Welcome to isp-gpt, your one-stop solution for establishing an AI-powered Information Security Program. This repository offers a comprehensive set of policies, procedures, and guidelines, all designed with the assistance of GPT. You can find more details on my blog, Cyber Mixology
isp-gpt is intended to be an "information security program in a box," with the added benefit of AI guidance. As the cybersecurity landscape continually evolves, having a dynamic and intelligent system like GPT supporting your security strategy ensures that you remain at the forefront of defense.
- Comprehensive: Covers a broad range of security domains, ensuring you're protected from multiple angles.
- Powered by AI: Utilizes the knowledge and adaptability of GPT to remain up-to-date.
- Customizable: Designed for you to fork and adapt to your organization's unique needs.
To start, fork this repository so you can adapt it to your organization's specific requirements and nuances.
Our policy library covers various domains, from Incident Response to Threat Intelligence. Each policy defines the commitments and standards your security team should uphold.
Certain policies may specify technical controls that need to be in place. These will be outlined in the dedicated Technical Controls table.
Any regular processes, like periodic reviews or audits, are listed with their frequency in the Regular Processes table.
While the provided content is comprehensive, every organization is unique. Make sure to tailor the content to your specific needs.
Found an improvement or an addition that could benefit everyone? We'd love to pull your changes back into the main repository.
| Control Name | Description | Policy Reference |
|---|---|---|
| Example Control | Example Description | [Link to policy] |
| Activity | Description | Frequency | Policy Reference |
|---|---|---|---|
| Threat Intelligence Analysis | Analyze external threat intelligence sources and news regarding security incidents. | As needed | Threat Intelligence Policy |
| Vendor Assessments | Review third-party vendors to assess their security posture. | As needed | Third-Party Vendor Assessment Policy |
| Vulnerability Scanning | Scan systems for vulnerabilities to ensure security posture remains robust. | Quarterly | Third-Party Vendor Assessment Policy |
| Penetration Testing | Conduct a penetration test to identify and rectify potential security vulnerabilities. | Annually | Third-Party Vendor Assessment Policy |
| Incident Response Drills | Practice incident response scenarios to ensure readiness. | Annually | Incident Response Policy |
| Security Awareness Training | Educate employees on security best practices and potential threats. | Annually | Information Security Policy |
If you've made modifications that you believe would benefit the wider community, please consider making a pull request. We appreciate contributions that enhance the depth, clarity, and breadth of this project.
Please refer to the attached license file for details on usage, modification, and distribution of this project.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent