Facebook Follow



XLM News Janco News Feed

Reddit  Del.icio.us  Stumble Upon  Facebook  

Products
Security Topics

How to Justify Security Spending
ISO Domains & Security Manual Template
ISO 27008:2011
Top 10 Security Myths
Security Issue Trends
Security Management
Common User Passwords
User Security Holes
Passwords
Top Network
Security Weaknesses
Malware Impact On Security
Steps to Detect and Prevent Security Breaches
Insider Data Security Issues
What is HIPAA
SmartPhone & Tablet Security
Digital Copier Risk
Mobile Device Security

Security Manual Template
ISO Compliant

Sarbanes Oxley / HIPAA / Patriot Act Complaint
Comes with Electronic Forms

Order Security ManualTable of ContentsVersion History

Security Manual TemplateThe Sarbanes-Oxley Act (SOX) requires the certification of the accuracy of the periodic reports and financial statements of ENTERPRISE by the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) of ENTERPRISE.  In addition it adds the requirement that the CEO and CFO on a “rapid and current basis” disclose information that can or does materially change the financial condition of a publicly traded ENTERPRISE. 

ISO/IEC 17799:2005 (which has be upgraded to ISO 22301 and ISO 2700) established guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. The objectives outlined provide general guidance on the commonly accepted goals of information security management. ISO/IEC 17799:2005 contains best practices of control objectives and controls in the following areas of information security management:

  • Security policy;
  • Organization of information security;
  • Asset management;
  • Human resources security;
  • Physical and environmental security;
  • Communications and operations management;
  • Access control; and
  • Information systems acquisition, development and maintenance.

All of the ISO 17799 best practices are needed to meet the objectives of SOX.  This security manual template helps your enterprise to:

  • Understand your business requirements, outline control objectives, and perform IT risk assessments;
  • Analyze the IT control environment to identify gaps between internal policies and external requirements;
  • Create, disseminate, and document policies using a risk-based approach, track user acceptance, and manage exceptions and waiver requests; and
  • Translate imprecise regulatory mandates into actionable IT policies through an effective control framework.
  • Implement controls, policies, procedures and document operational management process to meet policy and business requirements;
  • Assess controls compliance for all major operating systems and identify and remediate deviations to proactively sustain the control environment; and
  • Maintain a secure control environment, assess security threats, and receive early warning to take proactive countermeasures.
  • Audit and examine the control environment on a continuing basis;
  • Author and publish reports to measure the effectiveness of security controls in meeting a variety of standards and regulations and demonstrate due care of compliance;
  • Map control information to specific policies in order to provide recommendations for improvements to the control environment; and
  • Collect, integrate, and retain trend analyses and evidentiary information from disparate control mechanisms for audits and documentation requests.

The Security Manual Template can be acquired as a stand alone item (Standard) or in the Premium or Gold sets:

xx

Security PoliciesGold Edition Security Manual Template

  • Security Manual Template in MS Word Format
  • Business and IT Impact Questionnaire MS Word Format
  • Threat and Vulnerability Assessment Form PDF and MS Excel Format
  • HIPAA Audit Program MS Word Format
  • Sarbanes Oxley Section 404 Checklist MS Word Format
  • Security Audit Program - fully editable
    • Comes in MS EXCEL and PDF formats
    • Meets ISO 27001, 27002, Sarbanes-Oxley, PCI-DSS and HIPAA requirements
    • Over 400 unique tasks divided into 11 areas of audit focus which are the divided into 38 separate task groupings
    Electronic forms that can be Emailed, completed via a computer or tablet, and stored electronically including:
    • Blog Policy Compliance
    • Company Asset Employee Control Log
    • Email - Employee Acknowledgment
    • Employee Termination Checklist
    • Internet Access Request
    • Internet Use Approval
    • Internet & Electronic Communication - Employee Acknowledgment
    • Mobile Device Access and Use Agreement
    • Employee Security Acknowledgement Release
    • Preliminary Security Audit Checklist
    • Security Access Application
    • Security Audit Report
    • Security Violation Reporting
    • Sensitive Information Policy Compliance Agreement
  • 243 Job Descriptions from the Internet and IT Job Descriptions HandiGuide in MS Word Format including all of the job descriptions in the Premium Edition.

DR BC SecurityDisaster Recovery Business Continuity & Security Manual Templates Standard Edition

  • Disaster Recovery Business Continuity Template (WORD)
    • Disaster Recovery Business Continuity Audit Program - Compliant with ISO 27031 and ISO 22301
    • Disaster Recovery Manager Job Description
    • Manager Disaster Recovery & Business Continuity Job Description
    • Application Inventory and Business Impact Analysis Questionnaire
    • Incident Communication Plan and Policy with BEST PRACTICES for
      • News Conferences
      • Media Relations
    • Social Network Checklist
    • Included with the template are Electronic Forms which have been designed to lower the cost of maintenance of the plan. Electonic Forms that can be emailed, completed via a computer or tablet, and stored electronically including:
      • LAN Inventory
      • Location Contact Numbers
      • Off-Site Inventory
      • Personnel Locations
      • Plan Distribution
      • Remote Location Contact Information
      • Team Call List
      • Vendor Contact Information
  • Security Manual Template (Word)
    • HIPAA Audit Program
    • ISO 27000 Security Audit - Compliant with ISO 22301 & 27031
    • Business and IT Impact Questionnaire
    • Threat and Vulnerability Assessment Tool
    • Sarbanes-Oxley Section 404 Checklist
    • Electronic forms that can be Emailed, completed via a computer or tablet, and stored electronically including:

      • Blog Policy Compliance
      • Company Asset Employee Control Log
      • Email - Employee Acknowledgment
      • Employee Termination Checklist
      • Internet Access Request
      • Internet Use Approval
      • Internet & Electronic Communication - Employee Acknowledgment
      • Mobile Device Access and Use Agreement
      • Employee Security Acknowledgement Release
      • Preliminary Security Audit Checklist
      • Security Access Application
      • Security Audit Report
      • Security Violation Reporting
      • Sensitive Information Policy Compliance Agreement

DR BC SecurityDisaster Recovery Business Continuity & Security Manual Templates Premium Edition

  • Disaster Recovery Business Continuity Template (WORD)
    • Disaster Recovery Business Continuity Audit Program - Compliant with ISO 27031 and ISO 22301
    • Disaster Recovery Manager Job Description
    • Manager Disaster Recovery & Business Continuity Job Description
    • Application Inventory and Business Impact Analysis Questionnaire
    • Incident Communication Plan and Policy with BEST PRACTICES for
      • News Conferences
      • Media Relations
    • Social Network Checklist
    • Included with the template are Electronic Forms which have been designed to lower the cost of maintenance of the plan. Electonic Forms that can be emailed, completed via a computer or tablet, and stored electronically including:
      • LAN Inventory
      • Location Contact Numbers
      • Off-Site Inventory
      • Personnel Locations
      • Plan Distribution
      • Remote Location Contact Information
      • Team Call List
      • Vendor Contact Information
  • Security Manual Template (Word)
    • HIPAA Audit Program
    • ISO 2700 Security Audit
    • Business and IT Impact Questionnaire
    • Threat and Vulnerability Assessment Tool
    • Sarbanes-Oxley Section 404 Checklist
    • Electronic forms that can be Emailed, completed via a computer or tablet, and stored electronically including:

      • Blog Policy Compliance
      • Company Asset Employee Control Log
      • Email - Employee Acknowledgment
      • Employee Termination Checklist
      • Internet Access Request
      • Internet Use Approval
      • Internet & Electronic Communication - Employee Acknowledgment
      • Mobile Device Access and Use Agreement
      • Employee Security Acknowledgement Release
      • Preliminary Security Audit Checklist
      • Security Access Application
      • Security Audit Report
      • Security Violation Reporting
      • Sensitive Information Policy Compliance Agreement


  • 25 Full Job Descriptions
    • Chief Information Officer (CIO); Chief Compliance Officer (CCO); Chief Security Officer (CSO);VP Strategy and Architecture; Director e-Commerce; Database Administrator; Data Security Administrator; Manager Data Security; Manager Database; Manager Disaster Recovery; Manager Disaster Recovery and Business Continuity; Pandemic Coordinator; Manager Facilities and Equipment; Manager Media Library Support; Manager Network and Computing Services; Manager Network Services; Manager Site Management; Manager Training and Documentation; Manager Voice and Data Communication; Manager Wireless Systems;Capacity Planning Supervisor; Disaster Recovery Coordinator; Disaster Recovery - Special Projects Supervisor; Network Security Analyst; System Administrator - Unix; System Administrator - Windows

DR BC SecurityDisaster Recovery Business Continuity & Security Manual Templates Gold

  • Disaster Recovery Business Continuity Template (WORD)

  • Security Manual Template (Word)

  • 243 Full Job Descriptions which includes all of the job descriptions in the premium edition

OrderSecurity Template LicensesTable of Contents