---

name: security-documentation description: Master security documentation with security policies, incident response plans, security procedures, and compliance documentation.

Security Documentation

Create comprehensive security documentation including policies, procedures, incident response plans, and compliance documentation.

When to Use This Skill

• Policy development
• Procedure documentation
• Incident response planning
• Compliance documentation
• Security training
• Audit preparation
• Risk documentation
• Stakeholder communication

Core Concepts

1. Security Policy Template

Copy# Information Security Policy

## Purpose
Define security requirements and responsibilities for protecting company information assets.

## Scope
All employees, contractors, systems, and data.

## Password Policy
- Minimum 12 characters
- Complexity requirements (upper, lower, number, special)
- No password reuse (last 10)
- 90-day expiration
- MFA required for sensitive systems

## Access Control
- Principle of least privilege
- Role-based access control
- Access review quarterly
- Termination procedures
- Remote access via VPN only

## Data Classification
- Public: No restrictions
- Internal: Company personnel only
- Confidential: Need-to-know basis
- Restricted: Executive approval required

## Incident Reporting
- Report security incidents within 1 hour
- Contact: security@company.com
- Incident response team activation

## Compliance
- Violation consequences
- Review annually
- Approval: CISO

**Effective Date**: 2024-01-01
**Version**: 1.0

2. Incident Response Plan

Copy# Incident Response Plan

## Incident Types
- Data breach
- Malware infection
- Unauthorized access
- Denial of service
- Physical security breach

## Response Team
- Incident Commander: CISO
- Technical Lead: IT Director
- Communications: PR Manager
- Legal: General Counsel
- HR: HR Director

## Response Phases

### 1. Detection & Analysis (0-1 hour)
- Identify incident type
- Assess severity
- Activate response team
- Begin logging

### 2. Containment (1-4 hours)
- Isolate affected systems
- Preserve evidence
- Implement temporary controls
- Prevent spread

### 3. Eradication (4-24 hours)
- Remove threat
- Patch vulnerabilities
- Reset credentials
- Verify clean

### 4. Recovery (24-72 hours)
- Restore systems
- Monitor for reoccurrence
- Validate functionality
- Return to normal

### 5. Post-Incident (Week 1)
- Document timeline
- Lessons learned
- Update procedures
- Report to stakeholders

## Communication Protocol
- Internal: Email, Slack
- External: PR team approval
- Customers: Within 72 hours (GDPR)
- Regulators: As required

Best Practices

1. Clear and concise - Easy to understand
2. Regular updates - Keep current
3. Version control - Track changes
4. Stakeholder review - Get feedback
5. Accessible - Easy to find
6. Testable - Practice procedures
7. Compliance-aligned - Meet regulations
8. Executive approval - Official authorization

Resources

• NIST Cybersecurity Framework: Policy guidance
• SANS Security Policy Templates: Ready-to-use templates