Security Policies / Security Rules – Ask McConnell’s “One Pager” Library

Updated: 8 April 2025

Got to Know The Security Policies / Security Rules Before You Break Them

I have worked with, read many, edited many, audited reams of them, written from scratch, maybe even violated a few, investigated countless, and trained on countless sets of security rules and policies, in all types of organizations around the world. The most common title of these sets of rules is “our Security Policy”, which I promote this term in my security governance training, but to help all types of organizations that have struggled with these types of rules/policies, I am going back to 3rd grade and just call them, “rules.” for now. If your organization decides to call them “Rules” or “Policies” or “Requirements” or _____, you call, just make sure its a term that fits the culture is a enforcable. It is about accountability of “I”, the individual human reading them, that they understand and will follow…..

I can’t tell you how many times I have seen rules/policies that, some of which I helped write, were close to impossible to determine who (individually) was accountable.

They read like a company was writing to a company and not to an individual.

The ones below and in the future are my attempts to 1. Provide a free resource to people that have little or no rules/policies or resources to make them, and 2. provide a new direction for industry security rules / security policies that is written from the organization to the individuals to mature to maximum accountability. Determining who is accountable comes in the form of a RACI exercise that is independent of these rules/policies. Ultimately, it’s the CEO-level person if no one else is assigned, but guess what, the CEO-level person should be equally accountable and sign these same documents.

This collection is not meant to cover every need, but will support any size organization (NGO to SMB to Fortune ### to Government), it is meant to simplify these rules/policies into literally one page and hyper-focus on individual accountability. Yes, you will have some overlap as some organizations only need specific documents vs. all of them.

Good Luck, and if we can be of service to help you enhance these documents or help you with implementation, we would be honored to service you and your organization.

Jim McConnell
info@askmcconnell.com
Ask McConnell, LLC
https://askmcconnell.com

Security Policy on a desk in a room of people with notebooks on shelves on the wall

A New Direction for Security Policies

Updated: 23 March 2025

A short note (okay, more than 1 page) about what we believe should be a new direction for security (and safety) rules/policies in organizations. A move toward more mature accountability.

Security Policy on a desk in a room of people with notebooks on shelves on the wall

The Security Commitment

Updated: 20 March 2025

An example agreement between the organization and the individual about these rules and policies and the consequences

Definitions

Updated: 18 March 2025

Though the graphic says “Small Business(es)”, these definitions and all of the resources will work from NGOs/Churches to the federal government, small businesses to large enterprises.

Security Policy on a desk in a room of people with notebooks on shelves on the wall - Personnel Security Policies

Personnel Security

Updated: 20 March 2025

Security Policy on a desk in a room of people with notebooks on shelves on the wall - Physical Security Policies

Physical Security

Updated: 13 April 2025

Security Policy on a desk in a room of people with notebooks on shelves on the wall - Supply Chain Security Policies

Supply Chain Security

Updated: 05 April 2025

Security Policy on a desk in a room of people with notebooks on shelves on the wall - Technology Software Update Policies

Technology Software Updates

Updated: 20 March 2025

Fraud Management

Updated: 06 April 2025

Social Media Usage

Updated: 24 March 2025

Investigations

Updated: 23 March 2025

Email Security

Updated: 25 March 2025

Laptop/Desktop/Mobile Security

Updated: 06 April 2025

Onsite/Offsite Events Security

Updated: 06 April 2025

Supplier / Customer Due Diligence

Updated: 23 March 2025

Retail Loss Prevention

Updated: 06 April 2025

Recruiting and Onboarding

Updated: 07 April 2025

Security Policy on a desk in a room of people with notebooks on shelves on the wall

Use of Our Facilities

Updated: 4 April 2025

Security Policy on a desk in a room of people with notebooks on shelves on the wall

Handling of Cash or Checks

Updated: 8 April 2025

Security Policy on a desk in a room of people with notebooks on shelves on the wall

Protecting VIPs (Physical)

Updated: 08 April 2025

Security Policy on a desk in a room of people with notebooks on shelves on the wall

Asset Inventory Management

Updated: 08 April 2025

Security Policy on a desk in a room of people with notebooks on shelves on the wall

Vulnerability Management

Updated: 08 April 2025

Security Policy on a desk in a room of people with notebooks on shelves on the wall

Cyber Security – Center for Internet Security 18 Critical Controls

Sorry it’s a 2 Pager……Based on CISecurity.org great work on the 18 Critical Controls

Updated: 03 April 2025

Security Policy on a desk in a room of people with notebooks on shelves on the wall

Secure Software Development

Updated: 08 April 2025

Security Policy on a desk in a room of people with notebooks on shelves on the wall

Warehouse Security (Worker Edition)

Updated: 13 April 2025

Security Policy on a desk in a room of people with notebooks on shelves on the wall

Security Personnel Training

Updated: 13 April 2025

Jim, I wish you had one on ______

I urgently need a policy on _____