Two of the most commonly used resources for defining a security policy are ISO 17799/BS 7799, "Code of Practice for Information Security Management," and RFC 2196, "The Site Security Handbook."
Note ISO 17799 is an International Organization for Standardization document that is based on the British Standards 7799 document.
ISO 17799, available for purchase at https://www.bspsl.com/secure/iso17799 software/cvm.cfm, provides detailed information and recommendations for developing enforceable security policies. Several Web sites provide security policy samples based on the intent and recommendations of ISO 17799.
RFC 2196, "Site Security Handbook," available at www.ietf.org/rfc/rfc2196.txt, is another guide for developing security policies. Although directed more toward computer security policies, the RFC describes several types of resources that should be covered in an overall security policy, as well as recommendations for securing those resources.
Was this article helpful?