TEK TRAINING

SOLUTIONS INC.

PROVIDING CYBERSECURITY CORE VALUES IS TO ENSURE YOUR

CONFIDENTIALITY, INTEGRITY AND AVAILABILITY.

The Best Way To Safeguard Your Company

Policies address a wide range of topics, including user education, network security, physical security, data protection, incident response, and access control. Depending on the organization’s size, nature, and complexity, several policies and processes may be established.

AVAILABILITY

Ensures That Information Is Available When Needed And That Systems Are Functioning. Making Sure Someone Can Access The Information Or System Resources Required For Their Role Is Part Of It.

CONFIDENTIALITY

Limiting Access To Personal Information By Outsiders. Maintaining Data Security Is Necessary To Prevent Unauthorized Reading Or Access.

INTEGRITY

Verifies That Information Is Correct, Full, And Hasn’t Been Modified In Any Manner. By Limiting Illegal Alterations, It Includes Preserving The Consistency And Reliability Of Data.

Policies

Information Security Policy

This policy outlines an organization’s approach to managing and protecting its information assets from various threats such as unauthorized access, theft, or loss. It defines the roles and responsibilities of different stakeholders and provides guidelines for implementing security controls and procedures.

Information Risk Management Policy (based on ISO 27001/27002)

This policy outlines an organization’s approach to identifying, assessing, and managing information security risks in accordance with the ISO 27001/27002 standards. It establishes a risk management framework and provides guidelines for implementing risk management controls and procedures.

Information Classification and Ownership Policy

This policy defines the criteria and procedures for classifying information based on its sensitivity, criticality, and ownership. It also outlines the responsibilities of different stakeholders for ensuring the confidentiality, integrity, and availability of classified information.

Asset Management Policy

This policy outlines an organization’s approach to managing its information assets throughout their lifecycle, including acquisition, deployment, maintenance, and disposal. It provides guidelines for inventory management, asset tracking, and disposal procedures.

Access Control Policy

This policy outlines the principles and practices for controlling access to information and information systems, including authentication, authorization, and accountability. It provides guidelines for implementing access control measures based on the principle of least privilege.

Password Policy

This policy outlines the requirements and guidelines for creating and managing passwords to ensure their confidentiality, integrity, and availability. It includes guidelines for password complexity, expiration, and management.

Business Associates & Vendor Management Policy

This policy outlines an organization’s approach to managing its relationships with third-party vendors and business associates to ensure that they comply with the organization’s information security policies and standards. It includes guidelines for vendor selection, due diligence, and oversight.

Segregation of Duties Policy

This policy outlines the principles and practices for separating duties and responsibilities among different roles and individuals to prevent conflicts of interest and fraud. It includes guidelines for implementing segregation of duties controls.

Information Security Awareness and Training Policy

This policy outlines the requirements and guidelines for providing information security awareness and training programs to employees, contractors, and other stakeholders. It includes guidelines for training needs assessment, program design, delivery, and evaluation.

Rules of Behavior or Acceptable Use Policy (AUP)

This policy outlines the expectations and guidelines for using an organization’s information assets and systems in a responsible, ethical, and lawful manner. It includes guidelines for acceptable use, privacy, and security.

Information Security Incident Management Policy

Information Security Incident Management Policy: This policy outlines an organization’s approach to detecting, responding, and recovering from information security incidents such as breaches, intrusions, or malware infections. It includes guidelines for incident reporting, escalation, investigation, and remediation.

Business Continuity Policy

This policy outlines an organization’s approach to maintaining essential business functions and services in the event of disruptions such as natural disasters, cyber-attacks, or other emergencies. It includes guidelines for developing and testing business continuity plans.

Record and Media Retention Policy

This policy outlines the requirements and guidelines for managing an organization’s records and media throughout their lifecycle, including retention, storage, and disposal. It includes guidelines for compliance with legal and regulatory requirements.

