Hey Hey all...

I was browsing PacketStorm and noticed a rather interesting pdf entitled "Building and Implementing a Successful Information Security Policy"

I haven't read all of it yet, but it looks fairly decent.

The purpose of this paper is to outline the strategies and managing processes behind implementing a successful
Security Policy. Additionally, I will give recommendations for the creation of a Security Awareness Program,
where the main objective will be to provide staff members with a better, if not much improved understanding
of the issues stated in a security policy.
We will also be focusing on significantly reducing the integration period of the security policy, by way of proper
explanation of all of the items pointed out in a formal security policy document.

02. Scope
This paper is by no means intended to be a complete reference on the process of building a security policy or
the development of a security awareness course. Instead, it was created with the idea of providing the reader
with a reliable source of advice, various recommendations and useful tips gathered from my personal
experiences while building and developing security policies, as well as conducting security awareness courses.
This document will also provide you with a sample security newsletter, best practises concerning various
information security threats, as well as discuss in detail some of the most common security problems which
companies are facing every day (concentrating specifically on security problems endangering somehow the
continuity and the proper functionality of the institution).

It is located @ http://packetstormsecurity.nl/papers...ity-policy.pdf