Per my offer last week, I received a positive response to my query asking if folks might find useful a set of well-written policy and procedures that were aligned to ISO17799. I said that I would do the sanitizing work and release them if I got a fair response.
I did and here they are. This is in Microsoft Word Format. 534 KB.
My only caveats for those who download and use these is please don't sell them or otherwise engage in commercial activity based upon this work.
I'm releasing it into the wild because I want to help make people's lives easier and if these P&P's can help make your environment more secure in the long term, great. I don't want anything in return except perhaps that someone else will do something similar.
I must admit that I alluded to a lot of time, sweat and tears that *I* contributed to this document. To be fair and honest in full disclosure, I did not create the majority of this work; it's based upon prior art from multiple past lives, and most of it isn't mine exclusively.
As a level-set reminder:
All you need to do is modify the header/footer with your company's logo & information and do a search/replace for [COMPANY] with your own, and you've got a fantastic template to start building from or add onto another framework with.
The P&P's are a complete package that outline at a high-level the basis of an ISO-aligned security program; you could basically search/replace and be good to go for what amounts to 99% of the basic security coverage you'd need to address most elements of a well-stocked security pantry.
You can use this "English" high-level summary set to point to indexed detailed P&P mechanics or standards that are specific to your organization.
Please let me know if this is worthwhile and helped you. I could do all sorts of log tracking to see how many times it's downloaded, etc., but if you found it helpful (even if you just stash it away for a rainy day) do let me know in the comments, please.
I also have a really good Incident Response Plan that I consolidated from many inputs; that one's been put through at least one incident horizon and I lived to tell about it.