We use cookies to deliver you the best experience on our website. By continuing to use our website, you consent to our cookie usage and revised Privacy Statement.

Filter By:

Type

Topic

Recent Blogs & Podcasts

Tools & Templates

\ Tools & Templates 

Our collection of tools, toolkits, templates, checklists, matrices and maps provides assistance for tackling specific InfoSec initiatives. Developed by industry experts, these materials offer step-by-step guidance on approaching and completing common tasks.

IANS Tools & Templates



August 15, 2018 | DevOps Organization and Strategy

 DevSecOps Workflow

DevOps is about changing how we think and work to accommodate the scale and speed of today’s cloud-based solutions. This “Shift Left” DevSecOps workflow provides a roadmap for ensuring security teams are also immersed in this new way of thinking and working. 

Read More »


August 3, 2018 | AppDev Frameworks

 Container Security Checklist

Several security elements are the same for both container-based design and traditional use of virtual machines, but they have some fundamental differences as well. This checklist steps through the process of hardening the container host system, securing the daemon, implementing network management and more.

Read More »


August 2, 2018 | Data Classification

 RFP Template for Data Tagging

This document provides an easy-to-customize template for a request for proposal (RFP) that can be used to evaluate data tagging and classification vendors.

Read More »


July 30, 2018 | Vendor and Partner Management

 Security Tool Optimization Workflow

When planning a project to optimize and streamline security vendors and tools, it’s key to have a strategy. This workflow is designed to help you evaluate existing security tools and vendors, and plan for a more lean, efficient security tool strategy in the future. For more, see Optimize Your Vendor Toolset.

Read More »


July 19, 2018 | Incident Response Planning

 Tabletop Scenario Templates

This document contains templates for six tabletop scenarios designed to test an organization's incident response plan across several key incident types, from ransomware and denial-of-service attacks to lost/stolen mobile devices and more. 

Read More »


June 13, 2018 | Risk Management

 Risk Acceptance Template

This template for a risk acceptance memo is designed both to drive discussion, and provide an opportunity for business stakeholders (e.g., the system owner, business owner, etc.) to understand and perhaps even challenge the associated risk assumptions, constraints and calculations.

Read More »


June 6, 2018 | Budgeting

 Security Spend Guideline

This table shows what most organizations consider a security spend vs. spending for other departments (IT, operations, network, etc.). While there are no hard-and-fast rules, this table provides a general, time-tested guideline.

Read More »


May 30, 2018 | Incident Investigations, Handling and Tracking

 Incident Cheat Sheet: When to Contact Law Enforcement

In the heat of an incident, it can be difficult to determine if/when law enforcement notification is required. This cheat sheet provides a list of common security incident types along with the required/suggested external party that should be involved with each. 

Read More »