Creating your Organizational Cybersecurity Plan

This Handbook was written with a simple goal in mind: to help your organization develop an understandable and implementable cybersecurity plan. A well-crafted and updated organizational security plan can both keep you safe and make you more effective by providing the peace of mind needed to focus on your organization’s important day-to-day work. If you have not yet, take a moment to read the introduction to the Handbook to learn about security plans and why your organization should have one.

Read the Introduction


While every organization’s security plan will look a little bit different based upon its risk assessment and organizational dynamics, certain core concepts are nearly universal.

This Handbook addresses these essential concepts in a way that will help your organization build a concrete security plan based upon practical solutions and real-world applications.

This Handbook endeavors to provide options and suggestions that are free or very low cost. Keep in mind that the most significant cost associated with implementing an effective security plan will be the time you and your organization need to talk about, learn, and implement your new plan. Given the risks your organization is likely to face, though, this investment will be more than worth it.

In each section, you will find an explanation of a key topic that your organization and its staff should be aware of - what it is and why it is important. Each topic is paired with essential strategies, approaches, and recommended tools to limit your risk and tips and links to additional resources that can help you implement such recommendations across your organization.

Security Plan Starter Kit

purple building block

Get the Starter Kit!

To help your organization process the Handbook’s lessons and turn them into a real plan, make use of this starter kit. You can either print out the kit or fill it in digitally while you read the Handbook online. As you take notes and begin to update or craft your security plan, be sure to reference the “Security Plan Building Blocks” detailed in each section. No security plan is complete without, at minimum, addressing these essential elements.


The key topics are


megaphone silhouette

Take advantage of other resources that can help you build and implement your plan as well. As a Civil Society organization, the free SOAP (“Securing Organizations with Automated Policymaking”) app can help simplify and automate the creation of your security plan. Also make use of free training resources like Consumer Reports’ Security Planner, the Umbrella app from Security First, the Totem Project from Free Press Unlimited and Greenhost, and the Global Cyber Alliance Cybersecurity Toolkit for Mission-Based Organizations which include resources on many of the best practices mentioned in this Handbook and links to dozens of training tools to help you implement many core basics.