TEKRiSQ | Technology Risk Assessment Platform  

What is a WISP? Written Information Security Plan

The Written Information Security Plan (WISP) is a document that outlines your company’s policies, procedures, and solution controls for protecting sensitive information.  Basically, the WISP is a roadmap for how your business manages data security and protects confidential data within your systems.
Documents like these help your business organize proactive plans for when (not if) a cyber incident occurs, and how best to handle it. Business partners, regulators and insurers may want to know if you have created one, and in some cases offer it for review. It demonstrates a strong culture of cybersecurity.
Typically, a WISP includes the following items:
  • Internet Acceptable Use Policy
  • Remote Access Policy
  • Password Management Policy
  • Password Complexity Rules
  • Multifactor Authentication Policy
  • Security Awareness Training Policy
  • Resource and Data Recovery Policy
  • Hardware Decommissioning Policy
  • Information Security Policy
  • Physical Security Policy
  • Employee Computer Setup & Configuration Policy
  • Company Email Policy
  • Work Computer Usage
  • Software Usage
  • Patch Management Policy
  • Asset Management Policy
  • Data Backup Policy
  • Data Encryption Policy
  • Mobile Device Security Policy
  • Data Classification Policy
  • Data Destruction Methodology
  • Information and Asset Handling Policy

So, What’s An Incident Response Plan?

An Incident Response Plan provides a framework by which anIncident Response Team (something your business should organize) can determine the scope and risk of an incident along with the appropriate response.  This too is useful to your team, the people you do business with and those who you rely on to manage risk.

Specific areas of an IRP include:  Incident definition, incident declaration criteria, high-level incident criteria, medium-level incident criteria, low-level incident criteria, evidence preservation, IT Snapshot summary, detection & analysis, containment/eradication/recovery, post incident activity, escalation, critical services list, plan activation criteria, responsibilities, key contacts, service owners, roles, and reporting template(s).

If you’d like help establishing yours, lets schedule a quick discussion.

© Copyright 2024 TEKRiSQ, INC. All rights reserved.
Website by: Colophon

TEKRiSQ BBB Business Review