This handbook was prepared with one simple goal in mind: to help your organization develop an understandable and implementable cybersecurity plan. A well-crafted and up-to-date organizational security plan reinforces an organization's safety and effectiveness, providing the peace of mind employees need to focus on the important daily work they need to do. If you haven't already, take a moment to read the introduction to the Handbook to learn more about security plans and why your organization needs to have one.
While every organization's security plan will look slightly different based on their risk assessment and organizational dynamics, certain basic concepts are nearly universal.
This handbook addresses these essential concepts in a way that helps your organization create a concrete security plan based on practical solutions and real-world applications.
The manual seeks to offer free or very low cost options and suggestions. Remember, the most significant cost associated with implementing an effective security plan will be the time you and your organization need to talk, learn, and implement your new plan. However, considering the risks your organization is likely to face, this investment will be well worth it.
In each section, you'll find an explanation of a key topic that your organization and your team should know about: what it is and why it matters. Each topic is paired with recommended strategies, approaches, and tools that are essential for limiting your risk, as well as tips and links to additional resources that can help you implement these recommendations in your organization.
To help your organization process the manual's lessons and turn them into a real plan, use this starter kit. You can print the kit or fill it out digitally while reading the online manual. As you take notes and begin to update or build your security plan, be sure to refer to the “Basic Components of the Security Plan” detailed in each section. No security plan is complete without, at a minimum, addressing these essential elements.