IT Policy and Documentation

IT policies and documentation are critical to Cyber Security as they provide clarity to everyone in an organization regarding information technology.  IT policies work to combat threats, manage risk, and ensure efficient, effective, and consistent operations.  These policies define how people or systems can access a corporate network and data, how that network and data is to be protected from internal and external risks and how to recover in the event of an attack and/or outage.

Acceptable Use Policy

An acceptable use policy is a document defining practices and constraints that a user is required to agree to for access to a corporate network, corporate Internet connection or other corporate resources.

Asset Management Policy

An asset management policy is a document that defines the process of receiving, tagging, documenting, and eventually disposing of corporate equipment.  It is very important to maintain an up-to-date asset inventory to ensure computer equipment locations are known.

Business Continuity Plan (BCP)

A business continuity plan (BCP) is a document that consists of the critical information and organization needs to continue to operate during and unplanned event such as a cyber security attack. A BCP details the essential functions of the business, identifies which systems and processes must be operational, details how to maintain them and assigns who is responsible for doing so.

Code of Conduct Policy

A code of conduct policy is a collection of rules and principles intended to assist employees and directors in making decision regarding their conduct in relation to the company’s business. details how to maintain them and assigns who is responsible for doing so.

Data Classification Policy

A data classification policy is a document that outlines a comprehensive plan used to categorize a company’s stored information based on its sensitivity level, ensuring proper handling, and lowering organizational risk.

Data Protection Policy

A data protection policy is a document that defines how your organization protects personal data. It is a set of principles, rules, and guidelines that outlines how you will ensure ongoing compliance with data protection laws and regulations.

Disaster Recovery Plan (DRP)

A disaster recovery plan is a document that outlines detailed instructions on how to respond to unplanned incidents such as natural disasters, power outages, cyber security attacks or any other event that disrupts business operations.

Encryption Policy

An encryption policy is a document that defines what and when data needs to be encrypted. This includes both data at rest encryption and data in transit encryption.

IT Policy and Documentation (Cont.)

Incident Response Plan

An incident response plan is a document intended to establish controls to ensure the detection of security vulnerabilities and incidents, as well as quick reaction and response to security breaches.
This document also provides implementing instructions for security incident response, including definitions, procedures, responsibilities, and performance measures (metrics and reporting mechanisms).

Information Security Policy

An information security policy is a document that outlines a set of rules, policies and procedures designed to ensure all end users and networks within an organization meet minimum IT security and data protection security requirement.

Password Policy

A password policy is a document that defines the rules that an organizations password must meet, such as length, type of characters allowed and/or required, password expiration age, etc.

Physical Security Policy

A physical security policy is a document that establishes requirements to ensure that an organization’s information assets are protected by physical controls that prevent tampering, damage, theft, or unauthorized physical access. This policy defines the following controls and acceptable practices:
• Definition of physical security perimeters and required controls.
• Personnel and visitor access controls
• Protection of equipment stored off-site

Responsible Disclosure Policy

A responsible disclosure policy is a document that outlines the process of reporting and disclosure of vulnerabilities discovered by external entities, and anonymous reporting of information security policy violations by internal entities.

Risk Assessment Policy

A risk assessment policy is a document that defines the methodology for the assessment and treatment of information security risks within an organization and to define the acceptable level of risk as set by the organization’s leadership.

System Access Control Policy

A systems access control policy is a document that defines who can access what systems and when. The goal of systems access control is to minimize the security risk of unauthorized access to physical and logical systems.

Vendor Management Policy

A vendor management policy is a document that establishes requirements for ensuring third-party service providers/vendors meet an organization's requirement for preserving and protecting the organization's information.

Vulnerability Management Policy

A vulnerability management policy is a document that establishes the rules for the discovery, review, evaluation, application, and verification of system updates to mitigate vulnerabilities in the IT environment and the risks associated with them.

Risk Identification

To minimize security risks, it is necessary for organizations to identify the risks associated with their computer network and systems.  An assortment of tools can be used to identify risks associated with different areas of an organization's network.

Internal Vulnerability Assessment

A vulnerability assessment is a process of identifying, categorizing, and reporting security vulnerabilities that exist in your organization. It is a procedure that utilizes a vulnerability scanning appliance that scans all internal IP enabled devices such as servers, workstations, switches, routers, firewalls, etc.

Penetration Testing (Pen Test)

A penetration test (pen test) is an authorized simulated attack performed on a computer system to evaluate its security. Penetration testers use the same tools, techniques, and processes as attackers to find and demonstrate the business impacts of weaknesses in a system.

Web Application Penetration Testing

Web application penetration testing works by using manual or automated penetration tests to identify any vulnerability, security flaws or threats in a web application. The tests involve using/implementing any of the known malicious penetration attacks on the application. The penetration tester exhibits/fabricates attacks an environment from an attacker’s perspective, such as using SQL injection tests. The web application penetration testing key outcome is to identify security weakness across the entire web application and its components (source code, database, back-end network). It also helps in prioritizing the identified vulnerabilities and threats, and possible ways to mitigate them.

Intrusion Detection System (IDS)

An intrusion detection system (IDS) is a device or software application that monitors a network for malicious activity or policy violations. Any malicious activity or violation is typically reported or collected centrally using a security information and event management system.

Network Protection 

Network protections tools such as firewalls are tools designed to protect a organizations network from unauthorized access or data breaches.

Traditional Firewall

A traditional firewall is network security device which typically provides stateful inspection of network traffic that entering or exiting point inside network based on state, port, and protocol. Traditional firewall control traffic flow but do not provide protection to against modern types of cyber threats posing risk to organizations today.

Next Generation Firewall

A Next Generation firewall is network security device which not only provides stateful inspection of network traffic but also includes advanced features such as:
• Application awareness and control
• Deep Packet Inspection (DPI)
• Integrated Intrusion Protection System (IPS)
• Cloud-delivered threat intelligence
• Secure Sockets Layer (SSL) Inspection and Secure Shell (SSH) Control
• Sandbox Integration
• Advanced Threat Protection
• Web Content Filtering
• Antivirus, Antispam, Antimalware

Network Access Control (NAC)

Network access control (NAC) is a security solution (software or hardware appliance) that enforces policy on devices that access networks to increase network visibility and reduce risk.

Security Information and Event Management (SIEM)

Security Information and Event Management (SIEM) is a security solution (software or hardware appliance) that aggregates and analyzes activity from many different resources across your entire IT infrastructure. SIEM collects security data from network devices, servers, domain controllers, and more. SIEMS should be monitored by a Security Operations Center (SOC) to ensure threats in data collected are identified.

AI Powered Threat Protection

AI-backed threat protection identifies and learns about new malware using machine learning models. AI improves its knowledge to “understand” cybersecurity threats and cyber risk by consuming billions of data artifacts. AI analyzes relationships between threats like malicious files, suspicious IP addresses or insiders in seconds or minutes. AI provides curated risk analysis, reducing the time security analysts take to make critical decisions and remediate threats.

Network Protection (Cont.)

Network protections tools such as firewalls are tools designed to protect a organizations network from unauthorized access or data breaches.

Password Manager

A password manager is a computer program that allows users to store, generate, and manage their passwords for local applications and online services. A password manager assists in generating and retrieving complex passwords, storing such passwords in an encrypted database, and in the case of a multiuser solution, tracking which users have access particular passwords.

Identity and Access Management (IAM)

Identity and access management (IAM) ensures that the right people and job roles in your organization (identities) can access the tools they need to do their jobs. Identity management and access systems enable your organization to manage employee apps without logging into each app as an administrator.

Privileged Account Manager (PAM)

Privileged access management (PAM) encompasses the policies, strategies, and technologies used to control, monitor, and secure elevated access to critical resources for human and service accounts.
PAM strategies enforce the principle of least privilege, restricting account creation and permissions to the minimum level a person requires to do a job. Least privilege helps prevent the spread of malware, decreases your cyber-attack surface, improves workforce productivity, and helps demonstrate compliance.

Data Loss Prevention (DLP)

Data Loss Prevention (DLP) is the practice of detecting and preventing data breaches, exfiltration, or unwanted destruction of sensitive data. Organizations use DLP to protect and secure their data and comply with regulations.

The DLP term refers to defending organizations against both data loss and data leakage prevention. Data loss refers to an event in which important data is lost to the enterprise, such as in a ransomware attack. Data loss prevention focuses on preventing illicit transfer of data outside organizational boundaries.

Email Security

Email security is a term for describing different procedures and techniques for protecting email accounts, content, and communication against unauthorized access, loss or compromise. Email is often used to spread malware, spam and phishing attacks.

Multi-Factor Authentication (MFA)

Multi-factor authentication is an authentication method in which a user is granted access to a protected resource only after successfully presenting two or more pieces of evidence to an authentication mechanism.