Security Maturity Blueprints
Cyber Hygiene
Overview
Cyber hygiene encompasses the fundamental practices and routines that organizations must maintain to keep their security posture healthy. These blueprints turn complex compliance requirements into practical, repeatable processes.
Focus Areas
Data Classification
A structured approach to categorizing organizational data by sensitivity level, enabling appropriate controls and handling procedures for each tier.
Pre-Transmission DLP Scanning
Guidance on implementing Data Loss Prevention controls that scan content before it leaves the organizational boundary — especially critical when using AI tools that transmit data to external providers.
Shared Responsibility Models
Modern security operates on shared responsibility. These blueprints clarify accountability boundaries between:
- Cloud service providers
- AI tool vendors
- The organization
- Individual developers and users
Blueprints
Blueprints are being developed and will be published here as they are completed.
| Blueprint | Status | Description |
|---|---|---|
| Data Classification Policy | In Progress | 4-tier model with handling procedures |
| DLP for AI Tools | In Progress | Pre-transmission scanning configuration |
| Shared Responsibility Matrix | Planned | RACI for cloud + AI tool usage |
| Secrets Management | Planned | Preventing credential exposure in AI workflows |
| Secure Configuration Baselines | Planned | Hardening guides for AI coding assistants |
Principles
- Practical over theoretical — every blueprint includes actionable steps
- Tool-agnostic — applicable regardless of specific vendor
- Regulatory-aligned — mapped to GDPR, EU AI Act requirements
- Progressive — start simple, mature over time