InfoSec Tools & Guides

Each downloadable piece featured below is a fully-detailed, actionable resource that's part of a larger collection of infosec content available to our clients in the IANS Insights Portal.

Tools and Templates icon
Tools and Templates

Security Policies and Strategy

Checklist: Preparing Authentication for GenAI Apps

by Jake Williams, IANS Faculty

Step two in a three-part series, this checklist breaks down factors for ensuring your authentication methods for GenAI applications. Factors include the data the application processes as well as the cost to the organization to answer services.

See Details
Tools and Templates icon
Tools and Templates

Security Policies and Strategy

Checklist: RBAC Schema Assessment for GenAI Apps

by Jake Williams, IANS Faculty

Step three in a three-part series, this checklist breaks down factors for product owners to identify sensitive data, evaluate roles and map roles to data access.

See Details
Tools and Templates icon
Tools and Templates

Security Policies and Strategy

5 Key Steps to Mapping External Exposure of GenAI Applications

by Jake Williams, IANS Faculty

Step one in a three-part series, this template breaks down the process of assessing your external exposure from generative AI applications adopted by your organization.  

See Details
Report icon
Report

Team Structure and Management

Retaining and Hiring CISOs and Security Leaders in 2024

by IANS Faculty

IANS and Artico Search surveyed more than 660 CISOs as part of the 2023 CISO Compensation and Budget Survey. Retaining and Hiring CISOs and Security Leaders in 2024 compiles the findings of that survey into key data points that hiring leaders should keep in mind during the recruitment process.

See Details
Report icon
Report

Metrics and Reporting

Tips for Creating Effective Executive Dashboards

by Jessica Hebenstreit, IANS Faculty

This report explains the key ingredients of an effective executive-level dashboard and offers tips for building one.

See Details
Report icon
Report

Vulnerability Assessment and Management

IANS Vulnerability and Breach Update: Q2 2024

by Mike Saurbaugh, IANS Faculty

In this quarterly research report, IANS updates you on the top vulnerabilities and breaches from the past quarter and provides some real-world context and perspective.

See Details
Tools and Templates icon
Tools and Templates

Governance, Risk Management and Compliance

Determine the Cost and Impact of a Security Breach

by Mike Saurbaugh, IANS Faculty

The financial effects of a data breach can range from losses due to business disruption and data exposure to regulatory fines, brand impacts and legal costs. This report highlights some recent statistics on breach costs and provides a process for determining breach costs specific to your organization.


See Details
Report icon
Report

Vendor Management

Develop and Promote Internal Talent To Senior Infosec Roles

by Anand Singh, IANS Faculty

Identifying top-tier talent and ensuring their advancement through coaching, development and promotion is essential to building a mature security organization. This report explores the various criteria that demonstrates whether an individual is ready for promotion or advancement.

See Details
Report icon
Report

Vendor Management

Cost vs. Complexity: A More Practical Two-Dimensional Vendor Analysis

by Josh More, IANS Faculty

This Report presents a different way to do two-dimensional analysis that aims to help you contextualize your decision to your specific environment/needs to help you determine which vendors work best in certain types of companies and technology environments.

See Details
Guide icon
Guide

Vendor Management

Classic+ Vendor Management Policy Template

by Josh More, IANS Faculty

This Guide breaks the classic+ approach to vendor management, enabling your organization to draw from the benefits of the classic and modern approach that is less likely to trigger objections and concerns from others.

See Details
Guide icon
Guide

Malware and Advanced Threats

Third-Party Ransomware Incident Handling Playbook

by Jake Williams, IANS Faculty

Use this playbook to help your organization assess and mitigate impact in the event of a third-party vendor ransomware incident.

See Details
Guide icon
Guide

Third-Party Risk Management

TPRM Market Guide

by Wolfgang Goerlich and Josh More, IANS Faculty

In this Third Party Risk Management (TPRM) Guide, IANS breaks down the current state of the TPRM market to provide relevant recommendations for organizations looking to invest in a solution this year.

See Details
Tools and Templates icon
Tools and Templates

Governance, Risk Management and Compliance

Create Metrics To Use for Budgeting and Decision-Making

by Richard Seiersen, IANS Faculty

Creating metrics to support budgeting and decision-making requires a focus on threats, losses and return on controls (ROC). This report explains how to use a cyber-risk quantification (CRQ) process to create metrics that resonate with the board and senior leadership.


See Details
Tools and Templates icon
Tools and Templates

Governance, Risk Management and Compliance

SEC Cyber Disclosure Checklist

by Josh More, IANS Faculty

This checklist provides a streamlined list of requirements that take effect 30 days following publication of the adopting release in the Federal Register, allowing organizations to quickly assess any gaps that need to be addressed.

See Details
Report icon
Report

Governance, Risk Management and Compliance

IANS Security, Privacy and Compliance Law Update: Q1 2024

by Rebecca Herold, IANS Faculty

This Report provides updates on emerging international compliance laws and regulations that impact the information security and privacy communities.

