Cybersecurity Policies, Standard & Procedures

Security Documentation Starts with Policies & Standards 


ComplianceForge offers four (4) unique products to implement an organization-wide security program: 

 2017.1-complianceforge-cybersecurity-program-documentation-example-digital-security-program-dsp.jpg     2017.1-complianceforge-cybersecurity-program-documentation-example-nist-800-53-rev4.jpg     2017.1-complianceforge-cybersecurity-program-documentation-example-iso-27001-iso-27002.jpg     2017.1-complianceforge-cybersecurity-program-documentation-example-nist-cybersecurity-framework.jpg 
Click To Learn More   Click To Learn More   Click To Learn More   Click To Learn More

 2017-complianceforge-cybersecurity-product-comparison-leading-cybersecurity-frameworks-example.jpg

nist-cybersecurity-framework-vs-iso-27002-vs-nist-800-53-vs-nist-800-171-vs-dfars-vs-far.jpg 

 

Documentation Hierarchy

 In both the Written Information Security Program (WISP) and Digital Security Program (DSP), we use a hierarchical model to design the documentation. The idea is the structure allows the mapping of policies all the way down to metrics. 

Component

Example Content  
comprehensive-cybersecurity-documentation.jpg   comprehensive-cybersecurity-documentation-example.jpg

Policies are “high level” statements of management’s intent and are intended to guide decisions to achieve rational outcomes. Policies are not meant to be prescriptive, but provide an overall direction for the organization.

Control Objectives support policy by identifying applicable requirements that the organization needs to address. These applicable requirements can be best practices, laws or other legal obligations.

Standards establish formal requirements in regards to processes, actions and configurations. Standards are entirely focused on providing narrowly-focused, prescriptive requirements that are quantifiable.

Procedures are formal methods of performing a task, based on a series of actions conducted in a defined and repeatable manner.

Controls are technical or administrative safeguards that may prevent, detect or lessen the ability of the threat actor to exploit a vulnerability.

Metrics are designed to facilitate decision-making, improve performance, and improve accountability through the collection, analysis, and reporting of relevant performance-related data.

Comprehensive Coverage 

Give us a call or send us an email - we are happy to help you find the right solution for your needs! Each of our products is unique, but we have coverage for the following cybersecurity and privacy frameworks:

 

Sort by:

Sign up for our Newsletter!

×
×