We use cookies to deliver you the best experience on our website. By continuing to use our website, you consent to our cookie usage and revised Privacy Statement.

Filter By:

Type

Topic

Recent Blogs & Podcasts

Tools & Templates

\ Tools & Templates 

Our collection of tools, toolkits, templates, checklists, matrices and maps provides assistance for tackling specific InfoSec initiatives. Developed by industry experts, these materials offer step-by-step guidance on approaching and completing common tasks.

IANS Tools & Templates



June 13, 2018 | Risk Management

 Risk Acceptance Template

This template for a risk acceptance memo is designed both to drive discussion, and provide an opportunity for business stakeholders (e.g., the system owner, business owner, etc.) to understand and perhaps even challenge the associated risk assumptions, constraints and calculations.

Read More »


June 6, 2018 | Budgeting
By Rich Guida, IANS Faculty

 Security Spend Guideline

This table shows what most organizations consider a security spend vs. spending for other departments (IT, operations, network, etc.). While there are no hard-and-fast rules, this table provides a general, time-tested guideline.

Read More »


May 30, 2018 | Incident Investigations, Handling and Tracking
By Bill Dean, IANS Faculty

 Incident Cheat Sheet: When to Contact Law Enforcement

In the heat of an incident, it can be difficult to determine if/when law enforcement notification is required. This cheat sheet provides a list of common security incident types along with the required/suggested external party that should be involved with each. 

Read More »


May 2, 2018 | Vulnerability Assessment and Management
By Dave Shackleford, IANS Faculty

 Vulnerability Management Process Workflow

In most organizations, vulnerability management is as difficult as it is critical. This tool is designed to clarify the process by providing a basic vulnerability management workflow, including all steps and participants. 

Read More »


April 30, 2018 | Privacy
By George Gerchow, IANS Faculty

 GDPR-Compliant Privacy Policy Template

This is a template for a very mature privacy policy that covers General Data Protection Regulation (GDPR) Articles 4, 9, 14, 17 and 30. It is designed to clearly communicate how much the company cares about data privacy, what kind of data it potentially handles and how users/customers can delete it. 

Read More »


April 11, 2018 | Threat Intelligence and Modeling
By Bill Dean, IANS Faculty

 Threat Intelligence Checklist

The ability to obtain and effectively leverage quality threat intelligence is no longer optional for today’s information security teams. This checklist steps  through the process of choosing the right feeds, integrating the data and ensuring you successfully leverage threat intel to proactively detect/prevent attacks.

Read More »


March 26, 2018 | Incident Response Planning
By Kevin Beaver, IANS Faculty

 IR in the Cloud Checklist

Incident response (IR) is never easy, but responding quickly and effectively to an incident when key evidence is housed and managed by a cloud vendor can be even more difficult. This checklist steps through the process of creating  effective, efficient IR in the cloud.

Read More »


March 22, 2018 | Cloud Network and Host Controls
By Dave Shackleford, IANS Faculty

 IANS Decision-Maker: IaaS Security Controls

For security teams, choosing security controls in the cloud can be daunting at best, and incredibly frustrating at worst. This tool is designed to help security teams make decisions on which solutions and controls make the most sense when moving workloads into IaaS environments.

Read More »