Download Free ISO 27001 Information Security Strategic Priorities Checklist

1. Assessing and protecting key information assets and critical infrastructure, including interdependent physical and cyberinformation systems.
2. Limiting the risk to enterprise assets through the use of administrative, technology, and physical means.
3. Ensuring privacy of information related to employees, partners, and customers.
4. Ensuring the enterprise is compliant with all required regulations and other regulations that may affect clients and partners.

Download Free Information Security Policy Assessment Checklist

1. Is there an executive directive/statement to ensure there is an information security architecture that includes risk, governance, ethics, compliance, privacy, and protection of enterprise assets? Are enterprise roles, responsibilities, and accountabilities defined? Are the executive team and the board of directors on the same page?
2. Are there data/information requirements stating that it must be available, accessed by need to know or have, and in the most accurate format?
3. Are staff required to acknowledge policies on new hire and termination, and at regular intervals? Are the staff types of enterprise network access defined? Is an enterprise asset defined?
4. What types of services and applications are permitted on the enterprise network, who is permitted to perform the installs and removals, and who is permitted to perform the monitoring? How are connections (hardwired, wireless, remote) defined to the enterprise network?

Download Free Information Security Policy Architecture Project

1. Selecting an information security policy architecture development/review team. The size of the team will vary depending on the organization size. A suggestion for the policy development team would be as follows:
a. Senior administrator (servers, network devices);
b. Management team member who will be assisting with enforcement;
c. Counsel team member;
d. Internal audit team member;
e. User community member (this person could be the policy interpreter before implementing into the enterprise);
f. Writer—a technical writer, if possible.

Download Free Information Security Baseline Checklist

- What specific information/data will be collected and why?
- What are the business drivers/requirements for the collected information/data?
- When and how will that information/data be collected?
- Who will be responsible for the collection and disbursement of the information/data collected?

Download Free Information Security Awareness Implementation Checklist

Best to get them when they are fresh
Most companies have an induction process whereby they give new employees pension details and show them where the toilet is.Try and get information security included in the induction process. My last few organizations offered:

A short (one hour) “first day” induction session by HR
Get a five-slide show together on passwords, viruses, and the like and then coach the HR people on how to deliver it.

A company induction day, conducted with a group of new employees a couple of months after hire