Disaster Recovery Policy

This policy outlines an organization’s approach to recovering its information assets and systems in the event of disasters such as power outages, hardware failures, or cyber-attacks. It includes guidelines for developing and testing disaster recovery plans.

Mobile Computing Devices Policy

This policy outlines the requirements and guidelines for using mobile computing devices such as smartphones, tablets, or laptops in a secure and responsible manner. It includes guidelines for device management, encryption, and remote wiping.

Electronic Communications Policy (social media, email and instant messaging)

This policy outlines the requirements and guidelines for using electronic communications such as social media, email, and instant messaging in a secure and responsible manner. It includes guidelines for acceptable use, privacy, and security, as well as procedures for monitoring and managing electronic communications.

Remote Access Policy

This policy outlines the requirements and guidelines for accessing an organization’s information assets and systems remotely, such as through virtual private networks (VPNs) or remote desktop connections. It includes guidelines for access control, authentication, and encryption.

Removable Storage Device (RSD) Policy

This policy outlines the requirements and guidelines for using removable storage devices such as USB drives or external hard drives in a secure and responsible manner. It includes guidelines for encryption, access control, and virus scanning.

Data Security Policy (data at rest, data in motion, and data during processing)

This policy outlines the requirements and guidelines for securing an organization’s data throughout its lifecycle, including storage, transmission, and processing. It includes guidelines for encryption, access control, and monitoring.

End-of-life Media Disposal Policy

This policy outlines the requirements and guidelines for disposing of an organization’s media and storage devices at the end of their lifecycle. It includes guidelines for data destruction, sanitization, and disposal.

Workstation Use and Security Policy

This policy outlines the requirements and guidelines for using and securing an organization’s workstations, including desktop computers, laptops, and other devices. It includes guidelines for access control, software updates, and virus scanning.

Audit Trails and Logs Controls Policy:

This policy outlines the requirements and guidelines for monitoring and managing an organization’s audit trails and logs, which record system activities and events. It includes guidelines for access control, retention, and analysis.

End User Computing (EUC) policy

This policy outlines the requirements and guidelines for managing end user computing devices such as spreadsheets, databases, and other applications. It includes guidelines for access control, data integrity, and version control.

Outsourcing-Risk Management Policy

This policy outlines the requirements and guidelines for managing risks associated with outsourcing business processes and services to third-party vendors. It includes guidelines for vendor selection, due diligence, and oversight.

Reputational-Risk Management Policy

This policy outlines the requirements and guidelines for managing risks associated with an organization’s reputation, brand, and image. It includes guidelines for crisis management, communication, and reputation monitoring.

Application Security Policy

This policy outlines the requirements and guidelines for ensuring the security of an organization’s software applications throughout their lifecycle. It includes guidelines for secure coding practices, vulnerability testing, and access control.

Cryptography and Key Management Policy

This policy outlines the requirements and guidelines for using cryptography to protect an organization’s information assets and systems. It includes guidelines for key generation, storage, and distribution.

Information Access Management Policy

This policy outlines the requirements and guidelines for managing access to an organization’s information assets and systems. It includes guidelines for access control, authentication, and authorization.

Facility Access Control Policy

This policy outlines the requirements and guidelines for controlling access to an organization’s facilities, such as offices, data centers, and other physical locations. It includes guidelines for access control, surveillance, and monitoring.

Information Privacy Policy

This policy outlines the requirements and guidelines for protecting the privacy of an organization’s information assets and systems. It includes guidelines for data collection, use, and disclosure, as well as compliance with privacy laws and regulations.

Incident Response Plan (IRP) Policy

This policy outlines the requirements and guidelines for responding to security incidents and breaches. It includes guidelines for incident reporting, escalation, investigation, and resolution.

Network Security Policy

This policy outlines the requirements and guidelines for securing an organization’s network infrastructure, including routers, switches, and firewalls. It includes guidelines for access control, segmentation, and monitoring.

