This Security Manual for the Internet and Information Technology
is over 220 pages in length. All versions of the Security
Manual template include both the Business & IT Impact Questionnaire and the
Threat & Vulnerability Assessment Tool (both were redesigned to address
Sarbanes Oxley compliance). In addition, the Security
Manual Template PREMIUM Edition contains 16 detail job descriptions
that apply specifically to security and Sarbanes Oxley, ISO 27000 (ISO27001 and
ISO27002), PCI-DSS, and HIPAA.
Data Protection is a priority.
Comprehensive, Detailed and Customizable
for Your Business
The IT Security Process Kit provides all the
essential sections of a complete security manual and walks you
through the creation of each step. Detailed language addressing more
than a dozen security topics is included in a 224 page Microsoft
Word document, which you can modify as much or as little as you need
to fit your business requirements. The template includes sections on
critical topics like:
Risk analysis
Staff member roles
Physical security
Facility design, construction and operations
Media and documentation
Data and software security
Network security
Internet and IT contingency planning
Insurance
Outsourced services
Waiver procedures
Incident reporting procedures
Access control guidelines
PCI DSS Audit Program as a separate document
The Security
Manual Template a stand alone item (Standard) or in the Premium
or Gold sets:
Standard
Premium
Gold
Security Manual Template
(WORD)
X
X
X
Business Impact
Questionnaire (21 pages)
X
X
X
Threat and Vulnerability
Assessment Form
X
X
X
Security Audit Program (Excel
22 pages)
X
X
16 full IT
Job Descriptions:
Chief Compliance Officer (CCO)
Chief Security Officer (CSO)
VP Strategy and Architecture
Director e-Commerce
Database Administrator
Data Security Administrator
Manager Data Security
Manager Facilities and Equipment
Manager Network and Computing
Services
Manager Network Services
Manager Training and Documentation
Manager Voice and Data Communication
Manager
Wireless Systems
Network Security Analyst
System Administrator - Unix
System Administrator - Windows
X
X
204 IT Job Descriptions
(WORD each as an individual file using long file names
includes the 16 job descriptions listed above)
X
Update Service Available
Yes
Yes
Yes
The template includes
everything needed to customize the Internet and Information Technology
Security Manual to fit your specific
requirement. The electronic document includes proven written text and
examples for the following major sections for your security plan:
Security Manual
Introduction - scope, objectives, general policy, and
responsibilities
ISO 27000
(formerly ISO 17799) 27001 and 27002
Compliant
Risk Analysis
- objectives, roles, responsibilities, program requirements, and
practices program elements
Staff Member
Roles - policies, responsibilities and practices
Sensitive Information Policy
Physical
Security - area classifications, access controls, and
access authority
Facility Design,
Construction and Operational Considerations - requirements for
both central and remote access points
Media and
Documentation - requirements and responsibilities
Data and
Software Security - definitions, classification, rights, access
control, INTERNET, INTRANET, logging, audit trails, compliance, and
violation reporting and follow-up
Internet and
Information Technology contingency Planning - responsibilities
and documentation requirements
Travel and Off-Site
Meetings - specifics of what to do and not do to maximize
security
Insurance -
objectives, responsibilities and requirements
Outsourced
Services - responsibilities for both the enterprise and the
service providers
Waiver
Procedures - process to waive security guidelines and policies,
Incident
Reporting Procedures - process to follow when security
violations occur
Access Control
Guidelines - responsibilities and how to issue and manage badges
/ passwords
Sample Forms
Business and IT
Impact Questionnaire
Threat &
Vulnerability Assessment Tool
Security Violation
Reporting form
Security Audit form
Inspection Check
List
New Employee
Security form
Security Access
Application form
Employee
Termination Checklist
Supervisor's
Employee Termination Checklist
Sensitive Information Policy Compliance Agreement
HIPAA Audit Program Guide
ISO
27001 and 27002 Security Checklist
News
05/17/2008 - Spliced feed for Security Bloggers Network
The most likely explanation is that every security manager worth his salt read ISO17799 documents and then used the ideas and material in his own policies, procedures, etc. On the other hand, he sees no motivation whatsoever to invest ...-
more information
05/10/2008 - MyUSBOnly v4.4 b921 Chỉ cho phép ổ đĩa flash USB của tôi cắm vào ...
Block Untrusted USB Memory Stick Activity in Office Whether you're an IT professional, a small business owner, or just someone who cares about sensitive data security, MyUSBOnly can help protect you against data theft. Features : ...-
more information
05/09/2008 - DABCC Weekly Virtualization Newsletter - Issue #31
"Securing Microsoft Terminal Services" shows how to use Enterprise Architecture methodologies, industry standards and best practices, such as ISO17799, CobIT, the National Security Agency (NSA) Guides, and Security Technical ...-
more information
05/09/2008 - Health Insurance Portability & Accountability Act (HIPPA), PCI ...
While PCI is not perfect, since it was based on ISO17799 it covers a wide range of security issues. If you take the PCI standards and replace PCI with HIPAA or Financial (SOX), then you have a great guideline and audit procedure to work ...-
more information
05/09/2008 - The Problems with Passwords
About the Author Steve Mathews, is one of the authors of ISO/IEC 17799 (formerly BS7799) and is well recognized in the security industry. He provides security advice to the European commission, the UK Government and an impressive range ...-
more information
05/08/2008 - Information Security Management System: Are you Still not Backing ...
