FREQUENTLY ASKED QUESTIONS

Below are a number of frequently asked questions and their corresponding answers. They are organised per the categories listed below. Contact us, if you have more questions.

About

The objective of securitythisway.com is to evolve into a content platform for information and IT security professionals, as well as data privacy officers. The focus is on ready to use content in support of your security or data protection strategy, organization, policy, processes and communication.

The portal provides best practice materials and examples of amongst others strategy presentations, job descriptions, security policy documents, acceptable use policies, awareness materials, assessment templates, executive presentation formats, process descriptions, etc.

All materials are regularly updated, and new materials are added continuously, such that the content keeps improving and remains up to date with the changing threat and vulnerability landscape, new technologies, and changes to laws, regulations and best practices.

securitythisway.com can rely on over 15 years of experience in developing information security strategy, policy, awareness and other related security resources. Helping companies from 10 to +150.000 employees across the globe and in many different industries, including heavily regulated ones such as banking, telecommunications and healthcare / pharmaceuticals.

Our team has worked for and with different big 4 audit firms, strategic management consultants as well as niche security consultants and integrators.

The developed materials are directly derived from that experience, but also include the input from leading best practices and standards such as the ISO 27 series, COBIT, PCI DSS, NIST, etc.

Please don’t hesitate contact us if you have any questions about us or our services.

  • Information and IT security professionals, Chief Information Security Officers (CISO)
  • Data Privacy Officers (DPO)
  • Lawyers, legal counsel and compliance professionals with a role in security, security related compliance and data privacy
  • IT people (including CIOs) with a sound interest or role in information security and IT security.
  • Security and privacy consultants (note that consultants will require a special license agreement for the use of the materials at their clients)

Many organizations do not have the (right) people to create their own content. Even larger security and privacy teams struggle in the creation of good policy documents or awareness materials. Being a security professional does not necessarily mean you have the writing and communication skills to create such content. You may have excellent analytical, security incident response and / or managerial skills, but you may not have time nor the skills to create content that is readily consumable for their target audiences.

Much of the content you need to create as a security privacy professional is intended for non-specialized, non-technical and often non-interested audiences. Writing such content in a way that is understandable and appealing to such target audience requires a specific set of skills and expertise.

It also requires time and resources that can no longer be deployed on more operational and service delivery related tasks and activities. It would take an experienced professional with the right writing skills at least a month to research and develop a security policy that is professional, comprehensive, and understandable.  You are easily looking at investing hundreds of hours to create content such as policies that securitythisway.com can offer you readily available. So how much time and resources do you have?

Yes you can also go for security consultants, and leverage their expertise to build you custom security content. However, with consultancy daily rates going from 1.000 Dollar to 4.000 Dollar per day, this will cost you tens – to even hundreds – of thousands of dollars.

securitythisway.com offers you a way to avoid spending hundreds of frustrating hours or dollars researching, drafting this content and gives you a head start towards implementation.

securitythisway.com was developed to fill this void – to provide professional, qualitative and most importantly, inexpensive, security content to organizations of any size.

Yes you can also go for security consultants, and leverage their expertise to build you custom security content. However, with consultancy daily rates going from 1.000 Dollar to 4.000 Dollar per day, this will cost you tens – to even hundreds – of thousands of dollars.   We should know, because we were once part of such consultancy firms and have developed, sold and delivered such services for them. Which such rates, you can easily understand that a subscription to securitythisway.com is much more affordable.

Additionally, with securitythisway.com you are guaranteed to always have access to the latest updates and newest content. Building the content yourself or using security consultants will much likely be a project type of activity. This means that future updates and maintenance will happen in an ad hoc manner rather than on a continuous basis. This is because you will need to each time engage the consultant with a new contract or statement of work.

So why pay a lot of money to consultants to develop something that is already available.

Instead, use a consultant for the customization or implementation (if you would need support for that). securitythisway.com has licensed security consultants that have access to securitythisway.com materials and have successfully implemented the content before.

Access

The portal is still under construction. Until then, check the materials available and contact us for a quote on one or more of the materials. Once the portal is up and running, the access will be subscription based. Several formulas will be available ranging from individual subscriptions to a company wide license.

Sample materials will gradually be added to the content pages. Contact us for specific sample materials

Content

The content available is very diverse and ever expanding:

  • Strategy presentations and executive presentation formats
  • Job descriptions
  • Organisational models
  • Security policy documents
  • Privacy policy documents
  • Acceptable use policies
  • Social media guidelines
  • Awareness materials
  • Templates for amongst other exception requests, security risk assessment, classification, new risk identification / submission, threat modelling
  • Process descriptions

Click here to see a complete overview of all content available.

Let us know what you are looking for. If the content is useful to other organizations as well, we will create it for you, without any extra cost. Typically, it does not cost us more than 5 working days to provide you with the content.

More often than not, we may even be able to deliver it to you faster. This is thanks to our continuous research and development. This means that it is very likely that we already have some base materials available that we can leverage and for which we will prioritize the content creation.

For custom requests, please next question.

There are two ways of customising the content:

  1. Do it yourself

You can easily customize the materials yourself. All content is provided in an editable format. Each document or template comes with a clear indication of where configuration or customization may be needed.

