{"id":70770,"date":"2023-10-12T16:29:13","date_gmt":"2023-10-12T20:29:13","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=70770"},"modified":"2024-08-15T16:22:28","modified_gmt":"2024-08-15T20:22:28","slug":"building-security-program","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/building-security-program","title":{"rendered":"Building a Security Program from the Ground Up"},"content":{"rendered":"\n<p><em>October is Cybersecurity Awareness Month, and the U.S. Cybersecurity &amp; Infrastructure Security Agency (CISA) is calling on all of us to \u201cSecure Our World,\u201d with a simple message that calls everyone to action \u201cto adopt ongoing cybersecurity habits and improved online safety behaviors.\u201d This month, the JumpCloud blog will focus on helping you empower everyone in your organization to do their part regarding cybersecurity. Tune in throughout the month for more cybersecurity content written specifically for IT professionals.<\/em><\/p>\n\n\n<hr>\n\n\n\n<p>Cybersecurity is a pressing concern for everyone, but small and mid-size enterprises (SMEs) are even more susceptible to cyberattacks than many might think. The popular notion that SMEs are not of interest to attackers is not true: Verizon\u2019s <a href=\"https:\/\/www.verizon.com\/business\/resources\/reports\/dbir\/\" target=\"_blank\" rel=\"noreferrer noopener\">2023 Data Breach Investigation Report<\/a> found that attacks on SMEs and large businesses are converging in both numbers and tactics. Essentially, the data shows that <em>attackers are just as interested in SMEs as they are in large companies.&nbsp;<\/em><\/p>\n\n\n\n<p>People working at SMEs are feeling the effects of this phenomenon: <a href=\"https:\/\/jumpcloud.com\/resources\/q2-2023-it-trends-for-small-and-medium-sized-enterprises-smes\" target=\"_blank\" rel=\"noreferrer noopener\">in a recent JumpCloud survey<\/a>, about half of SME IT professionals reported feeling more concerned about security than they were six months ago. But even though SMEs don\u2019t always have enterprise-level resources and funds, they can still build a successful security program. This post covers the frameworks and practices that can guide teams and their decision making when building (or rebuilding) a program from the ground up.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-a-note-on-grc-and-frameworks\">A Note on GRC and Frameworks<\/h2>\n\n\n\n<p>Governance, risk management, and compliance (GRC) forms the foundation of any successful security program. Typically, these components are wrapped up into what people usually just refer to as \u201ccompliance.\u201d&nbsp;<\/p>\n\n\n\n<p>As most IT professionals aren\u2019t compliance experts, compliance can feel daunting for an IT team to navigate. But compliance isn\u2019t as different from security as many believe. When boiled down to the basics, <strong>compliance is simply a matter of defining controls, and a control is simply a policy, a process, or a technology.&nbsp;<\/strong><\/p>\n\n\n\n<p>Frameworks can help you determine which controls your organization needs. <a href=\"https:\/\/www.nist.gov\/\" target=\"_blank\" rel=\"noreferrer noopener\">NIST<\/a>, for example, is a common framework that can help you understand the standard operating controls required for a holistic corporate security program. While NIST is more focused on government standards, it is a great guide for budding programs, especially for those who aren\u2019t familiar with writing controls.<br><br><strong><em>Compliance tip: <\/em><\/strong><em>When it comes to cloud security, research frameworks that align with the specific provider. For example, AWS has the <\/em><a href=\"https:\/\/aws.amazon.com\/architecture\/well-architected\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"><em>Well-Architected Framework<\/em><\/a><em> to guide users on the controls necessary to secure cloud infrastructure.<\/em><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-steps-to-building-a-security-program\">Steps to Building a Security Program<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-attain-visibility\">Attain Visibility<\/h3>\n\n\n\n<p>Security requires visibility into the inner workings of an organization. When approaching a new program, establish insight and documentation around the following:<\/p>\n\n\n\n<ul>\n<li><strong>Logs.<\/strong> Areas without adequate logging and monitoring create potential risks. Use the following process to identify these gaps.\n<ul>\n<li>First, investigate:\n<ul>\n<li>What log sources exist in what applications.&nbsp;<\/li>\n\n\n\n<li>How these logs are retrieved.&nbsp;<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Then, create a matrix and document log details like:\n<ul>\n<li>Priority.<\/li>\n\n\n\n<li>Technology and service source.<\/li>\n\n\n\n<li>Location.<\/li>\n\n\n\n<li>Frequency.<\/li>\n\n\n\n<li>Input and output methods.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Finally, establish and execute on plans to automate log monitoring for effective security operations.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Data flows. <\/strong>For both security and privacy, it is important to know what data is stored and processed through what systems. Investigate your data flows by interviewing data owners and developing data flow diagrams. These diagrams should document <em>what<\/em> data travels through the company\u2019s environment and <em>where<\/em> it travels. This process will identify any areas where data has been mishandled and enable scoping for different compliance needs.<\/li>\n\n\n\n<li><strong>Access.<\/strong> Knowing who has what access to which systems is crucial to protecting the data stored in them. Access and permissions should always align with the following two principles:<br>\n<ul>\n<li><strong>Separation of duties:<\/strong><em> <\/em>The principle that no one person should have enough access to misuse a system on their own.<\/li>\n\n\n\n<li><a href=\"https:\/\/jumpcloud.com\/blog\/what-is-least-privilege#:~:text=It%20asserts%20that%20each%20user,necessary%20to%20fulfill%20its%20role.\"><strong>Principle of least privilege<\/strong><\/a><strong>: <\/strong>The principle that users should be given the least amount of access they need to do their job.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>To document access, start by creating an access control matrix. This will provide a powerful tool for:<\/p>\n\n\n\n<ul>\n<li><strong>Onboarding and offboarding <\/strong>by helping IT personnel keep track of access and permissions for all the roles in the organization.<\/li>\n\n\n\n<li><strong>Identifying and correcting gaps, <\/strong>especially areas where the principles of separation of duties and least privilege are violated.<\/li>\n\n\n\n<li><strong>Providing evidence<\/strong> of controls around authorizing access. This can be helpful for tracking compliance.<br><strong>Tracking vendors.<\/strong> Consider using this access document to aid in creating a vendor list.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-assess-risk\">Assess Risk<\/h3>\n\n\n\n<p>Throughout the process of building out visibility documentation, take note of any risks you identify by starting a risk register.&nbsp;<\/p>\n\n\n\n<p>Managing risks requires an element of project management: risks should be documented, and plans to address them should be tracked and managed. Your risk register should include everything you need to know about each risk, including ownership, plans for mitigation, deadlines, and more. For example, your risk register might include:<\/p>\n\n\n\n<ul>\n<li><strong>An ID and description of the risk.<\/strong><\/li>\n\n\n\n<li><strong>The risk\u2019s likelihood, impact, and severity.<\/strong> Use a standardized scale (i.e., 1-5) to quantify each.<\/li>\n\n\n\n<li><strong>Treatment plan. <\/strong>Usually, treatment plans specify the approach the company plans to take to address this risk. For example, \u201cmitigate,\u201d \u201ctransfer,\u201d and \u201caccept\u201d are common treatment plans for risks.<\/li>\n\n\n\n<li><strong>Mitigating action.<\/strong> Specify the steps the organization plans to take to reduce the risk.&nbsp;<\/li>\n\n\n\n<li><strong>Corrective action plan. <\/strong>Specify the steps the organization plans to take to implement the mitigating action.<\/li>\n\n\n\n<li><strong>Corrective action plan results. <\/strong>Specify the results of the corrective action plan.<\/li>\n\n\n\n<li><strong>An owner and approver<\/strong> for the risk\u2019s remediation steps.<\/li>\n\n\n\n<li><strong>Progress, due date, and completion date <\/strong>for the specified remediation steps.<\/li>\n<\/ul>\n\n\n\n<p><em>Note that these categories are not exhaustive; your risk register may include additional data specific to your organization.&nbsp;<\/em><\/p>\n\n\n\n<p>Risk assessment shouldn\u2019t be a one-and-done activity, but rather an ongoing analysis. Continue to document and assess risks in the risk register with the process above when they are identified. This will keep the register up to date and functional, allowing it to inform decisions on which projects to prioritize based on their ability to reduce risk.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-define-and-implement-controls\">Define and Implement Controls<\/h3>\n\n\n\n<p>Here\u2019s the fun part \u2014 making the magic happen! Each risk that is mitigated results in new controls or improved existing controls (again, a control is a policy, process, or technology). Each control must be defined and implemented.&nbsp;<\/p>\n\n\n\n<p>For example, a risk such as \u201cterminated employees retaining access to work accounts\u201d will result in creating or improving employee offboarding processes, which may require a piece of technology \u2014 like an <a href=\"https:\/\/jumpcloud.com\/platform\/user-management\" target=\"_blank\" rel=\"noreferrer noopener\">identity management platform<\/a>. Then, those new controls should be added to policy, which authorizes and communicates the requirements throughout the organization.<\/p>\n\n\n\n<p>The processes listed above, along with the regulations and frameworks that your company adheres to, should act as guidance for defining your controls.&nbsp;<\/p>\n\n\n\n\n<div class=\"promotion-banner-small is-flex-direction-column has-items-aligned-flex-start has-items-aligned-center-tablet\">\n    <div class=\"promo-small-image is-hidden-mobile\">\n        <img decoding=\"async\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/202310-WP-CrowdstrikeJumpCloud-160x110-DesignedCTAImage.jpg\" alt=\"JumpCloud\">\n    <\/div>\n    <div class=\"promo-small-content\">\n        <p class=\"is-type-body-tiny is-type-weight-bold is-important promo-small-title\">\n                    <\/p>\n        <p class=\"is-type-body-default is-important\">\n            Secure Your SME with JumpCloud and CrowdStrike        <\/p>\n    <\/div>\n    <div class=\"promo-small-cta\">\n        <a href=\"https:\/\/jumpcloud.com\/resources\/secure-your-sme-with-jumpcloud-and-crowdstrike\" data-promo=\"JumpCloud Crowdstrike whitepaper\" class=\"button is-primary-green promo-small-banner-link\">Download the Whitepaper<\/a>\n    <\/div>\n<\/div>\n\n\n\n\n<p>Sometimes, making controls a reality is easier said than done. Implementing controls can be difficult \u2014 especially when working with a <a href=\"https:\/\/jumpcloud.com\/resources\/it-sprawl-problem\" target=\"_blank\" rel=\"noreferrer noopener\">sprawled IT environment<\/a>, which is fairly common in SMEs. Controls often span multiple areas and functionalities; in the previous example regarding terminated employees, for instance, mitigations result in both HR and <a href=\"https:\/\/jumpcloud.com\/blog\/what-are-it-general-controls-itgc\">IT controls<\/a>. Similarly, a control like keeping a policy up to date requires leadership from many departments. And controls like access requests, security training, and policy acknowledgements require every person in the organization to be successful.\u00a0<\/p>\n\n\n\n<p>In a sprawled environment with many point solutions rather than a few centralized and robust ones, data sometimes gets lost in translation. Information and processes may not transfer seamlessly from department to department, and tools may not successfully carry data from one point to the next. The result is gaps in visibility and communication, which create new risks and inefficiencies.&nbsp;<\/p>\n\n\n\n<p>Having a central platform where you can implement and manage controls that span the entire organization is critical for effective, long-term security. For example, JumpCloud and CrowdStrike are designed to integrate seamlessly together to unify everything from <a href=\"https:\/\/jumpcloud.com\/blog\/simplifying-identity-access-device-management-in-a-hybrid-workplace\">identity and device management<\/a> to endpoint detection and response (EDR) into one platform. This makes it easier to apply and monitor controls in one place while avoiding the risk of gaps in execution and visibility. <a href=\"https:\/\/jumpcloud.com\/leverage-jumpcloud-with-crowdstrike-integration\" target=\"_blank\" rel=\"noreferrer noopener\">Learn more<\/a> about unifying your environment with JumpCloud and CrowdStrike.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-establish-policies\">Establish Policies<\/h3>\n\n\n\n<p>Policies communicate controls with the entire organization. Ensuring user understanding and adoption of controls is critical to maintaining a secure environment; after all, users are security\u2019s first line of defense. Having users review and agree to policies on at least an annual basis will provide awareness and accountability to all users in the organization.<\/p>\n\n\n\n<p>Don\u2019t forget to train and harden users on the different processes they need to comply with to protect against potential threats. These processes can range from reporting social engineering, to securing their home networks, to establishing strong authentication practices and requesting access via the right channels.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-repeat\">Repeat<\/h3>\n\n\n\n<p>Security should be a holistic and iterative process: programs should be continuously improved upon. Fortunately, it doesn\u2019t take a full third-party audit to check up on your security. For the SMEs that can\u2019t afford a third-party audit when they start off, internal audits can be highly effective in gaining visibility into control consistency. Findings from these audits can be used to inform risk assessments and planning mitigations.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-start-with-a-unified-foundation\">Start with a Unified Foundation<\/h2>\n\n\n\n<p>Sometimes, building a security program can feel like a series of expensive purchases \u2014 but it shouldn\u2019t. In fact, unified IT and security environments with only a few robust tools are usually more secure and more cost-effective than an environment with all the \u201clatest and greatest\u201d point solutions. What\u2019s more, unified environments streamline IT and security processes while providing a better experience for your teams.<\/p>\n\n\n\n<p>Before you get started with building (or rebuilding) your security program, check out the benefits of unification so you can approach your program with the right mindset. Learn more about IT and security unification in JumpCloud and CrowdStrike\u2019s whitepaper, <a href=\"https:\/\/jumpcloud.com\/resources\/secure-your-sme-with-jumpcloud-and-crowdstrike\" target=\"_blank\" rel=\"noreferrer noopener\">How to Secure Your SME with JumpCloud and CrowdStrike<\/a>.<a href=\"https:\/\/jumpcloud.com\/resources\/sme-prioritize-business-security\"><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This article will discuss IT security frameworks, best practices, and compliance tips to help\u2026<\/p>\n","protected":false},"author":144,"featured_media":77843,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"categories":[23,2781],"tags":[],"collection":[2776,2775],"platform":[],"funnel_stage":[3016],"coauthors":[2532],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Building a Security Program from the Ground Up - JumpCloud<\/title>\n<meta name=\"description\" content=\"This article will discuss IT security frameworks, best practices, and compliance tips to help\u2026\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/blog\/building-security-program\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Building a Security Program from the Ground Up\" \/>\n<meta property=\"og:description\" content=\"This article will discuss IT security frameworks, best practices, and compliance tips to help\u2026\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/blog\/building-security-program\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:published_time\" content=\"2023-10-12T20:29:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-15T20:22:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/10\/Security.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"512\" \/>\n\t<meta property=\"og:image:height\" content=\"210\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Kate Lake\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kate Lake\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/building-security-program#article\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/building-security-program\"},\"author\":{\"name\":\"Kate Lake\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/f8e192cbcdde7ffa4bc2f96c48ceda78\"},\"headline\":\"Building a Security Program from the Ground Up\",\"datePublished\":\"2023-10-12T20:29:13+00:00\",\"dateModified\":\"2024-08-15T20:22:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/building-security-program\"},\"wordCount\":1668,\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/building-security-program#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/10\/Security.jpg\",\"articleSection\":[\"Best Practices\",\"How-To\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/building-security-program\",\"url\":\"https:\/\/jumpcloud.com\/blog\/building-security-program\",\"name\":\"Building a Security Program from the Ground Up - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/building-security-program#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/building-security-program#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/10\/Security.jpg\",\"datePublished\":\"2023-10-12T20:29:13+00:00\",\"dateModified\":\"2024-08-15T20:22:28+00:00\",\"description\":\"This article will discuss IT security frameworks, best practices, and compliance tips to help\u2026\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/building-security-program#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/blog\/building-security-program\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/building-security-program#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/10\/Security.jpg\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/10\/Security.jpg\",\"width\":512,\"height\":210,\"caption\":\"IT consultant being setup Virtual Document Management System (DMS) with laptop computer in office or wok from home. Software for archiving corporate files concept.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/building-security-program#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Building a Security Program from the Ground Up\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/f8e192cbcdde7ffa4bc2f96c48ceda78\",\"name\":\"Kate Lake\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/46cab796831a4f3fb686940689408879\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/49d664ae369f57340f0165a652ddb04b?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/49d664ae369f57340f0165a652ddb04b?s=96&d=mm&r=g\",\"caption\":\"Kate Lake\"},\"description\":\"Kate Lake is a Senior Content Writer at JumpCloud, where she writes about JumpCloud\u2019s cloud directory platform and trends in IT, technology, and security. She holds a Bachelors in Linguistics from the University of Virginia and is driven by a lifelong passion for writing and learning. When she isn't writing for JumpCloud, Kate can be found traveling, exploring the outdoors, or quoting a sci-fi movie (often all at once).