The ISO-15443: “Information expertise - Security techniques - A framework for IT self-confidence assurance”, ISO-17799: “Information expertise - Security techniques - Code of be an enthusiast of for in rank self-confidence management”, ...-
more information
05/06/2008 - the changes in ISO 27001
The management processes implemented for ISO 27001 are based on the Deming cycle of continuous improvement: Plan-Do-Check-Act. Measuring effectiveness is a critical element of improving information security management, ...-
more information
05/06/2008 - Successful Entrepreneurs Easy Software Audit Victims According to ... ... with software license compliance ISO standards 197701 and ISO 17799 as well as implementation of ITIL v3 for IT operations To learn more about Animus Solutions a WMBE business visit Animus Solutions Services wwwanimussolutionscom...-
more information
05/05/2008 - [indusnmfg] About ISO ISO/IEC 17799 Information technology: Code of practice for information security management ISO/IEC 17894 Ships and marine technology - Computer applications - General principles for development and use of PES in marine applications ...-
more information
05/04/2008 - My Merchant Services Contract Requires Me To Do What??
Their lack of Information Security standards opened their entire, international business operations to data theft. In a matter of days, hackers penetrated and stole the credit card information of millions of customers. ...-
more information
05/03/2008 - Security Controls Security Controls Developed Corporate Information Security Policies, standards, guidelines and technical controls based on ISO 27001/ISO17799 for many clients in Financial, Insurance, Manufacturing and Technology industry How can I do ...-
more information
04/27/2008 - HP Creates Security Reference Model to Better Manage Enterprise ...
So we have adopted the open standard with the ISO 27001 and 17799 security-control taxonomy. We have structured the internal framework of ISSM for 1186 base controls that we have then mapped to virtually every industry regulation and ...-
more information
04/24/2008 - Computer trade news
The Importance ok Backing up your Data on a Regular Basis | Computer . ISO 17799 : Computer others news and the portal as information, services and software for ISO17799 audit, ISO 17799 compliance, ISO17799 implementation eq security...-
more information
04/12/2008 - 25 new messages in 24 topics - digest
Knowledge of regulatory requirements, security standards and compliance issues (FFIEC guidelines, Sarbanes Oxley, GLBA, ISO 17799, CobiT v4.0, and Payment Card Industry Data Security Standard (PCI DSS)). ...-
more information
03/30/2008 - Security standards: a stitch in time
The BS 7799 standards set has been the forerunner of today’s ISO 27001/17799 information security standards. By helping to define and put in place an ISMS, these standards help organisations achieve their security goals. ...-
more information
03/27/2008 - Conducting a SAS 70 audit provides assurance to clients that ...
The International Standards Organization (ISO) has published a comprehensive set of controls of best practices in information security, titled ISO-17799. The American Institute of Certified Public Accountants has published a guide for ...-
more information
03/26/2008 - Data Center Firm, Verizon Business, Unveils Managed Security...
Health Insurance Portability and Accountability Act (HIPAA), COBIT 4.0, Payment Card Industry Data Security Standard (PCI DSS) and ISO 17799. … Click Here to learn more about Health Insurance - get the best deal ...-
more information
03/25/2008 - Data Center Firm, Verizon Business, Unveils Managed Security Service ... and security regulations such as the Federal Information Security Management Act (FISMA), Health Insurance Portability and Accountability Act (HIPAA), COBIT 4.0, Payment Card Industry Data Security Standard (PCI DSS) and ISO 17799. ...-
more information
03/20/2008 - Verizon Business to offer new managed security service - CTR
Verizon Business to offer new managed security serviceCTR, CA - 2 minutes ago… Health Insurance Portability and Accountability Act (HIPAA), COBIT 4.0, Payment Card Industry Data Security Standard (PCI DSS) and ISO 17799. ...-
more information
02/20/2008 - Sr. Security Risk Analyst
This involves tracking of numerous detailed issues across a variety of global WDIG business units and ensuring that issues are escalated as appropriate. Using industry best practices, develop and maintain existing security policies, ...-
more information
02/16/2008 - TransWorks
In addition, TransWorks adheres to stringent data security norms (ISO 17799, GLBA, DPA and Safe Harbor). Technology: We have deployed state of the art voice and web support equipment that integrates with client systems to provide a ...-
more information
01/22/2008 - Managing Risk in Information Technology
More than that, ITIL is particularly weak where information security management is concerned - the ITIL book on information security really does no more than refer to a now very out-of-date version of ISO 17799, the information security...-
more information
01/04/2008 - IT Security Specialist
Information Security certifications desired (CISSP, CISA); ITIL certification a plus; Familiarity with common contemporary information security infrastructure components Knowledge and Awareness Requirements; ISO 17799:2005 / 27001 / ...-
more information
01/02/2008 - 2007 in ReviewBy Jonathan Gossels ISO 17799/27002 compliance continues to grow in importance. It provides organizations with an objective measure of their security stance, enables them to easily communicate the extent and effectiveness of their overall security program, ...-
more information
12/24/2007 - PCI DSS
The easiest way to ensure PCI compliance is to put a security framework in place such as ISO 17799 or Information Technology Infrastructure Library, or to implement best practices, such as Gap analysis, policies on storage, training for ...-
more information
