Security & Privacy By Design

$3,200.00

The SPBD is an editable Microsoft Word document that providers program-level guidance to directly supports your company’s policies and standards for ensuring secure engineering and privacy principles are operationalized.

SKU: P09-SPBD Category: Tag:

Description

  • The SPBD is an editable Microsoft Word document that providers program-level guidance to directly supports your company’s policies and standards for ensuring secure engineering and privacy principles are operationalized.
  • This product addresses the “how?” questions for how your company ensures both security and privacy principles are operationalized.
    • It is a reality that most companies have either weak or non-existent guidance on how security or privacy principles are implemented.
    • The lack of operationalized security & privacy principles can lead to compliance deficiencies with many statutory, regulatory and contractual obligations.
    • NIST 800-160 is the “gold standard” on how to build security into the System Development Life Cycle (SDLC)
  • The concept of “secure engineering” is mandatory in numerous statutory, regulatory and contractual requirements.
    • The SPBD provides a “paint by numbers” approach to ensure your company has evidence of both due care and due diligence for operationalizing security and privacy principles.
    • The CIRP is based on numerous frameworks, but the core principles are based on NIST 800-160 and the Generally Accepted Privacy Principles (GAPP) which are the de facto standards on security and privacy design principles.

Security & Privacy By Design

With the European Union General Data Protection Regulation (EU GDPR) on the near horizon in 2018, companies doing business with citizens of the European Union have an obligation to demonstrate they implement both Security by Design (SbD) and Privacy by Design (PbD). Unfortunately, most businesses lack the knowledge and experience to undertake such documentation efforts. That means businesses are faced to either outsource the work to expensive consultants or they ignore the requirement and hope they do not get in trouble for being non-compliant with this compliance requirement. In either situation, it is not a good place to be. The good news is that ComplianceForge developed a viable cybersecurity and privacy program that is based on NIST 800-160 guidance for security by design and OASIS for privacy by design.

Cybersecurity & Privacy By Design – Program Level Privacy & Security Documentation

The SPBD can serve as a foundational element in your organization’s privacy program. It can stand alone or be paired with other specialized products we offer.

Cybersecurity and privacy do not need to be hard. The Security & Privacy By Design (SPBD) document is meant to simplify how security and privacy can be operationalized in a “paint by numbers” approach. This product is comprised of editable Microsoft Word and Excel documentation so you can customize it for your specific needs.

Please keep in mind that security & privacy engineering principles are widely expected activities:

  • European Union General Data Protection Regulation (EU GDPR)
  • NIST 800-53
  • NIST Cybersecurity Framework
  • ISO 27002
  • Defense Federal Acquisition Regulations Supplement (DFARS) 252.204-7012 (NIST 800-171)
  • Federal Acquisition Regulations (FAR) 52.204-21 – 4
  • National Industrial Security Program Operating Manual (NISPOM)
  • SOC2
  • New York State Department of Financial Service (DFS)
  • Payment Card Industry Data Protection Standard (PCI DSS)
  • Center for Internet Security Critical Security Controls (CIS CSC)
  • Generally Accepted Privacy Principles (GAPP)

What Is The Security & Privacy by Design (SPBD)?

Our products are one-time purchases with no software to install – you are buying Microsoft Office-based documentation templates that you can edit for your specific needs. If you can use Microsoft Office or OpenOffice, you can use this product! The SPBD comes in both editable Microsoft Word and Excel formats. The SPBD is capable of scaling for any sized company.

  • The SPBD is an editable Microsoft Word document that providers program-level guidance to directly supports your company’s policies and standards for ensuring secure engineering and privacy principles are operationalized.
  • This product addresses the “how?” questions for how your company ensures both security and privacy principles are operationalized.
    • It is a reality that most companies have either weak or non-existent guidance on how security or privacy principles are implemented.
    • The lack of operationalized security & privacy principles can lead to compliance deficiencies with many statutory, regulatory and contractual obligations.
    • NIST 800-160 is the “gold standard” on how to build security into the System Development Life Cycle (SDLC)
  • The concept of “secure engineering” is mandatory in numerous statutory, regulatory and contractual requirements.
    • The SPBD provides a “paint by numbers” approach to ensure your company has evidence of both due care and due diligence for operationalizing security and privacy principles.
    • The CIRP is based on numerous frameworks, but the core principles are based on NIST 800-160 and the Generally Accepted Privacy Principles (GAPP) which are the de facto standards on security and privacy design principles.

What Problem Does The SPBD Solve?

  • Lack of In House Security Experience – Writing cybersecurity & privacy documentation is a skill that most cybersecurity professionals simply are not proficient at and avoid the task at all cost. Tasking your security analysts and engineers to write comprehensive procedure documentation means you are actively taking them away from protecting and defending your network, which is not a wise use of their time. The SPBD is an efficient method to obtain comprehensive guidance documentation to implement cybersecurity and privacy principles within your organization!
  • Compliance Requirements – EU GDPR requires companies that store, process or transmit the personal information of EU citizens to ensure that both cybersecurity and privacy principles are built into processes by default. Can you prove how cybersecurity & privacy principles are implemented?
  • Audit Failures – Security documentation does not age gracefully like a fine wine. Outdated documentation leads to gaps that expose organizations to audit failures and system compromises. The SPBD provide mapping to leading security and privacy frameworks to show you exactly what is required to both stay secure and compliant.
  • Vendor Requirements – It is very common for clients and partners to request evidence of a security program and this includes policies, standards and procedures. With EU GDPR, vendors and other partners will be expected to demonstrate evidence of compliance with the EU GDPR.

How Does The SPBD Solve It?

  • Clear Documentation – The SPBD provides a comprehensive approach to operationalizing both cybersecurity and privacy principles. This equates to a time saving of hundreds of hours and tens of thousands of dollars in staff and consultant expenses!
  • Time Savings – The SPBD can provide your organization with a templated solution that requires minimal resources to fine tune for your organization’s specific cybersecurity and privacy needs.
  • Alignment With Leading Practices – The SPBD is written to support leading cybersecurity and privacy frameworks!