Last Revision: October 1, 2017
SecureTheVillage’s Guide of Basic IT Information Security Management Practices supports our mission of a CyberSecure Los Angeles.
The Guide is designed to meet one of the most pervasive challenges we face in securing our organizations’ sensitive and critical information: The often wide gap — the all too frequent language barrier — between an IT organization and the executive to whom the IT function reports. Too often this gap results in basic information security management security practices not being followed. The result is increased vulnerability to cybercrime and other kinds of cyber-risk.
The Guide describes those basic few that are most necessary in preventing cybercrime and other cyber incidents. It’s designed to provide the greatest gain for the buck in protecting the IT network. It’s also designed so that if you leave anything out, your cyber risk goes up significantly. Think of the Guide as the 20% of expenditures that gives you 80% of the value.
Notwithstanding that the Guide is based upon information security management best practices, the Guide is not intended as a set of best practices. The Guide is a set of basic IT security management practices. These critical practices are so essential that a failure to implement them puts the organization at significant risk of a costly — often fatal — information security incident. Not following the Guide is the equivalent of drinking and driving.
SecureTheVillage is providing the Guide to the community as a public service.
- We encourage IT organizations to review the Guide and implement those parts of the Guide that they may not yet be following.
- We encourage executives who manage the IT management function to expect their IT organization (whether internal or outsourced) to meet the Guide.
- And we encourage everyone who might find the Guide useful or valuable — especially IT vendors and MSPs — to join with us. Our community is under cyber attack. We need to educate and train our ‘village,’ not just in the Guide but in all the other things that people must know to adapt to this new cyber-reality. We need your assistance and support. Help spread the word to your staff, your customers and clients, your vendors, your Board. Join the village.