JancoJanco Forum

News Feed

Feed
Description
 Janco Mobile Pages

Join Now
Home
Search
Templates
Salary Survey
HandiGuides
Job Descriptions
Individual Policies
Compliance Tools
White Papers
Update Service
Bundles & Special Offers
Software
Promotions


Security Audit Program

Disaster Recovery Template Sarbanes Oxley

IT Infrastructure, Strategy, & Charter Template

Job Descriptions IT Salary Data

IT Salary Survey

IT Hiring IT Job Descriptions IT Salary Survey

Sarbanes Oxley Compliance Tool Kit

Information Technology Service Management ITSM - Change Control, Help Desk, and Service Request

CIO Productivity

Outsourcing Guidelines Outsource procedures

Metrics Internet IT

safety Program Template

 Security Manual Template

Security Manual Template
ISO 27000 / HIPAA / SOX Compliant

Includes PCI DSS Audit Program

Patriot Act Complaint
Version 6.3

Updated March 2008

This Security Manual for the Internet and Information Technology is over 220 pages in length. All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley compliance).   In addition, the Security Manual Template PREMIUM Edition  contains 16 detail job descriptions that apply specifically to security and Sarbanes Oxley, ISO 27000 (ISO27001 and ISO27002), PCI-DSS, and HIPAA. Data Protection is a priority.

Comprehensive, Detailed and Customizable for Your Business

The IT Security Process Kit provides all the essential sections of a complete security manual and walks you through the creation of each step. Detailed language addressing more than a dozen security topics is included in a 224 page Microsoft Word document, which you can modify as much or as little as you need to fit your business requirements. The template includes sections on critical topics like:

  • Risk analysis
  • Staff member roles
  • Physical security
  • Facility design, construction and operations
  • Media and documentation
  • Data and software security
  • Network security
  • Internet and IT contingency planning
  • Insurance
  • Outsourced services
  • Waiver procedures
  • Incident reporting procedures
  • Access control guidelines
  • PCI DSS Audit Program as a separate document

The Security Manual Template a stand alone item (Standard) or in the Premium or Gold sets:

  Standard Premium Gold
Security Manual Template (WORD) X X X
Business Impact Questionnaire
(21 pages)		 X X X
Threat and Vulnerability Assessment Form X X X
Security Audit Program (Excel 22 pages)   X X

16 full IT Job Descriptions:

  • Chief Compliance Officer (CCO)

  • Chief Security Officer (CSO)

  • VP Strategy and Architecture

  • Director e-Commerce

  • Database Administrator

  • Data Security Administrator

  • Manager Data Security

  • Manager Facilities and Equipment

  • Manager Network and Computing Services

  • Manager Network Services

  • Manager Training and Documentation

  • Manager Voice and Data Communication

  • Manager Wireless Systems

  • Network Security Analyst

  • System Administrator - Unix

  • System Administrator - Windows

   X X
204 IT Job Descriptions (WORD each as an individual file using long file names includes the 16 job descriptions listed above)     X
Update Service Available Yes Yes Yes

The template includes everything needed to customize the Internet and Information Technology Security Manual to fit your specific requirement.  The electronic document includes proven written text and examples for the following major sections for your security plan:

  • Security Manual Introduction - scope, objectives, general policy, and responsibilities

  • ISO 27000 (formerly ISO 17799) 27001 and 27002 Compliant

  • Risk Analysis - objectives, roles, responsibilities, program requirements, and practices program elements

  • Staff Member Roles - policies, responsibilities and practices

  • Sensitive Information Policy

  • Physical Security  - area classifications, access controls, and access authority

  • Facility Design, Construction and Operational Considerations - requirements for both central and remote access points

  • Media and Documentation - requirements and responsibilities

  • Data and Software Security - definitions, classification, rights, access control, INTERNET, INTRANET, logging, audit trails, compliance, and violation reporting and follow-up

