Digital Security Program



The Digital Security Program (DSP) is a product we developed for companies that need to comply with multiple requirements, but do not want to be locked into documentation that is formatted to conform with the taxonomy ISO 27002 or NIST 800-53. Essentially, the DSP is a “best in class” approach to security documentation.

  • Most popular product for organizations that must address more than just a single cybersecurity framework (e.g., NIST 800-53, ISO 27002 or NIST Cybersecurity Framework).
  • Maps to over 100 statutory, regulatory and contractual cybersecurity and privacy frameworks to create a hybrid approach to cybersecurity policies, standards, controls and metrics.
  • Provides 1-1 mapping with the Secure Controls Framework (SCF), so you can easily align your policies, standards and metrics with the controls you use from the SCF!
  • The DSP addresses more than just the “why?” and “what?” questions in an audit, since in addition to the core policies and standards that form the foundation for your cybersecurity program, the DSP comes with controls and metrics.

Our products are one-time purchases with no software to install – you are buying Microsoft Office-based documentation templates that you can edit for your specific needs. If you can use Microsoft Office or OpenOffice, you can use this product! While the DSP does come in Microsoft Word like the WISP, the included Excel version of the DSP comes with the following content so it is easy to import into a GRC solution (e.g., ZenGRC, RequirementONE, Archer, RSAM, MetricStream, etc.):

  • Policy statements
  • Policy intent
  • Control objectives
  • Standards
  • Guidance
  • Controls
  • Metrics – including suggested Key Performance Indicators (KPIs) &
  • Key Risk Indicators (KRIs)
  • Indicators of Compromise (IoC)
  • Indicators of Exposure (IoC)
  • Target Audience Applicability
  • Scoping – Basic or Enhanced Requirement
  • Recommended roles / teams with responsibility for each standard (basically a RACI for key stakeholders)
  • The DSP addresses the “why?” and “what?” questions in an audit, since policies and standards form the foundation for your cybersecurity program.
  • The DSP provides the underlying cybersecurity standards that must be in place, as stipulated by statutory, regulatory and contractual requirements.
  • Just as Human Resources publishes an “employee handbook” to let employees know what is expected for employees from a HR perspective, the DSP does this from a cybersecurity perspective.

The DSP consists of thirty-two (32) policies. Nested within these policies are the control objectives, standards and guidelines that make your security program run. The structure of the DSP makes is easy to add or remove policy sections, as your business needs change. The same concept applies to standards – you can simply add/remove content to meet your specific needs.