Security Guidelines ((MoJ)

The Cyber and Technical Security Guidance Guide of the UK Ministry of Justice is an good example of how security policies should look like for a large organization.

The Cyber and Technical Security Guidance Guide is published under the UK Open Government Licence v3.0 license.

The raw information is available in a public repository on github.

Overview op policies available in this guide:

• Avoiding too much security

• IDENTIFY, PROTECT, DETECT, RESPOND, RECOVER

• IT Security All Users Policy

• IT Security Policy (Overview)

• Line Manager approval

• IT Security Technical Users Policy

• Shared Responsibility Models

• Technical Controls Policy

• Mobile Device and Remote Working Policy

• Remote Working

• End or change of employment

• Acceptable use

• Acceptable use policy

• Guidance on IT Accounts and Assets for Long Term Leave

• Protect Yourself Online

• Web browsing security

• Government Classification Scheme

• Information Classification and Handling Guide

• Information Classification and Handling Policy

• Data Handling and Information Sharing Guide

• Secrets management

• Removable media

• Secure disposal of IT equipment

• Secure disposal of IT - physical and on-premise

• Working securely with paper documents and files

• Secure disposal of IT - public and private cloud

Access Control policies:

• Access Control Guide

• Access Control Policy

• Enterprise Access Control Policy

• Privileged Account Management Guide

Password policies:

• Password Managers

• Passwords

• Using 1Password

• Account management

• Authorisation

• Multi-user accounts and Public-Facing Service Accounts Guide

• Password Creation and Authentication Guide

• Password Management Guide

• Password Storage and Management Guide

• Policies for Google Apps administrators

• Policies for MacBook Administrators

• System User and Application Administrators

Policies for handling Crypto:

• Automated certificate renewal

• Cryptography

• HMG Cryptography Business Continuity Management Standard

• Public Key Infrastructure Policy

• Use of HMG Cryptography Policy

Note

This is just a summary of policies available from the MoJ. See here for all policies!