Example customizations include:

  • Inserting the name of your organization
  • Adjusting naming of classification levels to your proprietary ones
  • Adjusting mentioning of password complexity to your custom password policy
  • Adjusting naming of teams or departments in line with your organization
  1. Let us do it for you

We provide additional consulting services that will fully customize the materials for you. Where branding and design (e.g. awareness materials) is needed we either work together with your internal communications team, or use or own digital branding and design partner agency.

Please contact us for your custom demands, such that we can prepare you an offer that best fits your demand.

Note that you do not need to have a subscription or license to the portal in order to contact us for custom made content.

The list of reasons, goes on and on, so it is also difficult to give a comprehensive answer. The answer to that question may be different from organization to organization. Below is the list of some of the main reasons we see:

  • It is the key driver of the security strategy
  • It ensures a consistent interpretation of security and the related risks across the organization
  • It provides the different target audiences with a translation of that strategy into requirements they can understand and implement
  • It reduces risk exposure and legal liability
  • It fulfils compliance (e.g. GDPR, HIPAA, SOX, PCI DSS, GxP) and audit requirements
  • It helps to embed security and privacy by design, and therefore avoids costly remediation exercises later on
  • It can increase productivity and efficiency (e.g. via smarter control execution)
  • It allows you to explore new technologies and horizons in a more confident manner – using an analogy: you can only drive fast if you know you can rely on your brakes

Documenting your processes using business process modelling or similar process documentation or modelling techniques has many benefits:

  • Strategy & Management
    • Helps to manage complex systems and processes, providing a break down into components and a logical visualisation of how processes and activities relate to each other, allowing to see causes and effects, inefficiencies, redundancies, gaps, etc.
    • Allows for a positioning of processes and activities in the broader scale of the organizational processes
    • Enables process agility and change management by allowing new or changed processes to be communicated quickly and in a way that can be understood and compared to existing processes.
  • Communication & Collaboration
    • Increases alignment between teams, roles and processes by a clearer identification of interfaces, hand-overs and interactions
  • Efficiency & Optimization
    • Helps to increase process understanding through visual analysis. And it helps to discover errors, bottlenecks, improvement areas, etc.
    • Enables process assessments, process improvement exercises and process re-engineering
    • Facilitates automation
  • Knowledge & Training
    • Ensures process knowledge is more future proof and not dependent on informal knowledge that gets lost when people leave the company or change role
    • Allows for faster onboarding of new people
  • Control, Audit & Compliance
    • Increases control and consistency
    • Supports compliance
    • Reduces time your people spend with yet another set of auditors or consultants, explaining them the processes all over again

Yes, absolutely!  In fact, most of our customers use their subscription to securitythisway.com for just that. Using the content of securitythisway.com will help you in your compliance with Sarbanes Oxley (SOX), General Data Protection Regulation (GDPR), local privacy laws (e.g. Mass 201 CMR 17.00), Health Insurance Portability and Accountability Act (HIPAA), ISAE3402 or SSAE16 Service Organization Control reports (SOC 1, SOC 2, SOC 3, formerly SAS 70), ISO standards (e.g. ISO27001), GxP, CFR Part 11, and more.

Our team also continues to follow up on new laws, regulations, standards and best practices. Where needed, materials are updated to ensure compliance with new requirements. In some case, there may even be dedicated materials developed for particular laws, regulations or standards.

Price, Billing & Payment

Access to the portal (which is currently still under development) will likely be subscription based (yearly subscriptions) though there may be free content as well. Especially, with regard to the processes we are currently evaluating to publish the Security Process Reference Model for free on the site.

Consultants that want to use the materials at a client will require special licenses / subscriptions (even when the materials are free). The exact price of the subscription fees and consultant subscription fees has not yet been set.

In the meanwhile, quotes for individual items listed already can be obtained by contacting us.

Once the portal is live, the following two options will be available:

  • Money transfer: you transfer the money via a bank transfer to our account. Mentioning the invoice number. Note that access to the portal will only be provided once the money has been successfully transferred. Depending on how fast the financial institutions involved work, this may take 1 to 5 working days. Note: Please be advised that for international wires, your bank may charge you additional transfer fees.
  • Credit card: We currently accept payments through most major credit and debit cards (Visa, MasterCard, American Express). As this payment can be processed online, you will get immediate access to the portal upon successful completion of the transaction.

If you have questions regarding our payment options, please feel free to contact us.

Absolutely.  Your credit card information is transmitted securely over the SSL encryption of the the payment service provider we use for processing your credit card payments.  We do not store or retain your credit card information after your transaction has been processed.

Resellers + Use of content by consultants

Yes, that is possible.  However, consultants require a special license agreement.  It may also make sense for consultants to join our Reseller program (see next question).  Please contact us to discuss your plans in greater detail.

As soon as the portal is fully developed, we will put a Reseller program in place.  We understand that some companies may need help to not only create their own policies, but to customize and implement them.  To meet this demand, we will rely on a network of Resellers.  Aside from having access to the content to use with your own customers, the Reseller program pays commissions on every order coming via you.  If you are interested, please contact us.  We are always looking for partners who want to help their customers implement a solid security program.