Vulnerability Management Policy

This policy outlines the requirements and guidelines for identifying, assessing, and mitigating vulnerabilities in an organization’s information assets and systems. It includes guidelines for vulnerability scanning, patch management, and risk prioritization.

Physical Security Policy

This policy outlines the requirements and guidelines for securing an organization’s physical assets and facilities, such as buildings, servers, and equipment. It includes guidelines for access control, surveillance, and monitoring.

Cloud Security Policy

This policy outlines the requirements and guidelines for securing an organization’s cloud-based information assets and systems. It includes guidelines for data protection, access control, and compliance with cloud service provider agreements.

Incident Communication Plan Policy

This policy outlines the requirements and guidelines for communicating with stakeholders during and after security incidents and breaches. It includes guidelines for incident notification, communication channels, and message content.

Bring Your Own Device (BYOD) Policy

This policy outlines the requirements and guidelines for allowing employees to use their personal devices, such as smartphones and tablets, to access an organization’s information assets and systems. It includes guidelines for access control, data protection, and device management.

Data Backup and Recovery Policy

This policy outlines the requirements and guidelines for backing up an organization’s data and systems, and for recovering from data loss or system failure. It includes guidelines for data backup frequency, retention, and testing.

Social Engineering Policy

This policy outlines the requirements and guidelines for protecting an organization’s information assets and systems from social engineering attacks, such as phishing and pretexting. It includes guidelines for employee education, awareness, and reporting.

Incident Reporting and Investigation Policy

This policy outlines the requirements and guidelines for reporting and investigating security incidents and breaches. It includes guidelines for incident categorization, severity assessment, and investigation procedures.

Change Management Policy

This policy outlines the requirements and guidelines for managing changes to an organization’s information assets and systems. It includes guidelines for change request submission, review, approval, and implementation.

Privacy Breach Notification Policy

This policy outlines the requirements and guidelines for notifying affected individuals and authorities in the event of a privacy breach. It includes guidelines for incident assessment, notification timing, and message content.

Cybersecurity Risk Assessment Policy

This policy outlines the requirements and guidelines for assessing and managing cybersecurity risks to an organization’s information assets and systems. It includes guidelines for risk identification, analysis, evaluation, and treatment.

Third-Party Security Policy

This policy outlines the requirements and guidelines for managing the security risks associated with third-party vendors, suppliers, and contractors. It includes guidelines for risk assessment, due diligence, contract negotiation, and monitoring.

Incident Recovery Plan (IRP) Policy

This policy outlines the requirements and guidelines for recovering from security incidents and breaches, including restoring systems and data, and resuming operations. It includes guidelines for recovery planning, testing, and validation.

Cloud Service Provider Management Policy

This policy outlines the requirements and guidelines for managing the security risks associated with cloud service providers. It includes guidelines for service provider selection, contract negotiation, monitoring, and audit.

Intellectual Property Policy

This policy outlines the requirements and guidelines for protecting an organization’s intellectual property, including patents, trademarks, and copyrights. It includes guidelines for asset identification, classification, and protection.

Security Monitoring and Event Management Policy

This policy outlines the requirements and guidelines for monitoring an organization’s information assets and systems for security events and incidents, and for managing the response. It includes guidelines for monitoring tools, event detection, and response procedures.

Internet Usage Policy

This policy outlines the requirements and guidelines for managing employee use of the internet, including acceptable use, access control, and monitoring. It includes guidelines for employee education and awareness.

Incident Post-Mortem Policy

This policy outlines the requirements and guidelines for conducting post-mortem reviews of security incidents and breaches, and for identifying and implementing improvements to prevent future incidents. It includes guidelines for review scope, team composition, and reporting.

TEK TRAINING SOLUTIONS INC.

1000 N West Street,
Wilmington, DE 19801
United States

(302) 295-4832
Mon – Fri 8:00am – 5:30pm

Proudly Powered by WordPress