  • Network Security - vulnerabilities, exploitation techniques, resource protection, responsibilities, encryption, and contingency planning

  • Internet and Information Technology contingency Planning - responsibilities and documentation requirements

  • Travel and Off-Site Meetings - specifics of what to do and not do to maximize security

  • Insurance - objectives, responsibilities and requirements

  • Outsourced Services - responsibilities for both the enterprise and the service providers

  • Waiver Procedures - process to waive security guidelines and policies,

  • Incident Reporting Procedures - process to follow when security violations occur

  • Access Control Guidelines - responsibilities and how to issue and manage badges / passwords

  • Sample Forms

    • Business and IT Impact Questionnaire

    • Threat & Vulnerability Assessment Tool

    • Security Violation Reporting form

    • Security Audit form

    • Inspection Check List

    • New Employee Security form

    • Security Access Application form

    • Employee Termination Checklist

    • Supervisor's Employee Termination Checklist

    • Sensitive Information Policy Compliance Agreement

    • HIPAA Audit Program Guide

    • ISO 27001 and 27002 Security Checklist

 

 

News

05/11/2008 - Spliced feed for Security Bloggers Network
I went looking, and was surprised to see that their privacy policy is at least honest. They make no claim that they care about your privacy, nor any that they apply the highest standards of security to your information. ...- more information

 

05/08/2008 - Information Security Management System: Are you Still not Backing ...
The ISO-17799:2005 Code of be an enthusiast of for in rank self-confidence management recommends the following be examined during a hazard assesment: security policy, congregate of in rank security, asset management, creature capital ...- more information

 

05/08/2008 - Taming the Wild wild web
DTI (2006) “A Director’s Guide, Information Security” Dept. of Trade and Industry UK ISO 17799:1/17799:2 Standards Australia Leveson, Nancy & Turner, Clark S. (1993) “An Investigation of the Therac-25 Accidents” IEEE Computer, Vol. ...- more information

 

05/07/2008 - Features of the BS 7799 and ISO 17799 standards
Greater audit Return of Investment (ROI): After BS 7799 becomes the industry standard, organizations will have access to accredited auditors for testing and evaluating a security policy. The results will be more reliable and accurate. ...- more information

 

05/05/2008 - [indusnmfg] About ISO
ISO/IEC 17799 Information technology: Code of practice for information security management ISO/IEC 17894 Ships and marine technology - Computer applications - General principles for development and use of PES in marine applications ...- more information

 

05/04/2008 - My Merchant Services Contract Requires Me To Do What??
iSecurityPolicy.com and you can purchase a customized Information Security Policy Manual (ISPM) for $435. This is a bargain compared to the alternative of hiring a dedicate Information Security consultant for the sole purpose of ...- more information

 

05/03/2008 - Security Controls
IT Security Manager - ISO 17799, BS 7799 (National Capital Reg - Makati City) Responsibilities: Establish and implement all IT Security Controls as per the company’s security policy (ISO 17799) and coordinate with the staff; . ...- more information

 

05/03/2008 - Security Frameworks
... RRHH security, Information security, comunications and operations management, assent management, security policy and incident management. * ISO 27001 Information security management specification. Is a complement for the ISO 17799. ...- more information

 

04/27/2008 - HP Creates Security Reference Model to Better Manage Enterprise ...
So we have adopted the open standard with the ISO 27001 and 17799 security-control taxonomy. We have structured the internal framework of ISSM for 1186 base controls that we have then mapped to virtually every industry regulation and ...- more information

 

04/20/2008 - Software quality Management Expert
To Do sampling Check of Installed software, Firewall Security Policy  To check the log of SOC service randomly. 2. Role as a SQA Leader:  To Review of Product Concept Note  To Review Design / Modelling Document ...- more information

 

04/14/2008 - {Brainstormers -CA} Audit Check list - Shipping Companies.
ISO/IEC 17799 > > The purpose of ISO/IEC 17799 Code is to establish a > set of standard criteria for an Information Security > Management System, which is not only designed to > provide 'absolute protection' but also to ensure the ...- more information

 

04/14/2008 - HRM, it’s not just hiring for compliance
Organisations seeking certification or compliance against ISO 17799 need to have integrated the Human Resources and security functions in order to maintain an effective training and awareness system. Further, they need to evaluate ...- more information

 

04/09/2008 - IT Security Manager -- JobStreet SELECT - JobStreet.com Phils. Inc ...
Establish and implement all IT Security Controls as per the company's security policy (ISO 17799) and coordinate with the staff.Coordinate with internal IT of Client organization for both operational and project issues; Ensure that all ...- more information

 

04/06/2008 - CCIE security written exam blueprint
Security General Policies - Security Policy Best Practices Information Security Standards (ISO 17799, ISO 27001, BS7799) Standards Bodies Common RFCs (eg RFC1918, RFC2827, RFC2401) BCP 38 Attacks, Vulnerabilities and Common Exploits ...- more information

 

03/30/2008 - Security standards: a stitch in time
With BS 7799 being replaced by ISO 27001/17799, the current focus is on upgrading to, or going in for, certification on these latter-day standards. "Regulations like Sarbanes-Oxley specify factors like the need for a security policy, ...- more information

 

03/27/2008 - CSSAL in Albany, NY
The policy follows the framework of ISO/IEC 17799 for Security Policy guidelines. The client is seeking the services of a qualified Information Security Consultant to work within the Information Security Office (ISO) to be primarily ...- more information

 

03/18/2008 - Microsoft’s Security Management SMF - Part 1
“The Security Management SMF also relates to industry security standards and initiatives, such as the International Standards Organization (ISO) 17799:2000 and the IT Infrastructure Library (ITIL) Best Practice in Security Management. ...- more information

 

02/03/2008 - What ISO 17799 Provide and Address
Information security policy • Assignment of responsibility for information security • Problem escalation • Business continuity management When implementing a system for information security management several critical success factors ...- more information

 

01/29/2008 - Africa’s False Sense of Security in ICT
ISO 17799/27001 - establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. The control objectives and controls in ISO/IEC 17799:2005 are ...- more information

 

01/24/2008 - Wireless Security Testing Process
Posture review: General review of best practices, the organization’s industry regulations, the organization’s business justifications, the organization’s security policy, and the legal issues for the organization and the organization’s ...- more information

 

01/22/2008 - The ISO 27000 Newsletter
includes both parts of the standard, audit checklists, a roadmap, a set of ISO compliant security policies, and a range of other items and materials. http://17799. standardsdirect. org This is the BSI Online Shop, a vending site for ...- more information

 

12/05/2007 - IT GOVERNANCE COURSE 12
Common Criteria is a framework used to specify security requirements; ISO 17799 is provides best practice recommendations for implementing good security management One specific type of policy is the organization’ssecurity policy. ...- more information

 

11/02/2007 - Key Components of the Standard : BS 7799 (ISO 17799)
Even if a company decides not go in for the certification, BS 7799 (ISO 17799) model helps companies maintain IT security through ongoing, integrated management of policies and procedures, personnel training, selecting and implementing ...- more information

 

10/15/2007 - Sample Security Policies
[MS Word]; Government Security Policy - The New Zealand Government's information security policy, based on the 2000 version of ISO/IEC 17799. [ZIP file containing PDF and MS Word versions]; HSPD-12 Privacy Policy - Sample privacy policy ...- more information

 

05/10/2007 - ISO 17799/27001 BS7799 IT Security policy resources
At a minimum the security policy should act as a guide for your business. If you have more than one employee, you should have a policy in place. For companies with up to 200 employees, the ISO 17799 standards allow management to have a ...- more information

 
 

News HTML
SAFE Shopping

2008 Janco Associates, Inc. - ALL RIGHTS RESERVED -- Revised: 05/02/08