To add to Jayson's list:
http://www.kaonsecurity.com/html_pages/policy_main.htm - Kaon SecurITy Ltd,
this is a good one to check out.
http://www.first.org/resources/guides/ - Forum of Incident Response & Security
Teams
http://www.bitpipe.com/detail/RES/1170864207_476.html - link to a 6 page doc:
Best Practices on Implementing an Effective Security Policy
http://searchsecurity.techtarget.com/topics/0,295493,sid14_tax300019,00.html -
Creating and Managing Information Security Policies - page of many links
http://csrc.nist.gov/index.html - NIST (National Institute of Standards) you
can drown in all the paper work here ...
http://www.informationshield.com/products.html - they have several LARGE books
of prewritten polices that you can base your own on. ie "Information Security
Policies Made Easy, Version 10" By Charles Cresson Wood, CISSP, CISA, CISM
(1300+ written policies you can pick from). I haven't seen them myself.
http://www.informationshield.com/ipme.html - Security Awareness with
Information Protection Made Easy (another book, small)
http://www.informationshield.com/whitepapers.html#regs - links to lots of other
sites and docs
http://www.computersecuritynow.com/ - ISO 17779, not security policy per se,
more a policy about policies
http://www.newboundary.com/products/policycommander/index.htm - tool for
managing/updating policies
http://www.ciscowebtools.com/spb/?POSITION=SyndicatedContent&COUNTRY_SITE=us&CAMPAIGN=MidMarket&CREATIVE=POLICYBUILDER&REFERRING_SITE=ITTOOLBOX
- Security Policy Builder, Create a custom security policy for your business.
Steps you through a series of questions
