1. What well-known benchmarks, standards, frameworks, industry associations, vendor security guidelines, and best practices were used in producing your documents?

All of FLANK's information security and regulatory compliance policies, procedures, forms, checklists, provisioning and hardening documents – and more - incorporate notable provisions from some of the most well-known benchmarks, standards, frameworks, industry associations and vendor security guides, such as the following:

  • ISO 27001 | 27002 framework
  • Information Technology Infrastructure Library (ITIL)
  • COBIT | Control Objectives for Information and Related Technologies
  • COSO | Committee of Sponsoring Organizations of the Treadway Commission
  • NIST SP 800 Publications (Approximately 100 + publications)
  • Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) | Unclassified Documents
  • United States Computer Emergency Readiness Team (US CERT)
  • CIS Security Benchmarks Division
  • NIST National Vulnerability Database
  • Open Source Vulnerability Database
  • Common Configuration Enumeration (CCG)
  • Common Vulnerabilities and Exposures CVE
  • Cloud Security Alliance (CSA)
  • Cloud Industry Forum (CIF)
  • SANS Institute
  • Open Web Application Security Project (OWASP)
  • Vendor specific setup, configuration and hardening guides for all major network devices, operating system, databases, web servers, and more.

Additionally, FLANK provides specialized consulting services for many areas within information security, along with developing customized information security policies and procedures for your organization, so contact us today to discuss your needs.