Are these "Policies" , "Standards" or "Guidelines"?
The answer is "It depends". New Concepts in IT, LLC can help guide your company in the reasonable and proper application and use of these policies. What is right for one company is not necessarily right for another company.
Acceptable Use Policies
There are many types of Information Security Policies that all businesses should consider implementing to help protect their
business and intellectual property. All information security should start with a policy that is developed and accepted by the C-level
management of the company and in our opinion is adhered to by all employees including the C-level staff. That being said, the
policies should allow for the business needs of individual needs and groups. An example: the Marketing staff may need to access
access Facebook, Twitter and other forms of social media while there is no reason to all access to all employees in the company.
Some examples of Information Security Policies: (items in blue are the most commonly implemented)
General Security Policies:
Encryption Policy
Acceptable Use Policy
Clean Desk Policy
Disaster Recovery Plan Policy
Digital Signature Acceptance Policy
Email Policy
Ethics Policy
Pandemic Response Planning Policy
Password Construction Guidelines
Password Protection Policy
Security Response Plan Policy
End User Encryption Key Protection Policy
Network Security Policies:
Acquisition Assessment Policy
Bluetooth Baseline Requirements Policy
Remote Access Policy
Remote Access Tools Policy
Router and Switch Security Policy
Wireless Communication Policy
Wireless Communication Standards
Server Security Policies:
Database Credentials Policy
Technology Equipment Disposal Policy
Information Logging Standard
Lab Security Policy
Server Security Policy
Software Installation Policy
Workstation Security (For HIPAA) Policy
Application Security Policies: