JancoJanco Forum

News Feed

Feed
Description
 Janco Mobile Pages

Join Now
Home
Search
Templates
Salary Survey
HandiGuides
Job Descriptions
Individual Policies
Compliance Tools
White Papers
Update Service
Bundles & Special Offers
Software
Promotions
About Us


Disaster Recovery Template Sarbanes Oxley

IT Infrastructure, Strategy, & Charter Template

Job Descriptions IT Salary Data

IT Salary Survey

IT Hiring IT Job Descriptions IT Salary Survey

Sarbanes Oxley Compliance Tool Kit

Information Technology Service Management ITSM - Change Control, Help Desk, and Service Request

CIO Productivity

Outsourcing Guidelines Outsource procedures

Metrics Internet IT

safety Program Template

 Security Manual Template

Security Manual Template
ISO 17799 Compliant

Sarbanes Oxley / HIPAA
Patriot Act Complaint
Version 6.0

The Sarbanes-Oxley Act (SOX) requires the certification of the accuracy of the periodic reports and financial statements of ENTERPRISE by the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) of ENTERPRISE.  In addition it adds the requirement that the CEO and CFO on a “rapid and current basis” disclose information that can or does materially change the financial condition of a publicly traded ENTERPRISE. 

ISO/IEC 17799:2005 establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. The objectives outlined provide general guidance on the commonly accepted goals of information security management. ISO/IEC 17799:2005 contains best practices of control objectives and controls in the following areas of information security management:

  • Security policy;
  • Organization of information security;
  • Asset management;
  • Human resources security;
  • Physical and environmental security;
  • Communications and operations management;
  • Access control; and
  • Information systems acquisition, development and maintenance.

All of the ISO 17799 best practices are needed to meet the objectives of SOX.  This security manual template helps your enterprise to:

  • Understand your business requirements, outline control objectives, and perform IT risk assessments;
  • Analyze the IT control environment to identify gaps between internal policies and external requirements;
  • Create, disseminate, and document policies using a risk-based approach, track user acceptance, and manage exceptions and waiver requests; and
  • Translate imprecise regulatory mandates into actionable IT policies through an effective control framework.
  • Implement controls, policies, procedures and document operational management process to meet policy and business requirements;
  • Assess controls compliance for all major operating systems and identify and remediate deviations to proactively sustain the control environment; and
  • Maintain a secure control environment, assess security threats, and receive early warning to take proactive countermeasures.
  • Audit and examine the control environment on a continuing basis;
  • Author and publish reports to measure the effectiveness of security controls in meeting a variety of standards and regulations and demonstrate due care of compliance;
  • Map control information to specific policies in order to provide recommendations for improvements to the control environment; and
  • Collect, integrate, and retain trend analyses and evidentiary information from disparate control mechanisms for audits and documentation requests.

ISO 17799 is the best vehicle to achieve that end.

The Security Manual Template comes in three versions:
 

  Standard Premium Gold
Security Manual Template (WORD) X X X
Business Impact Questionnaire
(21 pages)		 X X X
Threat and Vulnerability Assessment Form X X X

16 full IT Job Descriptions:

  • Chief Compliance Officer (CCO)

  • Chief Security Officer (CSO)

  • VP Strategy and Architecture

  • Director e-Commerce

  • Database Administrator

  • Data Security Administrator

  • Manager Data Security

  • Manager Facilities and Equipment

  • Manager Network and Computing Services

  • Manager Network Services

  • Manager Training and Documentation

  • Manager Voice and Data Communication

  • Manager Wireless Systems

  • Network Security Analyst

  • System Administrator - Unix

  • System Administrator - Windows

   X X
204 IT Job Descriptions (WORD each as an individual file using long file names includes the 16 job descriptions listed above)     X
Update Service Available Yes Yes Yes

 

 

News

02/18/2008 - Leveraging Compliance For Security
They are also the cornerstone of many different compliance frameworks, including: SOX, the Payment Card Industry (PCI), ISO 17799/27001, Common Criteria (ISO/IEC 15408), and GLBA; not to mention other local and international standards. ...- more information

 

02/14/2008 - Who is who? ISO 27001 and others...
ISO 17799 / 27001 is an information security management system (ISMS) standard published in October 2005 by the International Organization for Standardization and the International Electrotechnical Commission. Its full name is ISO/IEC ...- more information

 

02/13/2008 - Metodología de análisis de riesgos para abordar una certificación ...
ISO/IEC 27001 / 2005 “Sistemas de Gestión de Seguridad de la Informaciónâ€; ISO/IEC 15408 / 2005 “Criterios de Evaluación de Seguridad de la Informaciónâ€; ISO/IEC 17799 / 2005 “ Manual de Buenas Prácticas de Gestión de Seguridad de la ...- more information

 

01/29/2008 - Africa’s False Sense of Security in ICT
ISO 17799/27001 - establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. The control objectives and controls in ISO/IEC 17799:2005 are ...- more information

 

01/25/2008 - CONSULTANT CONFIRME EN SECURITE DE L'INFORMATION
et maîtrisez les normes ISO 27001 et 17799 (vous avez idéalement une certification Lead Auditor 27001, CISSP ou CISA). Vous connaissez les grandes problématiques technologiques (nomadisme, téléphonie mobile, biométrie, authentification ...- more information

 

01/19/2008 - Managing Risk in Information Technology
More than that, ITIL is particularly weak where information security management is concerned - the ITIL book on information security really does no more than refer to a now very out-of-date version of ISO 17799, the information security ...- more information

 

