Implementing World Class Best Practices Network Data
Breach Protection
Data breaches will happen. Security and data breach protection are a never-ending process and that no CIO or CSO can claim that their data is completely secure.
The sheer number of data breaches reported this year alone has led to security experts dubbing this year as the "Year of the Hack." What's an organization to do when the major technology companies are admitting they have been breached? With sophisticated malware, advanced attacks and sneaky insiders, security seems like an unattainable goal. Security is everyone's responsibility, from the board of directors, c-level executives such as the CEO, CIO, CFO, down to the front-line employees who actually work daily with sensitive information.
While implementing security measures is important, organizations also need to plan for the inevitable "what-if" scenario when systems and data are compromised.
World class best practices that every CIO should follow include:
- Establish Security as a Top Priority - Security is more than just preventing or limiting what people can do. Good security enables businesses to operate more securely by protecting revenue and profits that could be lost through a data breach. Treat security as an essential part of the company's mission.
- Conduct a risk assessment:
- Identify all risks, especially IT related risks
- Identify all areas where these risk can occurs
- Encrypt Sensitive Data - encrypt sensitive data stored on servers, laptops and portable media. If data is being stored on highly portable USB flash drives, encrypt those, too. If any of them are lost, no one can access the encrypted data.
- Implement a Strong Password Policy - Require all employees to change passwords frequently and make sure the selected passwords are strong. Educate users to not reuse passwords across multiple business or even personal accounts.
- Segment the Network and Computers Use separate computers for financial transactions such as banking and payroll. Don't access anything else, such as email or any other Websites from that machine, to foil malware and phishing schemes.
- Comply with all data protection regulations – become compliant with all relevant government and industry data preservation standards.
- Conduct Penetration Tests – use an external resources run penetration tests to find the vulnerabilities in the system.
- Implement an incident response plan – test the plan, so when data breaches happen, everyone knows what to do immediately.
- Train All Employees - teach employees to be careful of what they do on personal devices and what corporate data they download.
Security Policies and Procedures - First Step in Data Breach Protection
The IT Security Manual Template provides all the essential sections of a complete security manual and walks you through the creation of each step. Detailed language addressing more than a dozen security topics is included in a 230 plus page Microsoft Word document, which you can modify as much or as little as you need to fit your business requirements. The template includes sections on critical topics like:
- Risk analysis
- Staff member roles
- Physical security
- Electronic Communication (email / Smartphones)
- Blogs and Personal Web Sites
- Facility design, construction and operations
- Media and documentation
- Data and software security
- Mobile Device Access and Use
- Network security
- Internet and IT contingency planning
- Insurance
- Outsourced services
- Waiver procedures
- Employee Termination Procedures and Forms
- Incident reporting procedures
- Access control guidelines
- PCI DSS Audit Program as a separate document
- Security Compliance Checklists
- Massachusetts 201 CMR 17 Compliance Checklist
The Security Manual Template can be acquired as a stand alone item (Standard) or in the Premium or Gold sets:
Security Manual Template - Standard Edition
- Security Manual Template
- Business and IT Impact Questionnaire
- Threat and Vulnerability Assessment Toolkit
- Security Management Checklist
- HIPAA Audit Program
- Sarbanes Oxley Section 404 Checklist
- Electronic forms that can be Emailed, completed via a computer or tablet, and stored electronically including:
- Blog Policy Compliance
- BYOD Access and Use
- Company Asset Employee Control Log
- Email - Employee Acknowledgment
- Employee Termination Checklist
- FIPS 199 Assessment Electronic Form
- Internet Access Request
- Internet Use Approval
- Internet & Electronic Communication - Employee Acknowledgment
- Mobile Device Access and Use Agreement
- Employee Security Acknowledgement Release
- Preliminary Security Audit Checklist
- Security Access Application
- Security Audit Report
- Security Violation Reporting
- Sensitive Information Policy Compliance Agreement
- Threat and Vulnerability Assessment (Adobe FormsCentral - PDF)
- Security Manual Template
- Business and IT Impact Questionnaire
- Threat and Vulnerability Assessment Form
- HIPAA Audit Program
- Sarbanes Oxley Section 404 Checklist
- Security Audit Program - fully editable
- Comes in MS EXCEL and PDF formats
- Meets ISO 27001, 27002, Sarbanes-Oxley, PCI-DSS, HIPAA FIPS 199, and NIS SP 800-53 requirements
- Over 400 unique tasks divided into 11 areas of audit focus which are the divided into 38 separate task groupings
- Over one dozen Electronic Forms
- Security Job Descriptions MS Word Format
- Chief Security Officer (CSO)
- Chief Compliance Officer (CCO)
- VP Strategy and Architecture
- Director e-Commerce
- Database Administrator
- Data Security Administrator
- Manager Data Security
- Manager Facilities and Equipment
- Manager Network and Computing Services
- Manager Network Services
- Manager Training and Documentation
- Manager Voice and Data Communication
- Manager Wireless Systems
- Network Security Analyst
- System Administrator - Unix
- System Administrator - Windows
- Security Manual Template
- Business and IT Impact Questionnaire
- Threat and Vulnerability Assessment Form
- HIPAA Audit Program
- Sarbanes Oxley Section 404 Checklist
- Security Audit Program
- Electronic Forms
- 260 Job Descriptions from the Internet and IT Job Descriptions HandiGuide in MS Word Format including all of the job descriptions in the Premium Edition.
Disaster Recovery Business Continuity & Security Manual Templates Standard Edition Includes
- Disaster Recovery Business Continuity Template
- Disaster Recovery Business Continuity Audit Program
- Security Manual Template
- Business and IT Impact Questionnaire - 21 pages
- Threat and Vulnerability Assessment Form
- Disaster Recovery Business Continuity Template
- Security Manual Template
- 25 Job Descriptions
- Chief Information Officer - CIO; Chief Compliance Officer - CCO; Chief Security Officer - CSO;VP Strategy and Architecture; Director e-Commerce; Database Administrator; Data Security Administrator; Manager Data Security; Manager Database; Manager Disaster Recovery; Manager Disaster Recovery and Business Continuity; Pandemic Coordinator; Manager Facilities and Equipment; Manager Media Library Support; Manager Network and Computing Services; Manager Network Services; Manager Site Management; Manager Training and Documentation; Manager Voice and Data Communication; Manager Wireless Systems;Capacity Planning Supervisor; Disaster Recovery Coordinator; Disaster Recovery - Special Projects Supervisor; Network Security Analyst; System Administrator - Unix; System Administrator - Windows
- Disaster Recovery Business Continuity Template
- Security Manual Template
- 260 Job Descriptions which includes all of the job descriptions in the premium edition
"Best of Breed - Best Practices Disaster Recovery Planning / Business Continuity Planning, Security Policies, IT Job Descriptions" according to the IT Productivity Center