[Project Name] Security Policy

 

     [Document Version Number]                                                                               Project Team:

     [Date]                                                                                                                    [Name] [Role]

                                                                                                                                    [Name] [Role]

     Document Author(s):                                                                                            [Name] [Role]

      [Name]                                                                                                                  [Name] [Role]

                                                                                                                                    [Name] [Role]

     Project Sponsor:                                                                                       

      [Name]                                                                                                                                                       

 

 

I. Introduction

This document is intended to help create the parts of a security policy that will be required as a result of the new project deliverable.  According to the new system requirements, it will establish an associated plan of how both internal and external users interact with the new system, how the computer architecture topology will be implemented, and where computer assets will be located. Addresses security goals, risks, levels of authority, procedures for addressing security breaches, and other details impacting system security.

 

 

II. Security Policies

A security policy consists of many specific policies.  The following are some examples that might be required for the project (note that this is just an example list):

 

·        Identification and Authentication Policy

·        Encryption Policy

·        Awareness and Education Policy

·        Password Policy

·        Remote Access Policy

·        Database Access Policy

·        Appropriate Use Policy

 

Each policy will be structured similar to the following:

 

A.     Statement of Purpose

Provide a brief statement that explains why the policy is necessary.

B.      Scope

Provide a description of the policy’s applicability.

C.     Glossary

List any definitions or explanations that will assist the reader in fully understanding the policy.

D.     Policy

The actual policy statement that explains the rules the policy will implement and various roles and responsibilities.

 

 

III. Related Documents

List related information (and provide links) that will assist a reader in understanding any relevant background information that is useful for this project. 

 

 

IV. Document Revision History

This section includes a list of significant changes that have been made to this document after 1.0 version has been submitted for assessment. The revision history should contain a dated list of revisions to the document consisting of: the date of each change, the person responsible for the change, and a description of the change. You should be able to trace changes to the individual who completed the modification.  Changes are to be listed in reverse chronological order, recording the following information for changes:

 

Version

File version number.

Name(s)

Name of individual(s) responsible for the change.

Date

Date of change.

Change Description

Description of the changes made to the file.