Identify the Best Framework for Your Security Policies


Develop a fit-for-purpose set of information security policies.

If you're already a member, click here to log in.

Major Business Pain Points

  • Leverage the Develop and Deploy Security Policies blueprint to build a comprehensive policy program, from acquiring buy-in to policy development to communication and maintenance of the program.
  • Use this storyboard and associated templates to develop policies for the framework that fits your needs.
Identify the Best Framework for Your Security Policies-Pain Points

Recommendations

Key Points

Policies don’t make your organization compliant. However, aligning the policy development with a relevant framework and implementing the controls and requirements that have been documented are critical steps in achieving compliance.

Approach

Identify the Best Framework for Your Security Policies-Recommendations
  • Understand your policy framework and develop the security policies that align with compliance and regulatory requirements.
  • Save time by customizing the policy templates to ensure comprehensive coverage.

Methodology and Tools

1. Identify the best framework for your security policies

Understand the benefits of various frameworks to develop your security policy suite.

  • Identify the Best Framework for Your Security Policies Storyboard

2. Develop security policies aligned with the NIST SP 800-171 framework

If the NIST framework fits your needs, customize the templates for a comprehensive policy suite.

  • Access Control Policy – NIST
  • Security Awareness Training Policy – NIST
  • Audit and Accountability Policy – NIST
  • System Configuration Management Policy – NIST
  • Identification and Authentication Policy – NIST
  • Incident Response Policy – NIST
  • System Maintenance Policy – NIST
  • Media Protection Policy – NIST
  • Personnel Security Policy – NIST
  • Physical Protection Policy – NIST
  • Risk Assessment Policy – NIST
  • Security Assessment Policy – NIST
  • System and Communications Security Policy – NIST
  • System and Information Integrity Policy – NIST

3. Develop security policies aligned with the ISO 27001 framework

If the ISO framework fits your needs, customize the templates for a comprehensive policy suite.

  • Human Resources Security Policy – ISO
  • Asset Management Policy – ISO
  • Access Control Policy – ISO
  • Cryptography Policy – ISO
  • Physical and Environmental Policy – ISO
  • Operations Security Policy – ISO
  • Communications Security Policy – ISO
  • System Acquisition, Development, and Maintenance Security Policy – ISO
  • Security in Supplier Relationships Policy – ISO
  • Security Incident Management Policy
  • Information Security Aspects of Business Continuity Management Policy – ISO
  • Compliance Policy – ISO

4. Develop other procedural-based security policies

Leverage lower-level policy templates to develop procedures for specific security topics.

  • Security Awareness Training Procedural Policy
  • Identity and Access Management Procedural Policy
  • Data Protection Procedural Policy
  • Media Protection Procedural Policy
  • Password Procedural Policy
  • Account Management Procedural Policy
  • System Configuration Procedural Policy
  • Systems Maintenance Procedural Policy
  • System Change Control Procedural Policy
  • Systems Monitoring and Auditing Procedural Policy
  • Application Security Procedural Policy
  • Incident Response Procedural Policy
  • Contingency Planning Procedural Policy
  • Security Assessment Procedural Policy
  • Risk Assessment Procedural Policy

All resources on this page are provided to Cyber Leadership Hub members under license from third parties including Info-Tech Research Group Inc, a global leader in providing IT research and advice.