Information Security Policy Examples

General Information Security Policies

• EDUCAUSE Security Policies Resource Page (General)

• Computing Policies at James Madison University

• IT Policies at University of Iowa

• University of California at Los Angeles (UCLA) Electronic Information Security Policy

• University of Notre Dame Information Security Policy

• University of Iowa Information Security Framework

• Carnegie Mellon Information Security Policy

• Stanford University Computer and Network Usage Policy

Privacy Policies

• EDUCAUSE Campus Privacy Policies Resource Page

• University of California Office of the President Privacy Policies and References

• University of Texas Health Science Center at San Antonio Information Resources Privacy Policy

• University of Minnesota Online Privacy Policy

• Stanford Privacy and Access to Electronic Information

Acceptable Use Policies

• University of Texas Health Science Center at San Antonio Acceptable Use Policy

• University of Minnesota Acceptable Use of information Technology Resources Policy

• Purdue University Acceptable Use of IT Resources and Information Assets Policy

• University of North Carolina at Greensboro Acceptable Use of Computing and Electronic Resources Policy

Data Classification and Governance

• EDUCAUSE Campus Data Classification Policies

• Carnegie Mellon Guidelines for Data Protection

• University of Texas at Austin Data Classification Standard

• University of Texas Health Science Center at San Antonio Data Classification Policy

• Carnegie Mellon Guidelines for Data Classification

• Stanford Risk Classifications

• Purdue University Data Classification and Handling Procedures

SSNs

• University of Iowa SSN Policy

• Purdue University Social Security Number Policy

• Northwestern University Secure Handling of Social Security Numbers Policy

Encryption

• University of Texas at Austin Data Encryption Guidelines

• Northwestern University Data Encryption Policy

• UCLA Protection of Electronically Stored Personal Information Policy

Disposal of Computers, Hard Drives

• EDUCAUSE Guidelines for Data Media Sanitization and Disposal

• NIST SP 800-88 Rev. 1 Guidelines for Media Sanitization

• University of Texas Health Science Center at San Antonio Storage Media Control Policy

• Northwestern University Disposal of Computers Policy

• Carnegie Mellon Guidelines for Data Sanitization and Disposal

Identity and Access Management Policies

• Purdue University Authentication, Authorization, and Access Controls Policy

• Stanford University Identification and Authentication Policy

• University of South Carolina Data Access Policy

• Virginia Tech Administrative Data Management and Access Policy

• University of Texas Health Science Center at San Antonio Administrative and Special Access Policy

• Carnegie Mellon Guidelines for Appropriate Use of Administrator Access

Passwords

• University of Texas Health Science Center at San Antonio Access Control and Password Management Policy

• Carnegie Mellon Guidelines for Password Management

• University of Iowa Enterprise Password Standard

Physical Access

• University of Texas at Austin University Identification Card Guidelines

• University of Texas Health Science Center at San Antonio Physical Security for Electronic Information Resources

• Cornell University Responsible Use of Video Surveillance Systems

• Virginia Tech Safety and Security Camera Acceptable Use Policy

Incident Management and Response

• Carnegie Mellon University Security Incident Response Plan

• UCLA Notification of Breaches of Computerized Personal Information Policy

• University of California System Incident Response Standard

• University of Cincinnati Incident Response Procedure and Guidelines

• University of Minnesota Data Security Breach Policy

• University of New Hampshire Incident Response Plan

• University of Northern Iowa Information Security Incident Response Policy

• University of Texas Health Science Center at San Antonio Information Security Incident Reporting Policy

• Virginia Tech Incident Response Guidelines and Policies

• NIST SP 800-61 REv. 2 Computer Security Incident Handling Guide

Backup and Data Recovery

• University of Texas Health Science Center at San Antonio Data Backup Policy and Guideline

• University of Iowa Institutional Data Policy

• University of Michigan Disaster Recovery Planning and Data Backup for Information Systems and Services

