Building Effective, Tailored Information Security Policy 20th NISSC Internet Technical Security Policy Panel http://csrc.nist.gov/nissc/1997/panels/isptg/pescatore/html/

Email Policy.com Learn how to create a company e-mail policy and enforce it using email security software. Also lists sample email policies, books and links. http://www.email-policy.com

Computer and Information Security Policy Formal IT security policy helps establish standards for IT resource protection by assigning program management responsibilities and providing basic rules, guidelines, and definitions for everyone in the organization. Policy thus helps prevent inconsistencies that can introduce risks, and policy serves as a basis for the enforcement of more detailed rules and procedures. http://secinf.net/info/policy/hk_polic.html

IT Security Cookbook An excellent guide to computer & network security with a strong focus on writing and implementing security policy. This is primarily for security managers and system administrators. http://www.boran.com/security/

Internet/Network Security Policy Development How to write an effective network security policy. This is Part 4 of a 5 part tutorial on Internet and network security. http://netsecurity.about.com/compute/netsecurity/library/weekly/aa080299.htm?iam=mt

Enhancing Enterprise Security This is a solid site with a good overview of all factors which should go into to the design of a security policy. http://www.3com.com/technology/tech_net/white_papers/503023.html

CERT Practice Modules: Securing Desktop Workstations Develop and promulgate an acceptable use policy for workstations. http://www.cert.org/security-improvement/practices/p034.html

Policy Over Policing InfoWorld article - It's easy to develop e-mail and Internet policies, but education and documentation are crucial to their success. http://archive.infoworld.com/cgi-bin/displayArchive.pl?/96/34/e01-34.55.htm

CERT Practice Modules: Improving Security Determine contractor ability to comply with your organization's security policy. http://www.cert.org/security-improvement/practices/p019.html

Make Your Web Site P3P Compliant How to create and publish your company's platform for privacy performance policy, a W3C initiative, in 6 steps. http://www.w3.org/P3P/details.html

Information Security Program Development Security standards are needed by organizations because of the amount of information, the value of the information, and ease with which the information can be manipulated or moved. http://www.blackmagic.com/ses/bruceg/progmgt.html

CERT Practice Modules: Responding to Intrusions Establish policies and procedures for responding to intrusions. http://www.cert.org/security-improvement/modules/m06.html

Structured Approach to Computer Security A security policy is a set of rules written in general terms stating what is permitted and what is not permitted in a system during normal operation. http://www.ce.chalmers.se/staff/ulfl/pubs/tr122to.pdf

World of Information Security Management This site contains information on BS 7799 (ISO/IEC 17799) including the official Register of BS 7799 Certificates, International BS 7799 User Group, papers on the application of BS 7799 produced by business around the world. http://www.xisec.com

Create Order with a Strong Policy A well-written, well-run security policy keeps cracks from appearing in your network's foundation. http://www.networkmagazine.com/article/NMG20000710S0015

Do you have an intrusion detection response plan? Discussion of what should go into the creation of an intrusion detection plan and the expected results. http://www.nwfusion.com/newsletters/sec/0913sec1.html

P3P Guiding Principles Principles behind the W3C Platform for Privacy Preferences initiative. http://www.w3.org/TR/NOTE-P3P10-principles

Windows 2000 Group Policy and Security The use of Group Policy to simplify the network security tasks that you face as a network administrator. With Group Policy, you can ensure that the machines on your network remain in a secure configuration after you deploy them. http://www.win2000mag.com/Articles/Index.cfm?ArticleID=9169

What's Your Policy? If your company doesn't have written security policies, it's time it did, and Mark Edwards has some resources to help. http://www.ntsecurity.net/Articles/Index.cfm?ArticleID=9764

Site Security Policy Development This paper outlines some issues that the writer of a Site Computer Security Policy may need to consider when formulating such a document. http://secinf.net/info/policy/AusCERT.html