- Awaiting Tech Board next month, so I apologize for using this board in advance.
I am looking for a non-proprietary checklist to review new products or services my organization is putting into production.
I am looking for data security, access, and cloud location questions to make sure we gate all of these items for security concerns before they go into production. Please contact me if you have something you can share. I appreciate it.
I do not wish to reinvent this wheel and I have not found any resources online as of yet.
If you have Information Security or InfoSec questionnaires from clients, start there. Many questionnaires have evolved into highly complex, in depth, multi-tabbed nightmares for InfoSec practitioners to fill out. Problem is most of the time are covered by BAAs and NDAs which is one reason your likely not getting people sending you their excel spreadsheets.
Second reason would be the use of that 'c' word is likely cutting your search results down to a very small sample. Many practitioners consider the 'c' word to be slang or part of some hype machine used by the ignorant or politicians. Great for schools and government types.
Use your favorite search engine and try this transom: Information Security infrastructure checklist
Lots of examples to peruse.
You could look at something like this: http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/cybersecurity-guidance-for...
Or ISO27001: https://www.iso.org/isoiec-27001-information-security.html
Or this: https://www.asd.gov.au/infosec/top-mitigations/mitigations-2017-table.html
And, use something from these as the basis for your checks. In the end we built our own set from these and other areas that are specific to the organisation.
Adam