We use cookies to deliver you the best experience on our website. By continuing to use our website, you consent to our cookie usage and revised Privacy Statement.

Filter By:

Type

Topic

Recent Blogs & Podcasts

Tools & Templates

\ Tools & Templates

 

Our collection of tools, toolkits, templates, checklists, matrices and maps provides assistance for tackling specific InfoSec initiatives. Developed by industry experts, these materials offer step-by-step guidance on approaching and completing common tasks.

IANS Tools & Templates



October 17, 2017 | Recruiting, Hiring and Retention

 Information Security Job Description Templates

With the information security workforce shortage projected to reach 2-3 million over the next few years, organizations are putting a greater emphasis on their recruiting process to better fill out their security teams. Use these sample infosec job descriptions to set the foundation for role expectations and attract the most highly qualified professionals to your organization. 

Read More »


October 16, 2017 | Penetration Testing and Red Teaming

 Penetration Testing Request-for-Quote (RFQ) Template

Contracting with third-parties for penetration tests -- against both internal and externally facing resources -- is an important part of security. This RFQ is a template for identifying and selecting highly qualified vendors for the services of network and application penetration testing. 

Read More »


October 16, 2017 | Risk Management

 Employee Termination Checklist

Former employees at many organizations still have access to corporate applications after they leave their jobs. Even the most basic security missteps can leave an organization vulnerable to unauthorized access or breaches long after an employee leaves a job. This checklist offers information security best practices and actions to take when an employee leaves an organization.

Read More »


October 16, 2017 | Endpoints

 Endpoint Protection Vendor Checklist

Current endpoint security products have a much more complicated job to do than antivirus ever did, and there’s no shortage of technologies on the market today to choose from. Regardless of the vendor, when considering an endpoint protection product, use this feature checklist to make sure you’re covering all your bases.

Read More »


October 16, 2017 | Security Policies and Strategy

 SOC Maturity Matrix

For security organizations, understanding where you stand from a maturity perspective can offer valuable insight into which processes and procedures need to be improved. These charts depict specific processes and procedures within information security mapped to the various stages of maturity within IANS' CISO Impact framework. 

Read More »


October 16, 2017 | Endpoints

 Infosec Quick-Wins Checklist

There's nothing more frustrating than investing in the latest security technologies and "solutions" only to find that a few simple process changes would have accomplished the same things at far less cost. This checklist offers a number of low-cost, high-impact tips for improving your organization's security posture.

Read More »


October 16, 2017 | Penetration Testing and Red Teaming

 Penetration Test Preparation Checklist

Penetration tests are risk-oriented and consist of activities ranging from vulnerability assessment to post-exploitation. Establishing specific test goals helps ensure the test meets expectations, and these questions should always be addressed during the scoping process. 

Read More »


October 16, 2017 | Security Information and Event Management (SIEM) and Log Management

 SIEM Strategy Checklist

SIEM products represent a major investment in time and money, and deciding which one is right for a given enterprise is a complex process. With the stakes for selecting the right system so high – and the penalties for bad SIEM decisions so onerous – it’s vital that security professionals carefully consider a number of key factors. To take some of the mystery and risk out of the process, use this checklist as your guide to making the correct SIEM choice for your organization.

Read More »


October 16, 2017 | Enterprise and IT Compliance Management

 Critical Security Controls (CSC) Assessment Tool

One way to assess organizational maturity around information security is to use the CIS Critical Security Controls (CSC). Use this tool to perform an initial assessment of your maturity level and track your progress on what percentage of CSC your organization is currently following. 

Read More »