See Details
Tools and Templates icon
Tools and Templates

Security Policies and Strategy

Data Protection and Classification Policy Template

by Kelli Tarala, IANS Faculty

This template is designed to help establish a workable data protection and classification policy in general, as well as to support PCI DSS compliance.

See Details
Guide icon
Guide

Security Policies and Strategy

AI Acceptable Use Policy Template

by Joshua Maret, IANS Faculty & Jason Garbis, IANS Faculty

Find best practices to help create and govern your organization’s policy on acceptable generative AI use cases.

See Details
Guide icon
Guide

Management and Leadership

8 Ways to Mitigate the Risks of ChatGPT and Generative AI

by Jake Williams, IANS Faculty

Identify and learn about the top risks of AI tools and find recommendations on how to mitigate those risks.

See Details
Report icon
Report

Management and Leadership

The State of the CISO, Canada, 2023–2024 Benchmark Report

by BY IANS + ARTICO

This benchmark report serves to help CISOs in Canada better assess their situations against those of their peers with country-specific data and analysis charting comp, security budgets and satisfaction levels. 

See Details
Webinar icon
Webinar

Penetration Testing

Are You Getting the Most of Your Pen Test Efforts?

by Ed Skoudis, IANS Faculty

This webinar replay, led by IANS Faculty Ed Skoudis, is ideal for anyone looking to learn more about how to maximize their upcoming pen testing efforts, and where IANS can play a role in that..

See Details
Tools and Templates icon
Tools and Templates

Security Policies and Strategy

Data Protection and Classification Policy Template

by Kelli Tarala, IANS Faculty

This template is designed to help establish a workable data protection and classification policy in general, as well as to support PCI DSS compliance.

See Details
Tools and Templates icon
Tools and Templates

Threat Detection and Hunt Teaming

Policy Narratives Template

by Joshua Marpet, IANS Faculty

In this Report, IANS Faculty define core processes, providing a comprehensive program description and enabling room to outline future goals.

See Details
Report icon
Report

Management and Leadership

The Compensation, Budget and Satisfaction Benchmark for Tech CISOs, 2023-2024

by BY IANS + ARTICO

This benchmark report serves to help CISOs in the tech sector better assess their situations against those of their peers. It offers breakouts for key subsectors, specifically, software, hardware and infrastructure, financial technology (fintech), healthcare tech, and cybersecurity vendors. 

See Details
Report icon
Report

Threats and Vulnerabilities

Modernize Your Phishing Program To Address Ransomware

by Summer Fowler, IANS Faculty

This report explains how a program that includes policy, technology, training, exercises and third-party validation can be an effective defense against both phishing and ransomware.

See Details
Report icon
Report

Threats and Vulnerabilities

Microsoft 365 Copilot: A Security Cost/Benefit Analysis

by Aaron Turner, IANS Faculty

This report contains firsthand experiences from a dozen IANS clients can shed light on how to best proceed with Microsoft 365 Copilot.

See Details
Guide icon
Guide

Webinar

Webinar Replay: Evaluate and Build a Roadmap for Securely Deploying Microsoft 365 Copilot

by Shannon Lietz, IANS Faculty

This webinar breaks down the security implications you need to be aware of and responsible options for MS Copilot usage should you choose to deploy it.

See Details
Tools and Templates icon
Tools and Templates

Governance, Risk Management and Compliance

SEC Cyber Disclosure Checklist

by Josh More, IANS Faculty

This checklist provides a streamlined list of requirements that take effect 30 days following publication of the adopting release in the Federal Register, allowing organizations to quickly assess any gaps that need to be addressed.

See Details
Guide icon
Guide

Governance, Risk Management and Compliance

Tips for Reducing AI Risk

by Joshua Marpet, IANS Faculty

This report explains some measures that can be taken to minimize the risk of AI use, abuse and accidents impacting reputation or revenue.

See Details
Report icon
Report

Governance, Risk Management and Compliance

IANS Security, Privacy and Compliance Law Update: Q4 2023

by Rebecca Herold, IANS Faculty

This Report provides updates on emerging international compliance laws and regulations that impact the information security and privacy communities.

See Details
Report icon
Report

Vendor Management

Cost vs. Complexity: A More Practical Two-Dimensional Vendor Analysis

by Josh More, IANS Faculty

This Report presents a different way to do two-dimensional analysis that aims to help you contextualize your decision to your specific environment/needs to help you determine which vendors work best in certain types of companies and technology environments.

See Details
Guide icon
Guide

Vendor Management

Classic+ Vendor Management Policy Template

by Josh More, IANS Faculty

This Guide breaks the classic+ approach to vendor management, enabling your organization to draw from the benefits of the classic and modern approach that is less likely to trigger objections and concerns from others.

