Examples of security policy and guidelines you should consider:

    Governance and Risk Management

ISO 27002:2013 Section 6 Organization of Information Security

ISO 27005:2005 Risk Management

NIST SP 800-30 Risk Management Guide for Information Technology Systems

NIST SP 800-39 Managing Information Security Risk: Organization, Mission, and Information System View 

    Asset Management Policy

NIST SP 800-60 Guide for Mapping Types of Information and Information Systems to Security Categories

NIST SP 800-88 Guidelines for Media Sanitization

    Incident Management Policy 
NIST SP 880-61 Computer Security Incident Handling Guide

NIST SP 800-66 Guide to Integrating Forensic Techniques into Incident Response 

    Human Resources Policy

NIST SP 800-16 Information Technology Security Training Requirements: A Role- and Performance-Based Model

NIST SP 800-50 Building an Information Technology Security Awareness and Training Program 

    Physical and Environmental Security Policy

NIST SP 800-14 Generally Accepted Principles and Practices for Securing Information Technology Systems

NIST SP 800-88 Guidelines for Media Sanitization 

    Business Continuity Policy

NIST SP 880-34 Contingency Planning Guide for Information Technology Systems

NIST SP 800-84 Guide to Test, Training and Exercise Programs for Information Technology Plans and Capabilities 

    Communications and Operations Security Policy

NIST SP 800-40 Creating a Patch and Vulnerability Management Program

NIST SP 800-83 Guide to Malware Incident Prevention and Handling for Desktops and Laptops

NIST SP 800-45 Guidelines on Electronic Mail Security

NIST SP 800-92 Guide to Computer Security Log Management

NIST SP 800-42 Guideline on Network Security Testing 

    Information Systems Acquisition, Development and Maintenance

NIST SP 880-57 Recommendations for Key Management

NIST SP 800-64 Security Considerations in the System Development Lifecycle

NIST SP 800-111 Guide to Storage Encryption Technologies for End Users 

Additional security policies to consider for your organization:

Acceptable Encryption Policy
Acceptable Use Policy
Acquisition Assessment Policy
CJIS Workstation Security Policy
Clean Desk Policy
Media Communications Policy
Data Breach Policy
Database Credentials Policy
Digital Signature Acceptance Policy
Disaster Recover Plan Policy
Email Policy
Ethics Policy 
HIPAA Workstation Security Policy


Information Logging Standard
Password Construction Policy
Password Policy
Remote Access Policy
Router And Switch Security Policy
Server Security Policy
Social Media Policy
Software Installation Policy
Technology Equipment Disposal Policy
Testing Environment and Lab Security Policy
Web Application Security Policy
Wireless Communication Policy
Workstation Security Policy

TechFit LLC

Our partners play an important role in how we help our customers succeed, and each partnership is built with that singular focus in mind.