Can anyone on in this community direct me to a set of Information Security Policy templates?
You can google for them. This is a good starting point: https://www.sans.org/security-resources/policies
I agree with the SANS suggestion. Other reading suggests that every policy should be a home brew that starts from policy, which begins with your org's business and security goals -- and wholly discourages template use.
I am beginning a policy process at our org, too. I've downloaded some SANS docs, and will be carving them up for templates that can be reviewed by the security steering committee (that I hope to form!)... but I'll still require buy-in from everyone along the way when we reach topics that aren't covered by templates.
It'll be interesting to hear how things go. Keep us informed.
A good practice is to first start with a standard like ISO/IEC 27001 to define the organizational Information Management System (ISMS) - you can do this informally in preparation for certification down the road if you so choose. I'm not going to go into all the details here of what the standard calls out for supporting processes, but I do want to mention that you'll need to identify your organizational context and the associated risks to your organization. Defining a risk treatment strategy is important. Once you know the risks you need to control then you can start layering in the technical controls. I use NIST SP 800-53, rev 4, but there are others like COBIT, and the Cloud Controls Matrix from the Cloud Security Alliance. Plus many other NIST and ISO standards.
"organizational context and the associated risks to your organization"
I'm curious. When you say "organizational context", do you mean top-down policy and GRC, all steered by corporate values? And on the latter half of this quote ("associated risks"), I'm hearing that the risk assessments steer application of the controls, right?
I think @AppDefects means the business your organizations is working in. You have different risks when you're an bycicle repair shop, that if your in a financial business. The context will give you ideas about the risks you'll want to address...
*slaps own forehead*. I see that now. Thanks for the orientation!!
I'll second SANS recommendation for familiarization and to use as references.
If you are literally looking for the templates and can use some help with working through the process of turning them into written policies, I can recommend Advisera (https://advisera.com/) platform for working on ISO and NIST compliance projects.
They have quite a few free videos and courses to walk you through the process even if you are not going to use their product.