The document proposes a portfolio of security standards to manage IT risks across various domains. The portfolio includes over 30 security standards that cover areas like web application development, databases, networks, operating systems, infrastructure services, access management, malware prevention, and incident response. The standards are designed to establish policies and guidelines around the technology usage, assets, and operations within an organization.

1. IT Risk Management
Policy
Technology
Usage
Policy
Proposed IT Risk Management Portfolio of Security Documents
Web and
Client/Server
Application
Development
Security
Standard
Web Server
Security
Standard
Database
Security
Standard
Web Services
Security
Standard
Application
Security
Standards
Information
Classification
Standard
Personal
Information
Protection
Standard
Asset Inventory
Controls
Standard IT Contracting
Standard
Security Management
Standards
Malicious Code
Prevention
Standard
User Access
Management
Standard
Vulnerability
Management
Standard
Security Event
Management
Standard
Change
Promotion
Standard
Media Retention
& Destruction
Standard
Physical &
Environmental
Controls
Standard
Operations Security
Standards
Firewall
Security
Standard
Router/Switch
Security
Standard
Voice/PBX
Standard
Wireless
Security
Standard
Remote Control
Standard
Network Perimeter
Security Standard
General Network
Security Standard
Network
Workstation
Security Standard
Email & Instant
Messaging Security
Standard
Cryptographic
Standard
Infrastructure Services
Standards
Unix/Linux
Security Standard
Windows X
Security Standard
Operating
Systems
Remote Access
Standard
Incident
Response
Standard
Security
Acknowledgement
Banner Standard
Separation of
Duties Standard
Outside Service
Provider (OSP)
Standard