01/14/2008 - Availabe Consultants Excellent SOX/IT Audit Consultant Available
Certified ISO 17799 Lead Auditor, BSI , UK. Summary. Information Systems Audit Professional with over 11 years of progressive experience in Information Technology (IT) audits, Compliance Audits (SOX, GLBA, SAS70), primarily working on ...- more information

 

12/07/2007 - Head of IT Security in New York, NY
Understanding and application of information security standards and best practices including ISF Standard of Good Practice, ISO 17799/27001, CoBIT, Common Criteria, NIST publications, OWASP, Center for Internet Security, etc. ...- more information

 

11/08/2007 - [SJ-JOB] Security Consultant, Atlanta
o Sarbanes Oxley. o NERC/CIP. o ISO 17799/27001. o PCI DSS. Candidate should be able to demonstrate and understanding of specific IT security technologies and processes:. o IP Network architecture and technology, protocols, routing ...- more information

 

09/10/2007 - Sr. Security Engineer in Dallas, TX
Responsibilities include assisting in the execution of documented Information Security Management System (ISMS) processes defined by BS 17799 and ISO 27001. Assist with other inter-process that feed ISMS processes. Complete Description: ...- more information

 

09/10/2007 - Sr. Security Engineer (Austin, TX, 73344)
Security Engineer 6 Month Contract to Perm Short Description: Responsibilities include assisting in the execution of documented Information Security Management System (ISMS) processes defined by BS 17799 and ISO 27001. ...- more information

 

09/01/2007 - Thoughts on SAS 70 and Other Standards
Others are anticipated to include a re-publication of ISO 17799, a standard for information security measurement and metrics, and potentially a version of the current BS7799-3 standard. Prior to the release of the ISO 27001 standard, ...- more information

 

08/29/2007 - Information Security Policies Address Top Federal Information Risks
ISPME contains over 1500 individual controls covering all aspects of ISO 17799/27001. Inadequate protection of information accessed or processed remotely. ISPME contains over 100 policies on remote working, including remote access to ...- more information

 

08/07/2007 - Holistic Information Security Practitioner (HISP) Certification ...
internationally accepted best practices framework of ISO/IEC 27002:2005 (formerly ISO 17799) and the ISO/IEC 27001:2005 standard. The class covers the mapping of ISO/IEC 27002:2005 with COBIT, COSO and ITIL then explains a methodology ...- more information

 

07/27/2007 - ISO 27001: Frequently asked questions
ISO/IEC 27001 (BS 7799 Part 2) is the specification for an ISMS. It explains how to apply ISO/IEC 17799. It matters because it provides the standard against which certification is performed including a list of mandatory documents. ...- more information

 

07/18/2007 - Legal
Most companies do have things in common, and that is where things like ISO 17799 and 27001 come in handy, it gives an excellent baseline for those items that companies do have in common. Laws like SOX, HIPAA, HB 1386 and others then ...- more information

 

07/03/2007 - Holistic Information Security Practitioner (HISP) Certification Course
... Systems Auditing and multiple Regulatory Compliance requirements and how to map multiple regulatory requirements to the internationally accepted best practices framework of ISO/IEC 17799:2005 and the ISO/IEC 27001:2005 standard. ...- more information

 

06/01/2007 - Neupart ISO 27001 and Compliance Survey
The top regulatory area for spending in 2007-2008 is still anticipated to be Sarbanes Oxley. ISO 17799 is embedded in 85% of information security management systems to varying degrees. An equal percentage of respondents (35%) viewed the ...- more information

 

05/10/2007 - ISO 17799/27001 BS7799 IT Security policy resources
For companies with up to 200 employees, the ISO 17799 standards allow management to have a better awareness of IT security and for larger organizations, the standards should allow the creation of a mature and compatible IT security ...- more information

 

04/27/2007 - Embarking on ISO17799 certification trail
ISO 17799 seems to be the framework of choice for CISOs across the globe. The standard (ISO 17799) and its accompanying certification (ISO 27001) provide a comprehensive set of requirements for the implementation of security controls ...- more information

 

02/02/2007 - Virtusa : ISO 27001 Certified
ISO 27001 (ISO 17799 / BS7799) is a comprehensive set of controls comprising internationally-defined security best practices for information systems. ISO 27001 is a comprehensive Information Security Standard that affords organizations ...- more information

 

01/24/2007 - The Latest ISO 17799 and ISO 27001 Newsletter Published
The long awaited standard for business continuity, which supports ISO 17799 and ISO 27001, has been published. As with many international standards, BS25999 will comprise two parts: a code of practice (equating to ISO 17799) and a ...- more information

 

10/23/2006 - How do ISO 17799 and Cobit complement each other?
The above matrix will hopefully prove to be useful for those also embracing COBIT within their ISO 17799 / ISO 27001 remit. Reference: http://www.controlit.org (The COBIT User Group). best practice Cobit 4.0 Information Systems Audit ...- more information

 

10/05/2006 - ISO 17799 and 27001: Setting the Standards for Information Security
There's also California's and other states' data breach disclosure laws, and the Sarbanes-Oxley Act, which requires IT to test the effectiveness of controls over financial-reporting systems. And the European Union's privacy laws, etc. ...- more information

 

10/10/2005 - ISO 17799 News 11
Both these sites also offer a version of the ISO 17799 Toolkit (the main support resource for the standard) inclusive of ISO 27001, with the same upgrade arrangement in place. 3) INTERVIEW 1: FIRST AUDITOR? ============================= ...- more information

 
 

News HTML
SAFE Shopping

© 2000 - 2008 Janco Associates, Inc. - ALL RIGHTS RESERVED -- Revised: 06/10/08