Follow Us - Get Exclusive
Premium White Papers
Follow Us TwitterFollow Us FacebookFollowu Us BlogJanco RSS Feed

Buffer
Bookmark
Del.icio.usFacebookCIO Daily

Disaster Recovery Security
Cloud DRP Security
Incident Communication Policy
Security Audit Program

Security Audit Program

ISO 27001 & ISO 27002 / HIPAA / SOX PCI-DSS Compliant

Many organizations have to respond to the queries of internal or external auditors and demonstrate that access to their unstructured data is being properly controlled. Questions such as the following from auditors are not uncommon:

  • How do you know who can access this folder with financial/customer/sensitive data in it?
  • Who authorized a user to have access permission to a file and how?
  • If a key file was deleted, how would you know it happened, or who did it?
  • Who were the last people to access a critical folder, and what did they do?
  • How do you make sure that the right people have access to your data?
OrderTable of Contents

After years of regulation and embarrassing data breaches, the highest levels of management now comfortably discuss IT controls and audit results. However, their quality expectations are rising. Where IT once performed audits annually, many now support quarterly, monthly, and ad hoc exercises. Each audit expands the scope of the technologies assessed, measured, and proven compliant. Broader scope means more complexity and more work. With the Security Audit Program you can increase timeliness and accuracy of audit data while reducing IT audit effort, disruption, and cost.

Security Audit ProgramThis Security Audit program contains over 400 unique tasks divided into 11 areas of audit focus which are the divided into 38 separate task groupings. The audit program is one that either an external auditor, internal auditor can use to validate the compliance of the Information Technology and the enterprise to ISO 27000 Series (ISO 27001 & ISO 27002), Sarbanes-Oxley, HIPAA, and PCI-DSS.

The 11 areas of audit focus and objectives are:

  • Corporate Security Management
  • Systems Development and Maintenance
  • Information Access Control Management
  • Compliance Management
  • Human Resource Security Management
  • Information Security Incident Management
  • Communications and Operations Management
  • Organizational Asset Management
  • Physical and Environmental Security Management
  • Security Policy Management
  • Disaster Recovery Plan and Business Continuity

Included with this program are Microsoft (2003 and 2007 format) Excel workbooks and an indexed PDF document that contain the following:

  • Read me - General instructions on the use of the Excel worksheets
  • Audit Program Summary - Lists the 11 areas of audit focus and the 38 task groupings that are included within the audit. The point summary on this work sheet is calculated automatically by Excel.
  • Audit Program Detail - Lists over 400 detail tasks the need to be completed in the audit and the relative point value of each task.  The only thing that the user needs to do is check the yes or no on each item and re-assign a relative point value for each task.
  • Audit Program Graphic - Lists the 11 areas of audit focus and a bar graph which shows the weights that are assigned to each area.  The point summary on this work sheet is calculated automatically by Excel and the graph is automatically updated.
  • Sample Audit Program - This is copy of the Audit Program Detail with data entered into the individual tasks.
  • Sample Audit Program Summary - This is a copy of the Audit Program Summary with the links changed to point to the Sample Audit Program.
  • Sample Audit Program Graphic - This is a copy of the Audit Program Graphic with links changed to point to the Sample Audit Program plus a chart has been added to show the positive and negative points of the audit. (see chart below)
OrderTable of Contents

 

Security Audit Graphic

This is a summary graphic that was produced from the Excel worksheet provided as the Audit Program.  In the sample above it is easy to see those areas where improvement is need.

OrderTable of Contents

 

Security Audit ProgramSecurity Audit Program

  • Comes in MS EXCEL and PDF formats
  • Meets ISO 27001, 27002, Sarbanes-Oxley, PCI-DSS and HIPAA requirements
  • Over 400 unique tasks divided into 11 areas of audit focus which are the divided into 39 separate task groupings including BYOD

Over 3,000 enterprises from around the world have chosen at least one of Janco's products.  The Security Audit program is a must have tool that not only assists in meeting compliance requirements but also is a great way to validate that your enterprise is ready for your next external audit.

Disaster Recovery Business ContinuityDisaster Recovery Business Continuity Standard Edition

  • Disaster Recovery Business Continuity Template (WORD)
    • Disaster Recovery Business Continuity Audit Program - Compliant with ISO 27031 and ISO 22301
    • Disaster Recovery Manager Job Description
    • Manager Disaster Recovery & Business Continuity Job Description
    • Application Inventory and Business Impact Analysis Questionnaire
    • Incident Communication Plan and Policy with BEST PRACTICES for
      • News Conferences
      • Media Relations
    • Social Network Checklist
    • Included with the template are Electronic Forms which have been designed to lower the cost of maintenance of the plan. Electronic Forms that can be eMailed, completed via a computer or tablet, and stored electronically including:
      • LAN Inventory
      • Location Contact Numbers
      • Off-Site Inventory
      • Personnel Locations
      • Plan Distribution
      • Remote Location Contact Information
      • Team Call List
      • Vendor Contact Information
    • Added Bonus - Safety Program Electronic Forms Just Added
      • Area Safety Inspection
      • Employee Job Hazard Analysis
      • First Report of Injury
      • Inspection Checklist – Alternative Locations
      • Inspection Checklist – Office Locations
      • New Employee Safety Checklist
      • Safety Program Contact List
      • Training Record

Security PoliciesSecurity Manual Template - Standard Edition

  • Security Manual Template
  • Business and IT Impact Questionnaire
  • Threat and Vulnerability Assessment Toolkit
  • Security Management Checklist
  • HIPAA Audit Program
  • Sarbanes Oxley Section 404 Checklist
  • Electronic forms that can be Emailed, completed via a computer or tablet, and stored electronically including:
    • Blog Policy Compliance
    • BYOD Access and Use
    • Company Asset Employee Control Log
    • Email - Employee Acknowledgment
    • Employee Termination Checklist
    • FIPS 199 Assessment Electronic Form
    • Internet Access Request
    • Internet Use Approval
    • Internet & Electronic Communication - Employee Acknowledgment
    • Mobile Device Access and Use Agreement
    • Employee Security Acknowledgement Release
    • Preliminary Security Audit Checklist
    • Security Access Application
    • Security Audit Report
    • Security Violation Reporting
    • Sensitive Information Policy Compliance Agreement
    • Threat and Vulnerability Assessment (Adobe FormsCentral - PDF)

Security Audit ProgramSecurity Audit Program

  • Comes in MS EXCEL and PDF formats
  • Meets ISO 27001, 27002, Sarbanes-Oxley, PCI-DSS and HIPAA requirements
  • Over 400 unique tasks divided into 11 areas of audit focus which are the divided into 39 separate task groupings including BYOD

Over 3,000 enterprises from around the world have chosen at least one of Janco's products.  The Security Audit program is a must have tool that not only assists in meeting compliance requirements but also is a great way to validate that your enterprise is ready for your next external audit.

 

DRP BCP AuditDisaster Recovery Business Continuity Audit Program

  • Comes in MS WORD format and PDF
  • Meets ISO 27001, 27002, 27031 Sarbanes-Oxley, PCI-DSS, FIPS-199, and HIPAA requirements
  • 36 specific items that the audit covers in the 13 page audit program

DRP BCP AuditDisaster Recovery Business Continuity Audit Program

  • Comes in MS WORD format and PDF
  • Meets ISO 27001, 27002, 27031 Sarbanes-Oxley, PCI-DSS, FIPS-199, and HIPAA requirements
  • 36 specific items that the audit covers in the 13 page audit program

Security PoliciesSecurity Manual Template - Standard Edition

  • Security Manual Template
  • Business and IT Impact Questionnaire
  • Threat and Vulnerability Assessment Toolkit
  • Security Management Checklist
  • HIPAA Audit Program
  • Sarbanes Oxley Section 404 Checklist
  • Electronic forms that can be Emailed, completed via a computer or tablet, and stored electronically including:
    • Blog Policy Compliance
    • BYOD Access and Use
    • Company Asset Employee Control Log
    • Email - Employee Acknowledgment
    • Employee Termination Checklist
    • FIPS 199 Assessment Electronic Form
    • Internet Access Request
    • Internet Use Approval
    • Internet & Electronic Communication - Employee Acknowledgment
    • Mobile Device Access and Use Agreement
    • Employee Security Acknowledgement Release
    • Preliminary Security Audit Checklist
    • Security Access Application
    • Security Audit Report
    • Security Violation Reporting
    • Sensitive Information Policy Compliance Agreement
    • Threat and Vulnerability Assessment (Adobe FormsCentral - PDF)

Disaster Recovery Business ContinuityDisaster Recovery Business Continuity Standard Edition

  • Disaster Recovery Business Continuity Template (WORD)
    • Disaster Recovery Business Continuity Audit Program - Compliant with ISO 27031 and ISO 22301
    • Disaster Recovery Manager Job Description
    • Manager Disaster Recovery & Business Continuity Job Description
    • Application Inventory and Business Impact Analysis Questionnaire
    • Incident Communication Plan and Policy with BEST PRACTICES for
      • News Conferences
      • Media Relations
    • Social Network Checklist
    • Included with the template are Electronic Forms which have been designed to lower the cost of maintenance of the plan. Electronic Forms that can be eMailed, completed via a computer or tablet, and stored electronically including:
      • LAN Inventory
      • Location Contact Numbers
      • Off-Site Inventory
      • Personnel Locations
      • Plan Distribution
      • Remote Location Contact Information
      • Team Call List
      • Vendor Contact Information
    • Added Bonus - Safety Program Electronic Forms Just Added
      • Area Safety Inspection
      • Employee Job Hazard Analysis
      • First Report of Injury
      • Inspection Checklist – Alternative Locations
      • Inspection Checklist – Office Locations
      • New Employee Safety Checklist
      • Safety Program Contact List
      • Training Record

 

 

OrderTable of Contents

 

 

Security Auditing News

New Privacy Legislation Proposed in US House

May 12th, 2013

New Privacy Legislation – Application Privacy, Protection and Security (APPS) Act 2013 Proposed privacy legislation bill would require application developers to explicitly gain consent before obtaining data from consumers, and compel them to securely maintain that data in accordance with … Continue reading

The post New Privacy Legislation Proposed in US House appeared first on IT Manager - CIO.

Related posts:
  1. FBI Begins Big Brother Security Implementation — Lost of Privacy FBI begins Big Brother Security implementation In January of 2000 I wrote an article for...
  2. Top 10 Infrastructure Issues that CIOs need to include in IT Strategy Janco’s Top 10 Infrastructure Issue List Top 10 issues that need to be included in...
  3. Security Breach on White House Nuclear Computer Data Base Security Breach on White House Nuclear Computer Data Base White House sources partly confirmed that...
  4. 10 BYOD Best Practices for CIOs BYOD Best Practices for CIOs Bring Your Own Devices (BYOD) is exploding all over corporations. ...
  5. Mobile Computing Top 10 trends for CIOs Mobile computing should be the focus of CIOs Every organization needs to identify and develop...
- more info

Security breaches occur when former employees are unhappy

May 10th, 2013

CIO security issue – Former employees can easily breach networks Security Warning – The importance of a termination procedures and lock-down of systems after key system administrators leave an organization are an on-going issue that CIOs need to address. In … Continue reading

The post Security breaches occur when former employees are unhappy appeared first on IT Manager - CIO.

Related posts:
  1. Life cycle for business continuity and security breaches are the same When a security breach or business interruption occur, the life cycle from the start to...
  2. Employees drive the movement to BYOD and cloud computing CIOs face a security nightmare with the drive towards BYOD and cloud computing High achieving...
  3. 10 steps to jump start your business continuity planning business continuity planning – 10 steps to jump start your BCP Business Continuity – For...
  4. Security Ethics Collide Security Ethics are a growing concern for many According to a new report by Symantec...
  5. Many CIOs have not addressed cloud security issues Less than 50% of all organizations have policies in place that for vetting cloud computing...
- more info

CIOs worry more about cyber threats with mobile computing

May 10th, 2013

Cyber threats are now a much greater concern with the expansion of the use of mobile devices and services. At the same time online criminals have stepped up attacks via email, web and other traditional vectors. Recent research shows a … Continue reading

The post CIOs worry more about cyber threats with mobile computing appeared first on IT Manager - CIO.

Related posts:
  1. CIOs Worry More About Cyberthreats CIOs face more cyber threats Cybert hreats are now a much grater concern with the...
  2. Mobile Computing Top 10 trends for CIOs Mobile computing should be the focus of CIOs Every organization needs to identify and develop...
  3. CIOs are not conducting cloud computing risk assessments CIOs are not conducting cloud computing risk assessments A new survey by Protiviti has found...
  4. Cyber war breaks out – slows Internet Cyber war pushes need for more security The recent cyber war between Spamhaus and Cyberbunker...
  5. Include Social Media in Your Business Continuity Plans 6 Ways to Utilize Social Media Before a Disaster Strikes by Adam Crowe When creating...
- more info

10 reasons why organizations need a Chief Mobility Officer (CMoO)

May 7th, 2013

Chief Mobility Officer (CMoO) business case Here are ten reasons your company needs a chief mobility officer: To deliver mobility solutions for the enterprise to provide the necessary competitive edge before the competition and at least in a timely manner … Continue reading

The post 10 reasons why organizations need a Chief Mobility Officer (CMoO) appeared first on IT Manager - CIO.

Related posts:
  1. Is a Chief Mobility Officer necessary Chief Mobility Officer now almost a necessity The idea of a company having a chief...
  2. Top 10 Reasons Cloud Solutions are Expanding Top 10 Reasons Cloud Computing is Exploding As CIOs and businesses move organizations towards cloud...
  3. 5 tips to improve productivity 5 tips to improve productivity The Internet is full of ways to improve productivity, but...
  4. The new business continuity and disaster recovery standard – ISO 22312 versus ISO 22301 New business continuity and disaster recovery standard CIOs, Business continuity practitioners, vendors and consultants have...
  5. Mobile Computing Top 10 trends for CIOs Mobile computing should be the focus of CIOs Every organization needs to identify and develop...
- more info

CIOs Worry More About Cyberthreats

May 5th, 2013

CIOs face more cyber threats Cybert hreats are now a much grater concern with the expansion of the use of mobile devices and services. At the same time online criminals have stepped up attacks via email, web and other traditional … Continue reading

The post CIOs Worry More About Cyberthreats appeared first on IT Manager - CIO.

Related posts:
  1. Fraud is on the rise CIOs need to address fraud issues with better security For the last three years it...
  2. Cyber war breaks out – slows Internet Cyber war pushes need for more security The recent cyber war between Spamhaus and Cyberbunker...
  3. CIOs are not conducting cloud computing risk assessments CIOs are not conducting cloud computing risk assessments A new survey by Protiviti has found...
  4. Many CIOs have not addressed cloud security issues Less than 50% of all organizations have policies in place that for vetting cloud computing...
  5. Email Spam Reporting Policy E-mail Spam Reporting Policy Note: Of course legitimate, individually-sent employment, business and personal inquiries are...
- more info

10 things to do after explosion, terrorist attack, or random act of violence

April 22nd, 2013

10 Things To Do After an Explosion, Terrorist Attack, or a Random Act of Violence After an explosion, terrorist attack, or other random act of violence there can be a second event that cause as much damage as the first … Continue reading

The post 10 things to do after explosion, terrorist attack, or random act of violence appeared first on IT Manager - CIO.

Related posts:
  1. Weather a Business Continuity Issue Business Continuity Should Plan For Changes in the Weather People’s response to natural events when...
  2. Top 10 Backup Best Practices White Paper Released Top 10 Backup Best Practices White Paper Released Janco has just released another in its...
  3. Top 10 things business can do to minimize wildfire risks in business parks Top ten by Janco – Wildfire caused and increase business interruption risk as the number...
  4. Top 10 Selection Criteria for a Disaster Recovery Cloud Provider Cloud disaster recovery business continuity When looking for cloud providers of Disaster Recovery and Business...
  5. Top 10 concerns of disaster recovery pros Disasters Happen — Business Continuity Disaster Recovery How do you balance the business continuity disaster...
- more info

Two factor authentication soon to be a standard

April 19th, 2013

Two factor authentication increases security Two factor authentication in addition to complex passwords are very difficult to guess or even crack using  commonly available code breaking software. Password complexity is often built on  the length of the word and the … Continue reading

The post Two factor authentication soon to be a standard appeared first on IT Manager - CIO.

Related posts:
  1. 10 BYOD Best Practices for CIOs BYOD Best Practices for CIOs Bring Your Own Devices (BYOD) is exploding all over corporations. ...
  2. The new business continuity and disaster recovery standard – ISO 22312 versus ISO 22301 New business continuity and disaster recovery standard CIOs, Business continuity practitioners, vendors and consultants have...
  3. Top 10 Security Myths Security Myths Organizations are more secure now than they were a year ago The presence...
  4. Security Ethics Collide Security Ethics are a growing concern for many According to a new report by Symantec...
  5. Top 10 security requirements for mobile user Top 10 security requirements CIOs need to address for mobile user CIO and IT Managers...
- more info

Many CIOs have not addressed cloud security issues

April 15th, 2013

Less than 50% of all organizations have policies in place that for vetting cloud computing applications for possible security risks before deploying them. The number of CIO saying that risks need to be assessed prior to cloud adoption is 10%. … Continue reading

The post Many CIOs have not addressed cloud security issues appeared first on IT Manager - CIO.

Related posts:
  1. CIOs are not conducting cloud computing risk assessments CIOs are not conducting cloud computing risk assessments A new survey by Protiviti has found...
  2. Top 10 Reasons Cloud Solutions are Expanding Top 10 Reasons Cloud Computing is Exploding As CIOs and businesses move organizations towards cloud...
  3. Top 10 Selection Criteria for a Disaster Recovery Cloud Provider Cloud disaster recovery business continuity When looking for cloud providers of Disaster Recovery and Business...
  4. More Cloud based DR and BC More businesses will take advantage of cloud computing for business continuity during 2013, it has...
  5. Cloud storage aids disaster recovery and business continuity Cloud Storage is a next step to implement after the disaster recovery plan is created...
- more info

Social media policy needed to meet internal audit requirements

April 12th, 2013

Social Media Policy is Missing in Over 50% of all Organizations Internal audit has never been easy, and a recent survey shows that 43% of companies have no social media policy within their organization. Among those with a policy, many … Continue reading

The post Social media policy needed to meet internal audit requirements appeared first on IT Manager - CIO.

Related posts:
  1. Include Social Media in Your Business Continuity Plans 6 Ways to Utilize Social Media Before a Disaster Strikes by Adam Crowe When creating...
  2. Security Audit and Management just became easier The Security Audit Program and Security Manual Template have been updated to meet mandated compliance...
  3. Meeting ISO 27031 Requirements Meeting ISO 27031 Requirements ISO 27031 The ISO Standard defines the Information and Communication Technology...
  4. Released BYOD Policy Template – Bring-Your-Own-Device BYOD Policy Template Janco has announced an update to  the “BYOD Policy Template – Bring-Your-Own-Device”....
  5. Email Spam Reporting Policy E-mail Spam Reporting Policy Note: Of course legitimate, individually-sent employment, business and personal inquiries are...
- more info

Mandated breach notification laws are in place in 46 states

April 7th, 2013

Mandated Breach Notification Laws Forty-six states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information. Alaska Alaska Stat. § 45.48.010 et seq. Arizona Ariz. Rev. Stat. § 44-7501 Arkansas Ark. Code § … Continue reading

The post Mandated breach notification laws are in place in 46 states appeared first on IT Manager - CIO.

Related posts:
  1. Security Breach on White House Nuclear Computer Data Base Security Breach on White House Nuclear Computer Data Base White House sources partly confirmed that...
  2. Unemployment is over 9% in 8 states not a good sign for IT Pros As people continue to forecast an improvement in the economy, the latest BLS data shows...
  3. Top 10 Reasons Cloud Solutions are Expanding Top 10 Reasons Cloud Computing is Exploding As CIOs and businesses move organizations towards cloud...
  4. Disaster Recovery and Business Continuity Top 10 “Disaster Recovery and business continuity are all about being ready for everything.  The question that...
- more info