\",\"sameAs\":[\"https:\/\/jumpcloud.com\/blog\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Building a Security Program from the Ground Up - JumpCloud","description":"This article will discuss IT security frameworks, best practices, and compliance tips to help\u2026","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/blog\/building-security-program","og_locale":"en_US","og_type":"article","og_title":"Building a Security Program from the Ground Up","og_description":"This article will discuss IT security frameworks, best practices, and compliance tips to help\u2026","og_url":"https:\/\/jumpcloud.com\/blog\/building-security-program","og_site_name":"JumpCloud","article_published_time":"2023-10-12T20:29:13+00:00","article_modified_time":"2024-08-15T20:22:28+00:00","og_image":[{"width":512,"height":210,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/10\/Security.jpg","type":"image\/jpeg"}],"author":"Kate Lake","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Kate Lake","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jumpcloud.com\/blog\/building-security-program#article","isPartOf":{"@id":"https:\/\/jumpcloud.com\/blog\/building-security-program"},"author":{"name":"Kate Lake","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/f8e192cbcdde7ffa4bc2f96c48ceda78"},"headline":"Building a Security Program from the Ground Up","datePublished":"2023-10-12T20:29:13+00:00","dateModified":"2024-08-15T20:22:28+00:00","mainEntityOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/building-security-program"},"wordCount":1668,"publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/building-security-program#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/10\/Security.jpg","articleSection":["Best Practices","How-To"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/blog\/building-security-program","url":"https:\/\/jumpcloud.com\/blog\/building-security-program","name":"Building a Security Program from the Ground Up - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/building-security-program#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/building-security-program#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/10\/Security.jpg","datePublished":"2023-10-12T20:29:13+00:00","dateModified":"2024-08-15T20:22:28+00:00","description":"This article will discuss IT security frameworks, best practices, and compliance tips to help\u2026","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/blog\/building-security-program#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/blog\/building-security-program"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/blog\/building-security-program#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/10\/Security.jpg","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/10\/Security.jpg","width":512,"height":210,"caption":"IT consultant being setup Virtual Document Management System (DMS) with laptop computer in office or wok from home. Software for archiving corporate files concept."},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/blog\/building-security-program#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Building a Security Program from the Ground Up"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/f8e192cbcdde7ffa4bc2f96c48ceda78","name":"Kate Lake","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/46cab796831a4f3fb686940689408879","url":"https:\/\/secure.gravatar.com\/avatar\/49d664ae369f57340f0165a652ddb04b?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/49d664ae369f57340f0165a652ddb04b?s=96&d=mm&r=g","caption":"Kate Lake"},"description":"Kate Lake is a Senior Content Writer at JumpCloud, where she writes about JumpCloud\u2019s cloud directory platform and trends in IT, technology, and security. She holds a Bachelors in Linguistics from the University of Virginia and is driven by a lifelong passion for writing and learning. When she isn't writing for JumpCloud, Kate can be found traveling, exploring the outdoors, or quoting a sci-fi movie (often all at once).","sameAs":["https:\/\/jumpcloud.com\/blog"]}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/70770"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/144"}],"replies":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/comments?post=70770"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/70770\/revisions"}],"predecessor-version":[{"id":114212,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/70770\/revisions\/114212"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media\/77843"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=70770"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/categories?post=70770"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/tags?post=70770"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/collection?post=70770"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/platform?post=70770"},{"taxonomy":"funnel_stage","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/funnel_stage?post=70770"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=70770"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}