Sign in Subscribe

devsecopsbook

Email Security Policy

Document Version: 1.1 Last Updated: July 20, 2025 Owner: Information Security Officer 1. Purpose This policy establishes controls to ensure the secure and compliant use of email systems at [Your Company Name], in line with ISO/IEC 27001 and SOC 2 requirements. It aims to protect against unauthorized access,

Setup CICD using GitHub Part 1

1. ✅ Request a new email @devsecopsbook.com for GitHub Admin Email * Purpose: Centralized and auditable admin access (not tied to a personal email). * Mailbox Owner: Ideally managed by IT or a shared mailbox system (e.g., Google Workspace Group, Zoho Mail) 2. 📝 Register GitHub Admin Account * Go to https://github.

DevSecOpsBook Org

Org Structure 1. Organization Chart Policies 1. Asset Management Policy 2. Access Control & IAM Policy 3. Backup and Restore Policy 4. Business Continuity and Disaster Recovery (BC/DR) Policy 5. Change Management Policy 6. CI/CD Security Policy 7. Cryptographic Controls Policy 8. Information Security Policy 9. Release &

Welcome to DevSecOpsBook

Real-world insights. Practical guidance. Fictional company, real lessons. At DevSecOpsBook, we document the journey of building a fictional tech company—but with real, hands-on practices drawn from experienced DevSecOps professionals. Our goal? To bridge the gap between theory and practice. Whether you're a new engineer or a curious

Backup and Restore Policy

Document Version: 1.0 Last Updated: July 19, 2025 Policy Owner: IT Security Manager 1. Purpose This policy establishes requirements for backup and restoration of data, systems, and configurations to ensure availability and integrity of critical business information in the event of data loss, corruption, or disaster. It supports compliance

Cryptographic Controls Policy

Document Version: 1.0 Last Updated: July 19, 2025 Classification: Internal 1. Purpose The purpose of this policy is to ensure the proper and effective use of cryptography to protect the confidentiality, integrity, and availability of information in accordance with ISO/IEC 27001 requirements. 2. Scope This policy applies to

Secure Development Policy

Document Version: 1.0 Last Reviewed: July 19, 2025 Approved By: CISO Applies To: All Development Teams, Product Managers, QA, DevOps 1. Purpose This policy establishes the requirements for secure software development practices at [Your Organization] to ensure that information security is integrated throughout the software development lifecycle (SDLC). It

Asset Management Policy

Document Version: 1.0 Last Updated: July 19, 2025 Compliance Framework: ISO/IEC 27001:2022 – Clauses 5.9, 7.5, A.5, A.8 1. Purpose This policy establishes the requirements for identifying, managing, and protecting organizational assets—including physical, digital, cloud-based, and SaaS assets—to ensure confidentiality, integrity, and

Network Security Policy

Document Version: 1.0 Last Updated: July 19, 2025 Owner: Information Security Officer Approved By: Executive Management 1. Purpose The purpose of this policy is to secure the internal network infrastructure of the organization—including on-premises systems, private clouds, and hybrid components—by defining controls that protect data and services

Security Awareness Training Policy

Document Version: 1.0 Last Updated: July 19, 2025 Owner: Chief Information Security Officer (CISO) 1. Purpose This policy establishes the requirements and responsibilities for providing security awareness and training to all employees, contractors, and relevant third-party personnel. The purpose is to reduce risk from human-related security threats through education