Standards
Framework for implementing security measures, ensuring that all aspects of an organization’s security posture are addressed
Password Standards
Dictate the complexity and management of passwords
Access Control Standards
Determines who has access to what resources within an organization
Discretionary Access Control (DAC): Owner decides who can access the data
Mandatory Access Control (MAC): Uses labels and classifications
Role-based Access Control (RBAC): Assign access based on roles
Access Control Models
Physical Security Standards
Cover the physical measures taken to protect an organization’s assets and information Physical Security
Encryption Standards
Ensures that data intercepted or accessed without authorization remains unreadable and secure
Procedures
Systematic sequences of actions or steps taken to achieve a specific outcome
Change Management
Systematic approach to deal with changes within an organization
Onboarding Procedures
The process of integrating new employees into the organization
Offboarding Procedures
The process of managing the transition when an employee leaves
Playbooks
Checklist of actions to perform to detect and respond to a specific type of incident