Policy Templates: Clean Desk Policy

The SANS Institute has published several information security policy templates describing best data security practices in template format. This largely means that you can ‘fill in the blanks’ when developing a security policy (although some modification will be in order for your specific circumstances). In this post we’ll look at the SANS template for developing a clean desk policy as a part of overall network security. A clean desk policy largely revolves around keeping company information confidential. This may be, but is not limited to customer information. Certainly there are examples of both customer and non-customer information becoming public which would,…

Read more