See Details
Guide icon
Guide

Third-Party Risk Management

TPRM Market Guide

by Wolfgang Goerlich and Josh More, IANS Faculty

In this Third Party Risk Management (TPRM) Guide, IANS breaks down the current state of the TPRM market to provide relevant recommendations for organizations looking to invest in a solution this year.

See Details
Guide icon
Guide

Malware and Advanced Threats

Third-Party Ransomware Incident Handling Playbook

by Jake Williams, IANS Faculty

Use this playbook to help your organization assess and mitigate impact in the event of a third-party vendor ransomware incident.

See Details
Report icon
Report

Vulnerability Assessment and Management

IANS Vulnerability and Breach Update: Q4 2023

by Mike Saurbaugh, IANS Faculty

In this quarterly research report, IANS updates you on the top vulnerabilities and breaches from the past quarter and provides some real-world context and perspective.

See Details
Guide icon
Guide

Security Awareness, Phishing, Social Engineering

Security Awareness Blog Templates

by IANS Faculty

This template serves as a baseline breakdown of security, it’s role within your organization, and steps employees should take to ensure they aren’t exposing your organization to unnecessary risk.

See Details
Guide icon
Guide

Security Policies and Strategy

AI Acceptable Use Policy Template

by Joshua Maret, IANS Faculty & Jason Garbis, IANS Faculty

Find best practices to help create and govern your organization’s policy on acceptable generative AI use cases.

See Details
Guide icon
Guide

Risk Management

5 Real-World Use Cases for AI and How Best to Secure Them

by Josh More, IANS Faculty

Understand the main issues with AI, along with common business use cases and recommendations for protecting the organization when using each.

See Details
Guide icon
Guide

Management and Leadership

8 Ways to Mitigate the Risks of ChatGPT and Generative AI

by Jake Williams, IANS Faculty

Identify and learn about the top risks of AI tools and find recommendations on how to mitigate those risks.

See Details
Checklist icon
Checklist

Vendor and Partner Management

Third-Party Software Security Checklist

by Richard Seiersen, IANS Faculty

Find four high-level best practices for securing third-party software in this Third-Party Software Security Checklist by IANS Faculty member, Richard Seiersen.

See Details
Guide icon
Guide

Metrics and Reporting

Create Incident Response Metrics Worth Reporting

by Adrian Sanabria, IANS Faculty

Learn how to create IR metrics that focus on improvement and resonate with management using our 'Create Incident Response Metrics Worth Reporting' guide.

See Details
Guide icon
Guide

INCIDENT RESPONSE AND RECOVERY

Tabletop Scenario Templates

by Bill Dean, IANS Faculty

Help better prepare your organization for potential cyberattacks using these 8 tabletop scenario templates.

See Details
Guide icon
Guide

Executive Development

5 Attributes of Top-Performing CISOs

by IANS Research

Further your professional development as a security leader by downloading our ‘5 Attributes of Top-Performing CISOs’ research report.

See Details
Checklist icon
Checklist

Enterprise Software

GRC Roles and Responsibilities Checklist

by Justin Leapline, IANS Faculty

Find a timesaving checklist that details the GRC tasks commonly implemented at most organizations.

See Details
Guide icon
Guide

Networking

Zero Trust: A Step-by-Step Guide

by Dave Shackleford, IANS Faculty

Gain insights on the implementation of zero trust tools and technologies in this step-by-step guide from IANS Faculty member, Dave Shackleford.

See Details
Checklist icon
Checklist

Incident Response and Recovery

Ransomware Prep Toolkit

by Dave Shackleford

Use our Ransomware Prep Toolkit from IANS Faculty, Dave Shackleford to prepare and respond to ransomware incidents quickly and effectively.

See Details
Guide icon
Guide

Security Operations

Harden M365 Identities and Exchange Online

by Aaron Turner, IANS Faculty

Learn how to harden M365 Identities and Exchange Online from IANS Faculty, Aaron Turner. Prioritize activities that protect against Azure AD and Exchange Online attacks.

See Details
Guide icon
Guide

DATA PROTECTION

Data Protection and Classification Policy Template

by Kelli Tarala, IANS Faculty

Use our Data Protection and Classification Policy developed by IANS Faculty member, Kelli Tarala as a workable template to establish data protection and compliance standards for your organization.  

See Details
Guide icon
Guide

Security Operations

Top 8 SOAR Use Cases and Playbooks

by Gal Shpantzer, IANS Faculty

Use our ‘Top 8 Soar Uses and Playbooks’ developed by IANS Faculty, Gal Shpantzer, to successfully augment your security strategy with SOAR.

See Details
Checklist icon
Checklist

Application Security

DevSecOps Best Practices Checklist

by Tanya Janca, IANS Faculty

Use this timesaving checklist that details best practices to follow, and pitfalls to avoid ensuring DevSecOps success.

See Details