# Infosec Programs 1. Policies and procedures: Required as the basis to enforce IRM mandate. 1. General procedures: Policies on acceptable use, electronic communication, web access, patching etc 2. Platform configuration standards: Secure configurations for Unix, Windows etc. 3. Control catalog 2. Awareness and training programs 3. Access controls and privilege management: all individuals and services are properly authenticated, authorized and audited. 4. Vulnerability management: 5. Patching 6. Vulnerability monitoring and response 7. Testing for vulnerabilities: Network penetration testing, web application testing, and code analysis 8. Threat management and incidence response 1. SIEM and log analysis 2. Threat intel feeds – monitoring and absorption 3. Incidence handling and response 9. Risk assessments 10. New ventures 11. New code in the DMZ 12. All varieties of control exemptions 13. Compliance 14. Regulators 15. External auditors 16. SSAE16 17. Privacy and security 18. Tools and operations 1. IDS/IPS 2. Firewalls 3. Proxies 4. System log analysis tools 5. Penetration testing tools, and web application testing tools 6. Security data warehouse: for reports, risk dashboards and items to follow up on 7. Workticket management tools 19. Board reporting 20. Business resilence --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.swantu.com/infosec-programs.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.