Digital Security Foundations Package
The Story
There are plenty of Security Policies and Standards available out there for free, but what you may not get from a collection of those documents is having them built into an actual functioning digital security program. Extracting out the Standards, Procedures, and Guidance from the Policy document allows the Policy document itself to be just 3 pages long. This means that an organization's executive can approve the Digital Security Policy as the overall Digital Security direction for the organization.
Together the Policy, Standards, Procedures, and Guidance documents are more than 175 pages of material. The Baselines alone are over 500 pages. Nothing I have created here is rocket science. I’m a practical person and anything I implement has to be simple and it has to serve the organization. I know it works because I've replicated this process over and over again.
Below is a current list of the artifacts that exist today, with more being added and existing ones being updated all of the time.
POLICY
- POLICY - Digital Security
STANDARDS
- STANDARD - Acceptable Use
- STANDARD - Account Lockout
- STANDARD - Backup
- STANDARD - Cloud Vendor Security
- STANDARD - Cryptographic Key Management
- STANDARD - Data Classification
- STANDARD - Data Encryption
- STANDARD - Data Residency
- STANDARD - Data Retention
- STANDARD - Data Transmission
- STANDARD - Database Security
- STANDARD - Electronic Media Disposal
- STANDARD - Guest Wireless
- STANDARD - IT Change Management
- STANDARD - Logging/Monitoring
- STANDARD - Major Risk Travel
- STANDARD - Malicious Software Prevention Detection Eradication
- STANDARD - Mobile Device Management
- STANDARD - Network Security
- STANDARD - Passwords [click here for a sample]
- STANDARD - Patch & Vulnerability Management
- STANDARD - Physical IT Security
- STANDARD - Privileged Account Creation & Management
- STANDARD - Remote Access
- STANDARD - Risk Management
- STANDARD - Security Incident Response
- STANDARD - Security Training & Awareness
- STANDARD - User Account Creation & Management
- STANDARD - Wireless LAN
- STANDARD - Zones Architecture
PROCEDURES
- PROCEDURE - Exception Request
- PROCEDURE - Third Party Disclosure Approval
- PROCEDURE - Security Incident Response
- PROCEDURE - Risk Management
- PROCEDURE - IT Change Management
BASELINES
- BASELINE - Android 5
- BASELINE - Android 6
- BASELINE - App Server Security
- BASELINE - Mac iOS 10
- BASELINE - Mac iOS 10 Desktop
- BASELINE - MS SERVER 2003
- BASELINE - MS SERVER 2008 R2
- BASELINE - MS SERVER 2012 R2
- BASELINE - MS SERVER 2016
- BASELINE - MS SERVER DC 2012 R2
- BASELINE - MS SQL Server 2012 Database
- BASELINE - MS SQL Server 2012 Instance
- BASELINE - MS SQL Server 2014 Database
- BASELINE - MS SQL Server 2014 Instance
- BASELINE - Router Security
- BASELINE - Switch Security
- BASELINE - Web Server Security
- BASELINE - Windows 10
- BASELINE - Windows 7
GUIDELINES
- GUIDELINE - Major Risk Travel
- GUIDELINE - Passphrases
- GUIDELINE - Segregation of Duties
OTHER
- System Security Assessment bundle – a mechanism to assess potential cloud vendors
- Risk Management bundle – a simple mechanism for IT Security to track and manage risk
- Charters – various charters for groups within IT Security
If you are interested in finding out more about licensing, please contact us at:
info [@] savantadvisory.com
(remove the spaces and [ ] from the e-mail above as listing it this way protects from screen scraping)