Horváth Attila
$80/hr
Senior information security and compliance professional (ISO 27001, PCI-DSS, HIPAA, SOC2)
- Reply rate:
- -
- Availability:
- Hourly ($/hour)
- Location:
- Budapest, Budapes, Hungary
- Experience:
- 18 years
The information security and privacy policy set are available based on requirements and controls defined
in the NIST Cybersecurity Framework or the ISO 27001:2013 standard. The documents have been audited
by Big4 auditors and helped several companies to pass audits and become compliant with major security
and compliance frameworks.
Information Security and Privacy Management documents
Information Security and Privacy Management
Program
The purpose of the document to establish the high-level
security and privacy program defining the deliverables,
roles, and responsibilities.
Information Security Policy
The main governing policy defining the information
security safeguards of the company
Governance, Risk Management and
Compliance Policy
A high-level policy defining the contractual and
regulatory requirements and how the company will
comply with the requirements
Personal Data Protection Policy
The main governing policy for protecting PII and private
data handled by the company
Information Security Risk Management Policy
A comprehensive risk management and assessment
policy built on the NIST 800-30 Special Publication
Topic specific security policies and procedures
Acceptable Use Policy
Defining the do’s and don’ts for employees and
contractors
Access and Account Management Policy
How user accounts and accesses are managed,
including the joiner, movers, leavers process
Asset Disposal and Sanitization Policy
The rules of asset disposal
Asset Management and Classification Policy
Asset identification and categorization
Business Continuity Plan
Preparing the company for disruptive events
Change Management Policy
How IT systems related changes are managed and
documented
Data Encryption Policy
Defining how encryption is applied
Data Retention and Destruction Policy
Defining data retention rules
Disaster Recovery Plan
How to coop with disruptive events from the technical
side
Data Breach Notification and Response Policy
Complying with NY SHIELD required data breach
notification
Incident Response Plan
How to respond to cyber security attacks
Information Security Awareness and Training
Policy
How and what to train the employees and contractors to
raise cybersecurity awareness
Mobile Device and remote access management How mobile device are managed (phones, laptops) and
how remote work is managed
HR Security Policy
How screening is done
Physical Security Policy
Defining the protection requirements of the company’s
premises
Secure Configuration and System Hardening
Policy
Defining the secure configuration requirements for the
systems
Security Audit and Monitoring Policy
Defining logging and audit monitoring requirements
System and Data Protection Policy
Defining the system and data protection requirements
Third Party Security Management Policy
How to assess and manage vendor related risks
Vulnerability and patch management Policy
How to identify vulnerabilities and fix them
Tools (Excel-based tools part)
Risk Assessment Tool
A comprehensive risk assessment tool
Asset register tool
Identifying and categorizing information assets
Business Impact Analysis tool
Identifying critical business procedures and
dependencies
