How To Develop An Information Security Program

The course comes with downloadable Microsoft Office-based documentation templates that you can edit for your specific needs.

The ISP documentation contains NIST Cybersecurity Framework (NIST CSF) based cybersecurity policies, procedures, and standards in an editable Microsoft Word format:

• The NIST CSF based ISP covers version 1.1 of the NIST Cyber Security Framework

• Each of the NIST controls are mapped to a standard within the ISP and each of those standards are mapped to a policy statement.

• The ISP covers the "what" and the "why" during an audit as policies and standards for the foundation for every information security program.

The NIST Cybersecurity Framework (CSF)-based Information Security Program (ISP) is a set of cybersecurity policies and standards that is tailored for organizations that need to align with leading cybersecurity practices.

This version of the Information Security Program (ISP) is based on the NIST Cybersecurity Framework (CSF) framework. It contains cybersecurity policies and standards that align with NIST CSF. You get fully-editable Microsoft Word and Excel documents that you can customize for your specific needs.

What Problems Does The ISP Solve?

• Compliance Requirements - Nearly every organization, regardless of industry, is required to have formally-documented security policies and standards. The The ISP maps to several leading compliance requirements so you can clearly see what is required.

• Audit Failures - Security documentation does not age gracefully like a fine wine. Outdated documentation leads to gaps that expose organizations to audit failures and system compromises. The ISP's standards provides mapping to leading security frameworks to show you exactly what is required to both stay secure and compliant.

• ​Vendor Requirements - It is very common for clients and partners to request evidence of a security program and this includes policies and standards. The ISP provides this evidence.