In terms of Cubersecurity, Develop your organizations (or
organization of choice) Comprehensive Information and Security
Program answering the following questions:
(PLEASE TRY TO ANSWER ALL MY QUESTIONS. THANK YOU)
11. Physical Security
What are the basic fundamentals of your physical security
program?
12. Policies
• Data Classification and Governance Policy
Write a short description
• Identify and Access Management Policy
Write a short description
• Data Retention and Destruction Policy
Write a short description
• Website Privacy Policy and Terms of Use
Write a short description
• Mobile Device Policy
Write a short description
• Acceptable Use Policy
Write a short description
13. Procedures
• Business Recovery Procedures
Write a short description
• Disaster Recovery Procedures
Write a short description
• Incident Response Procedures
Write a short description
• Identity and Access Management Procedures
Write a short description
• Third Party / Supply Chain Due Diligence Procedures
Write a short description
• Software Development Lifecycle Procedures
Write a short description (Include how your software team
handles cybersecurity fundamentals)
14. Guidelines
• Data Loss Prevention Guidelines
Write a short description
• Physical Security Guidelines
Write a short description
• Inventory and Asset Management Guidelines
Write a short description
• Vulnerability Management
Write a short description
15. Testing
• Annual Risk Assessments
Write a short description
• Annual Penetration Testing
Write a short description
• Annual DR/BCP Testing
Write a short description
• Periodic Phishing Testing
Write a short description
16. Configuration Standards
• Mobile Device Configuration Standards (Mobile Device
Management)
Write a short description
• Desktop / Laptop Configuration Standards
Write a short description
• Network Device Configuration Standards
Write a short description
• Network Security Standards
Write a short description
• Email Configuration Standards (incoming / outgoing / mail
client)
Write a short description
17. Cyber Defense Program
Outline your Cyber defense strategy. What are the core tenets?
What are the baseline fundamentals of cyber defense?
• Technical Cyber Program:
o Outside your borders
o Outer shell
o Inner Shell
o Bedrock / Underpinnings (items that apply to all layers, and
all architectures … cloud e.g.)
• Team / Organization Structure:
How is your Cyber team structured? What are the key roles and
responsibilities? What are the operations this group is responsible
for (think about “event” and “incident” handling class we took
e.g.)