How to create and publish your company's platform for privacy performance policy, a W3C initiative, in 6 steps.

Provides general information about PKI policy, the role that policy plays in a PKI and how that policy applies to both traditional and PKI-enabled business environments. [PDF]

This paper is intended to address the importance of having a written and enforceable Information Technology (IT) security policy, and to provide an overview of the necessary components of an effective policy.

Discussion of what should go into the creation of an intrusion detection plan and the expected results.

Assess the return of information security inverstment of your organisation. Use the balanced scorecard to evaluate the financial and strategic aspects of your information security programme.

a guide to developing computer security policies and procedures for sites that have systems on the Internet. Published 1997.

[Word Document] Invest the time up front to carefully develop sound policies and then identify ways to gauge their effectiveness and assess the level of compliance within your organization. Commit to spending the time and resources required to ensure that the policies are kept current and accurately reflect your company's security posture.

If your company doesn't have written security policies, it's time it did, and Mark Edwards has some resources to help.

A widely used, peer-reviewed, comprehensive methodology for performing security tests.

Neupart: Information Security Management and Awareness; Solutions and Services; Based on standards.