andreisfnt/cybersecurity-awareness

# Cybersecurity Awareness Policy templates, frameworks, and practical guides for IT teams building or maturing their organization's security posture. These documents are generic and reusable - designed to give IT leaders a credible starting point rather than a blank page. They reflect the practical reality of running security in organizations where resources are finite, threats are real, and employees are not the enemy. ## Contents | Document | Category | Purpose | |----------|----------|---------| | [Acceptable Use Policy](policies/acceptable-use-policy-template.md) | Policy | Defines permitted and prohibited use of organizational IT resources | | [Information Security Policy](policies/information-security-policy-template.md) | Policy | Overarching security policy covering responsibilities, controls, and compliance | | [BYOD Policy](policies/byod-policy-template.md) | Policy | Conditions and security requirements for use of personal devices for work | | [Email and Communication Security Policy](policies/email-and-communication-security-policy-template.md) | Policy | Secure use of email, messaging, and collaboration platforms | | [Network and Wi-Fi Security Policy](policies/network-and-wifi-security-policy-template.md) | Policy | Network access rules, Wi-Fi security, VPN requirements, and remote access | | [Patch Management Policy](policies/patch-management-policy-template.md) | Policy | Patch classification, deployment timelines, and exception management | | [Security Awareness Program Guide](awareness/security-awareness-program-guide.md) | Awareness | How to build and run an effective security awareness program | | [Incident Response Playbook](incident-response/incident-response-playbook-template.md) | Operations | Structured playbook for detecting, containing, and recovering from security incidents | | [Cybersecurity Maturity Self-Assessment](assessment/cybersecurity-maturity-self-assessment.md) | Assessment | Practical self-assessment for IT leaders to identify gaps and prioritize improvements | ## How to use these Each document is self-contained. Replace `[placeholder text]` with your organization's specifics. All documents are vendor-neutral and technology-agnostic. Start with the maturity self-assessment if you are unsure where to focus effort. It will surface the gaps that matter most before you invest time in individual policies or programs. ## A note on security awareness Security awareness is often treated as a compliance exercise - annual training, a phishing simulation, a box ticked. That approach does not change behavior and everyone involved knows it. Effective security awareness is a communication and culture problem, not a training problem. These documents are written with that in mind. Maintained by [Andrei Pasca](https://github.com/andreisfnt)  ·  [pascaadvisory.nl](https://pascaadvisory.nl)