Digital Security Foundations Package

Policy Map.jpg

The Story

There are plenty of Security Policies and Standards available out there for free, but what you may not get from a collection of those documents is having them built into an actual functioning digital security program.  Extracting out the Standards, Procedures, and Guidance from the Policy document allows the Policy document itself to be just 3 pages long. This means that an organization's executive can approve the Digital Security Policy as the overall Digital Security direction for the organization. 

Together the Policy, Standards, Procedures, and Guidance documents are more than 175 pages of material.  The Baselines alone are over 500 pages. Nothing I have created here is rocket science.  I’m a practical person and anything I implement has to be simple and it has to serve the organization.  I know it works because I've replicated this process over and over again. 

Below is a current list of the artifacts that exist today, with more being added and existing ones being updated all of the time.

POLICY

  • POLICY - Digital Security

STANDARDS

  • STANDARD - Acceptable Use
  • STANDARD - Account Lockout
  • STANDARD - Backup
  • STANDARD - Cloud Vendor Security
  • STANDARD - Cryptographic Key Management
  • STANDARD - Data Classification
  • STANDARD - Data Encryption
  • STANDARD - Data Residency
  • STANDARD - Data Retention
  • STANDARD - Data Transmission
  • STANDARD - Database Security
  • STANDARD - Electronic Media Disposal
  • STANDARD - Guest Wireless
  • STANDARD - IT Change Management
  • STANDARD - Logging/Monitoring
  • STANDARD - Major Risk Travel
  • STANDARD - Malicious Software Prevention Detection Eradication
  • STANDARD - Mobile Device Management
  • STANDARD - Network Security
  • STANDARD - Passwords [click here for a sample]
  • STANDARD - Patch & Vulnerability Management
  • STANDARD - Physical IT Security
  • STANDARD - Privileged Account Creation & Management
  • STANDARD - Remote Access
  • STANDARD - Risk Management
  • STANDARD - Security Incident Response
  • STANDARD - Security Training & Awareness
  • STANDARD - User Account Creation & Management
  • STANDARD - Wireless LAN
  • STANDARD - Zones Architecture

PROCEDURES

  • PROCEDURE - Exception Request
  • PROCEDURE - Third Party Disclosure Approval
  • PROCEDURE - Security Incident Response
  • PROCEDURE - Risk Management
  • PROCEDURE - IT Change Management

BASELINES

  • BASELINE - Android 5
  • BASELINE - Android 6
  • BASELINE - App Server Security
  • BASELINE - Mac iOS 10
  • BASELINE - Mac iOS 10 Desktop
  • BASELINE - MS SERVER 2003
  • BASELINE - MS SERVER 2008 R2
  • BASELINE - MS SERVER 2012 R2
  • BASELINE - MS SERVER 2016
  • BASELINE - MS SERVER DC 2012 R2
  • BASELINE - MS SQL Server  2012 Database
  • BASELINE - MS SQL Server  2012 Instance
  • BASELINE - MS SQL Server  2014 Database
  • BASELINE - MS SQL Server  2014 Instance
  • BASELINE - Router Security
  • BASELINE - Switch Security
  • BASELINE - Web Server Security
  • BASELINE - Windows 10
  • BASELINE - Windows 7

GUIDELINES

  • GUIDELINE - Major Risk Travel
  • GUIDELINE - Passphrases
  • GUIDELINE - Segregation of Duties

OTHER

  • System Security Assessment bundle – a mechanism to assess potential cloud vendors
  • Risk Management bundle – a simple mechanism for IT Security to track and manage risk
  • Charters – various charters for groups within IT Security

If you are interested in finding out more about licensing, please contact us at:

info [@] savantadvisory.com

(remove the spaces and [ ] from the e-mail above as listing it this way protects from screen scraping)