These resources are part of the fairly vast Computer and Network Security Task Force wiki. Although the wiki is targeted at educational institutions, its information security recommendations and principles are, for the most part, applicable to corporate environments, as well.

Toolkits and Blueprints

• Confidential Data Handling Blueprint: A step-by-step roadmap for the establishment of policies and practices for the protection of sensitive information. Includes categorized links to policy models, self-assessment tools, guidance on information classification, benchmarking resources, and much more.
• Business Continuity Planning Toolkit: Includes planning tools, a disaster recovery planning guide, resources and templates for internal and external communications during a business disruption, good practice guidelines, an overview of business continuity for executives, and other research and advice
• Data Classification Toolkit: A step-by-step roadmap for the data classification prerequisite of effective information protection. Includes links to regulatory requirements for classification, standards, case studies, and other guidance
• Data Incident Notification Toolkit: Includes notification templates for Web and other media; sample policies, procedures, and plans; case studies; and guidance on notification thresholds
• Model IT Security Training Materials: A collection of sample policy abstracts and quizzes (downloadable, MS PowerPoint format)
• RFP models for information security risk assessment: Sample RFPs for larger and smaller organizations, designed to simplify the process of evaluating and engaging consultants for security risk assessment