Facebook Follow



XLM News Janco News Feed

Reddit  Del.icio.us  Stumble Upon  Facebook  
Security Topics

How to Justify Security Spending
ISO Domains & Security Manual Template
ISO 27008:2011
Top 10 Security Myths
Security Issue Trends
Security Management
Common User Passwords
User Security Holes
Passwords
Top Network
Security Weaknesses
Malware Impact On Security
Steps to Detect and Prevent Security Breaches
Insider Data Security Issues
What is HIPAA
SmartPhone & Tablet Security
Digital Copier Risk
Mobile Device Security

Security Manual

Security Policies and Procedures Manual Template

ISO 27000 / HIPAA / SOX / CobiT Compliant
Includes PCI DSS Audit Program

Table of Contents

Updated May 2010

OrderVersion History

This Security Policies and Procedures Manual for the Internet and Information Technology is over over 230 pages in length. All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley and CobiT compliance).   In addition, the Security Manual Template PREMIUM Edition  contains 16 detail job descriptions that apply specifically to security and Sarbanes Oxley, ISO 27000 (ISO27001 and ISO27002),CobiT, PCI-DSS, and HIPAA. Data Protection is a priority.

The first issue revolves around the content and structure of the policies themselves: Are they complete? Are they fully up to date? Do they reflect your needs? This list of issues is extensive!

There are a number of possible routes available when creating the policies, ranging from off the shelf purchase, to carefully crafting every clause and sentence.

The most cost effective way is often to procure a set of pre-written policies, and then tailor as necessary to meet specific cultural needs: why re-invent the wheel and proceed down a more complex route than necessary?

When adopting this course, or indeed, when simply redeveloping existing polcies, a number of less direct factors should also be taken on board - how will the policies sit with ISO17799 for instance (see later)?

The set of policies available here arecomprehensive, and are also fully compliant with ISO, HIPAA, SOX, COBIT, and other standards.

Security Template Licenses

Security Policies are Comprehensive, Detailed and Customizable for Your Business

The IT Security Manual Template provides CIOs, CSOs, and IT Managers all of the essential materials with real live useable text for a complete security manual. Detailed language addressing more than a dozen security topics is included in a 230 plus page Microsoft Word document, which you can modify as much or as little as you need to fit your business requirements. The template includes sections on critical topics like:

  • Risk analysis
  • Staff member roles
  • Physical security
  • Electronic Communication (email / Smartphones)
  • Blogs and Personal Web Sites
  • Facility design, construction and operations
  • Media and documentation
  • Data and software security
  • Network security
  • Internet and IT contingency planning
  • Insurance
  • Outsourced services
  • Waiver procedures
  • Employee Termination Procedures and Forms
  • Incident reporting procedures
  • Access control guidelines
  • PCI DSS Audit Program as a separate document
  • Massachusetts Compliance Check List
  • Security Compliance Check List
Order Security ManualTable of ContentsVersion History

The Security Manual Template can be acquired as a stand alone item (Standard) or in the Premium or Gold sets:

Security PoliciesStandard Edition Security Manual Template

  • Security Manual Template in MS Word Format
  • Business and IT Impact Questionnaire MS Word Format
  • Threat and Vulnerability Assessment Form PDF and MS Excel Format
  • HIPAA Audit Program MS Word Format
  • Sarbanes Oxley Section 404 Checklist MS Word Format
  • Security Audit Program - fully editable
    • Comes in MS EXCEL and PDF formats
    • Meets ISO 27001, 27002, Sarbanes-Oxley, PCI-DSS and HIPAA requirements
    • Over 400 unique tasks divided into 11 areas of audit focus which are the divided into 38 separate task groupings
  • Electronic forms that can be Emailed, completed via a computer or tablet, and stored electronically including:
    • Blog Policy Compliance
    • Company Asset Employee Control Log
    • Email - Employee Acknowledgment
    • Employee Termination Checklist
    • Internet Access Request
    • Internet Use Approval
    • Internet & Electronic Communication - Employee Acknowledgment
    • Mobile Device Access and Use Agreement
    • Employee Security Acknowledgement Release
    • Preliminary Security Audit Checklist
    • Security Access Application
    • Security Audit Report
    • Security Violation Reporting
    • Sensitive Information Policy Compliance Agreement

Security PoliciesPremium Edition Security Manual Template

  • Security Manual Template in MS Word Format
  • Business and IT Impact Questionnaire MS Word Format
  • Threat and Vulnerability Assessment Form PDF and MS Excel Format
  • HIPAA Audit Program MS Word Format
  • Sarbanes Oxley Section 404 Checklist MS Word Format
  • Security Audit Program - fully editable
    • Comes in MS EXCEL and PDF formats
    • Meets ISO 27001, 27002, Sarbanes-Oxley, PCI-DSS and HIPAA requirements
    • Over 400 unique tasks divided into 11 areas of audit focus which are the divided into 38 separate task groupings
    Electronic forms that can be Emailed, completed via a computer or tablet, and stored electronically including:

    • Blog Policy Compliance
    • Company Asset Employee Control Log
    • Email - Employee Acknowledgment
    • Employee Termination Checklist
    • Internet Access Request
    • Internet Use Approval
    • Internet & Electronic Communication - Employee Acknowledgment
    • Mobile Device Access and Use Agreement
    • Employee Security Acknowledgement Release
    • Preliminary Security Audit Checklist
    • Security Access Application
    • Security Audit Report
    • Security Violation Reporting
    • Sensitive Information Policy Compliance Agreement
  • Security Job Descriptions MS Word Format
    • Chief Security Officer (CSO)
    • Chief Compliance Officer (CCO)
    • VP Strategy and Architecture
    • Director e-Commerce
    • Database Administrator
    • Data Security Administrator
    • Manager Data Security
    • Manager Facilities and Equipment
    • Manager Network and Computing Services
    • Manager Network Services
    • Manager Training and Documentation
    • Manager Voice and Data Communication
    • Manager Wireless Systems
    • Network Security Analyst
    • System Administrator - Unix
    • System Administrator - Windows

Security PoliciesGold Edition Security Manual Template

  • Security Manual Template in MS Word Format
  • Business and IT Impact Questionnaire MS Word Format
  • Threat and Vulnerability Assessment Form PDF and MS Excel Format
  • HIPAA Audit Program MS Word Format
  • Sarbanes Oxley Section 404 Checklist MS Word Format
  • Security Audit Program - fully editable
    • Comes in MS EXCEL and PDF formats
    • Meets ISO 27001, 27002, Sarbanes-Oxley, PCI-DSS and HIPAA requirements
    • Over 400 unique tasks divided into 11 areas of audit focus which are the divided into 38 separate task groupings
    Electronic forms that can be Emailed, completed via a computer or tablet, and stored electronically including:
    • Blog Policy Compliance
    • Company Asset Employee Control Log
    • Email - Employee Acknowledgment
    • Employee Termination Checklist
    • Internet Access Request
    • Internet Use Approval
    • Internet & Electronic Communication - Employee Acknowledgment
    • Mobile Device Access and Use Agreement
    • Employee Security Acknowledgement Release
    • Preliminary Security Audit Checklist
    • Security Access Application
    • Security Audit Report
    • Security Violation Reporting
    • Sensitive Information Policy Compliance Agreement
  • 243 Job Descriptions from the Internet and IT Job Descriptions HandiGuide in MS Word Format including all of the job descriptions in the Premium Edition.
Order Security ManualTable of ContentsVersion History

Disaster Recovery SecurityCloud DRP SecurityIncident Communication PolicySecurity Audit Program