Free sample resources to help you get further down the road on your own.
These are basic resources that you can use to start lifting up your security program on your own. If you need help, just reach out!
A key spreadsheet you’ll want to have to track all gaps and be able to sort them. This is a great discussion tool with your management to make decisions.
Some companies choose to have one policy document (beyond the employee handbook / acceptable use) that calls out ‘how’ information security should be done. Other companies choose to break into multiple policies due to the number of changes in a 12-month period and the amount of information in one policy document.
Every business should have this document mapped to their environment and updated at least annually. Many companies are combining this document as one vs. having separate. Some even include incident response (the next document below) in this just because there is so much overlap. If you are a small company, you might choose this method to start out.
Document what you’ll do in specific situations that could happen in your company. Provide enough detail to know what to do without too much drama, but not too much detail where if you don’t follow it you’ll be in trouble with the law (if/when they take you to court).
Additional Resources (pending)
Audit Report Template
A typical report format we use to produce an audit report.
Monthly Management Slide Deck
The contents will likely change, but the format is similar from month to month.
High Level History of Security Controls
From when I started in 1998 till today. The industry has gotten very complex, and the adversary can still win!
Tabletop Test Example
A sample slide deck we use to hold tabletop exercises with clients.