Best Practice Policies – Select the link to learn more review resources.
• Acceptable Use Policy: Defines acceptable and prohibited uses of information systems and resources.
• Access Control Policy: Manages who has access to information systems and data, and what level of access they have.
• Data Encryption Policy: Mandates encryption of sensitive data in the cloud [[general best practice]].
• Data Security Policy: Protects the confidentiality, integrity, and availability of sensitive data.
• Incident Response Policy: Outlines how to respond to cybersecurity incidents, including detection, containment, recovery, and reporting.
• Information Security Policy: Outlines the organization’s overall approach to cybersecurity.
• Mobile Device Security Policy: Addresses the security risks associated with mobile devices .
• Password Policy: Sets requirements for strong passwords and secure password management.
• Remote Access Policy: Secures access to cloud resources from remote locations [[general best practice]].
• Risk Management Policy: Outlines the process for identifying, assessing, and mitigating cybersecurity risks.
• Security Awareness and Training Policy: Promotes cybersecurity awareness and training for all employees.
• Telework Security Policy: Protects information assets when employees work remotely.
• Vendor Security Policy: Manages the security risks associated with third-party vendors.
CIS Governance
CIS Controls: A prioritized set of actions to protect organizations against known cyber-attacks.
CIS Benchmarks: Security configuration guidelines for specific technologies and platforms.
Cloud-Related Policies
Access Control Policy for Cloud Systems: Manages access to cloud resources and data.
Cloud Security Policy: Outlines security measures for cloud infrastructure, applications, and data.
Cloud Data Security Policy: Protects sensitive data in the cloud [[general best practice]].
Cloud Incident Response Policy: Guides response to cloud-related security incidents [[general best practice]].
Cloud Vendor Security Policy: Manages security risks associated with cloud vendors [[general best practice]].