There's no one correct security policy or standard for the simple reason that how much security you have depends on many things such as how vulnerable you are, how much money you have etc.
However, a quick google suggested to me that
http://www.infosyssec.net/infosyssec/secpol1.htm might be a site you would find useful.