• University of Utah Data Backup and Recovery Policy

Email and Instant Messaging

• EDUCAUSE Email Policies

• University of Texas Health Science Center at San Antonio Electronic Mail Use and Retention Policy

• Purdue University Electronic Mail Policy

• University of Texas at Austin University Electronic Mail Student Notification Policy (Use of E-mail for Official Correspondence to Students)

• Carnegie Mellon Instant Messaging Security and Use Guidelines

Social Media

• Stanford University Chat Rooms and Other Forums Policy

• Drexel University Social Media Policy

• Ball State University Social Media Policy

• University of California Santa Barbara Social Networking Guidelines for Administrators

• University of Florida Social Media Policy

• State University of New York Social Media Policy

Cloud Computing

• University of California Cloud Services

• Purdue University Cloud Computing Consumer Guidelines

• University of Texas Health Science Center at San Antonio Third-Party Management of Information Resources Policy

Technology Procurement

• Northwestern University Policy for Information Technology Acquisition, Development and Deployment

Mobile Device Policies

• EDUCAUSE BYOD Policies

• University of Texas Health Science Center at San Antonio Portable Computing Policy

• University of Texas at Austin Handheld Hardening Checklists

• University of Oregon Mobile Device Security and Use Policies

Minimum Security Requirements Network Devices

• UCLA Minimum Security Standards for Network Devices Policy

• University of Texas Health Science Center at San Antonio Computer Network Security Configuration Policy

• University of Texas at Austin Minimum Security Standards for Systems

• University of Texas Health Science Center at San Antonio Administration of Security on Server Computers Policy

• University of Texas at Arlington Server Management Policy

• Northwestern University Server Certificate Policy

• University of Texas Health Science Center at San Antonio Administration of Security on Workstation Computers Policy

Networking Policies

• UNC-G: Wireless Networking

• Appalachian State University: Open Servers VLAN Policy

• University of Texas Health Science Center at San Antonio Network Access Policy

• University of California at Berkeley Guidelines and Procedures for Blocking Network Access

Firewall Maintenance

• Northwestern University Firewall Policy

VPN Usage

• Northwestern University Usage of the NU SSL VPN Policy

Web Application Security Policies

• University of Texas Health Science Center at San Antonio Web Application Security Policy

• Carnegie Mellon Web Server Security Guidelines

SQL Databases and Proxy Servers

• Carnegie Mellon Proxy Server Guidelines

Application Service Provider

• University of Texas at Austin Minimum Security Standards for Application Development and Administration

Research Application Hosting

• Carnegie Mellon Procedures for Requesting Access to Network Data for Research

File Sharing

• University of Texas Health Science Center at San Antonio Peer-To-Peer Access Policy

Risk Management

• Appalachian State University Information Security Risk Management Standard

• University of California Office of the President Risk Assessment Toolbox

• University of Minnesota Information Security Risk Management Policy

• University of Virginia Information Security Risk Management Standard

• University of Wisconsin-Madison Risk Management Framework

• UT Health Science Center at San Antonio Electronic Information Security Risk Management Policy

Security Monitoring

• University of Texas at Austin Network Monitoring Guidelines

• University of Texas Health Science Center at San Antonio Security Monitoring Policy

Security Training

• UT Health Science Center at San Antonio Information Security Training and Awareness Policy

DNS Policies

• Carnegie Mellon Recursive DNS Server Operations Guideline

• Registration and Use of UCLA Domain Names Policy

Copyright

• EDUCAUSE Campus Copyright and Intellectual Property Policies

• Carnegie Mellon University Copyright Policies

PCI

• University of Texas at Austin Minimum Security Standards for Merchant Payment Card Processing

• Stanford University Credit Card Acceptance and Processing Policy

Software Licensing

• EDUCAUSE Campus Licensing Policies

• University of Texas Health Science Center at San Antonio Software Policy

Top of page

Questions or comments? Contact us.

Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).

ParentTopics:

Security Management Security Policies Compliance Cybersecurity Policy Policy and Law