Last Revision: October 1, 2017
SecureTheVillage’s Code of Basic IT Information Security Management Practices supports our mission of a CyberSecure Los Angeles.
The Code is designed to meet one of the most pervasive challenges we face in securing our organizations’ sensitive and critical information: The often wide gap — the all too frequent language barrier — between an IT organization and the executive to whom the IT function reports. Too often this gap results in basic information security management security practices not being followed. The result is increased vulnerability to cybercrime and other kinds of cyber-risk.
The Code describes those basic few that are most necessary in preventing cybercrime and other cyber incidents. It’s designed to provide the greatest gain for the buck in protecting the IT network. It’s also designed so that if you leave anything out, your cyber risk goes up significantly. Think of the Code as the 20% of expenditures that gives you 80% of the value.
Notwithstanding that the Code is based upon information security management best practices, the Code is not intended as a set of best practices. The Code is a set of basic IT security management practices. These critical practices are so essential that a failure to implement them puts the organization at significant risk of a costly — often fatal — information security incident. Not following the Code is the equivalent of drinking and driving.
SecureTheVillage is providing the Code to the community as a public service.
- We encourage IT organizations to review the Code and implement those parts of the Code that they may not yet be following.
- We encourage executives who manage the IT management function to expect their IT organization (whether internal or outsourced) to meet the Code.
- And we encourage everyone who might find the Code useful or valuable — especially IT vendors and MSPs — to join with us. Our community is under cyber attack. We need to educate and train our ‘village,’ not just in the Code but in all the other things that people must know to adapt to this new cyber-reality. We need your assistance and support. Help spread the word to your staff, your customers and clients, your vendors, your Board. Join the village.