In this video, we cover the essentials of creating effective organizational policies, following the guidance from the NIST Information Security Handbook. We start by defining a policy’s purpose and scope, ensuring alignment with organizational goals. Next, we go over getting management support, assigning roles, and conducting risk assessments to shape policy content. Finally, we explore best practices for drafting, implementing, and regularly updating policies to maintain security, compliance, and efficiency. By the end, you’ll have a practical framework for building strong policies that protect and streamline your organization.
there is a bonus at the end of the video that provides an awesome practical project for people to complete with these resources.
CIS IG1 Templates:
www.cisecurity.org/controls/policy-templates
Example of Policy: docs.google.com/document/d/1l9F_XgzwFYK3Az0W_hg2O_…
NIST - Information Security Handbook: A Guide for Managers nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpub…
GRCory
コメント