Security Policies and Procedures

Implementing World Class Best Practices Network Data Breach Protection

Order Security ManualDownload Security Table of Contents

Data breaches will happen. Security and data breach protection are  a never-ending process and that no CIO or CSO can claim that their data is completely secure.

The sheer number of data breaches reported this year alone has led to security experts dubbing this year as the "Year of the Hack. " What's an organization to do when the major technology companies are admitting they have been breached? With sophisticated malware, advanced attacks and sneaky insiders, security seems like an unattainable goal. Security is everyone's responsibility, from the board of directors, c-level executives such as the CEO, CIO, CFO, down to the front-line employees who actually work daily with sensitive information.

While implementing security measures is important, organizations also need to plan for the inevitable "what-if" scenario when systems and data are compromised.
World class best practices that every CIO should follow include:

  • Establish Security as a Top Priority - Security is more than just preventing or limiting what people can do. Good security enables businesses to operate more securely by protecting revenue and profits that could be lost through a data breach. Treat security as an essential part of the company's mission.
  • Conduct a risk assessment:
    • Identify all risks, especially  IT related risks
    • Identify all areas where these risk can occurs
  • Encrypt Sensitive Data - encrypt sensitive data stored on servers, laptops and portable media. If data is being stored on highly portable USB flash drives, encrypt those, too. If any of them are lost, no one can access the encrypted data.
  • Implement a Strong Password Policy - Require all employees to change passwords frequently and make sure the selected passwords are strong. Educate users to not reuse passwords across multiple business or even personal accounts.
  • Segment the Network and Computers Use separate computers for financial transactions such as banking and payroll. Don't access anything else, such as email or any other Websites from that machine, to foil malware and phishing schemes.
  • Comply with all data protection regulations - become compliant with all relevant government and industry data preservation standards.
  • Conduct Penetration Tests - use an external resources run penetration tests to find the vulnerabilities in the system.
  • Implement an incident response plan - test  the plan, so when data breaches happen, everyone knows what to do immediately.
  • Train All Employees - teach employees to be careful of what they do on personal devices and what corporate data they download.
Order DRP BCP SecurityDownload Table of Contents Security and DRP templates 

Security Policies and Procedures - First Step in Data Breach Protection

The IT Security Manual Template provides all the essential sections of a complete security manual and walks you through the creation of each step. Detailed language addressing more than a dozen security topics is included in a 230 plus page Microsoft Word document, which you can modify as much or as little as you need to fit your business requirements. The template includes sections on critical topics like:

  • Risk analysis
  • Staff member roles
  • Physical security
  • Electronic Communication (email / Smartphones)
  • Blogs and Personal Web Sites
  • Facility design, construction and operations
  • Media and documentation
  • Data and software security
  • Mobile Device Access and Use
  • Network security
  • Internet and IT contingency planning
  • Insurance
  • Outsourced services
  • Waiver procedures
  • Employee Termination Procedures and Forms
  • Incident reporting procedures
  • Access control guidelines
  • PCI DSS Audit Program as a separate document
  • Security Compliance Checklists
  • Massachusetts 201 CMR 17 Compliance Checklist
 

The Security Manual Template can be acquired as a stand alone item (Standard) or in the Premium or Gold sets:

Security Manual Template - Standard Edition

Security Manual TemplateSecurity Manual Template

  • Business and IT Impact Questionnaire
  • Threat and Vulnerability Assessment Toolkit
  • Security Management Checklist
  • Full Detail Policies for
    • Blog and Personal Website Policy
    • Mobile Device Policy
    • Physical and Virtural File Server Policy
    • Sensitive Information Policy
    • Travel and Off-Site Meeting Policy
  • HIPAA Audit Program
  • Sarbanes Oxley Section 404 Checklist
  • Security Audit Program- fully editable -- Comes in MS EXCEL and PDF formats -- Meets ISO 28000, 27001, 27002, Sarbanes-Oxley, PCI-DSS, HIPAA FIPS 199, and NIS SP 800-53 requirements -- Over 400 unique tasks divided into 11 areas of audit focus which are the divided into 38 separate task groupings
  • Electronic forms that can be Emailed, completed via a computer or tablet, and stored electronically including: Blog Policy Compliance, BYOD Access and Use, Company Asset Employee Control Log, Email - Employee Acknowledgment, Employee Termination Checklist, FIPS 199 Assessment Electronic Form, Internet Access Request, Internet Use Approval, Internet & Electronic Communication - Employee Acknowledgment, Mobile Device Access and Use Agreement, Employee Security Acknowledgement Release, Preliminary Security Audit Checklist, Risk Assessment, Security Access Application, Security Audit Report, Security Violation Reporting, Sensitive Information Policy Compliance Agreement, Server Registration, and Threat and Vulnerability Assessment
  • eReader version of the Security Manual Template

Security Manual Template - Premium Edition

Security Manual TemplateSecurity Manual Template

  • Business and IT Impact Questionnaire
  • Threat and Vulnerability Assessment Form
  • Security Management Checklist
  • HIPAA Audit Program
  • Sarbanes Oxley Section 404 Checklist
  • Security Audit Program
  • Over two dozen Electronic Forms
  • eReader version of the Security Manual Template

Security Job Descriptions MS Word Format 

  • Chief Security Officer (CSO), Chief Compliance Officer (CCO), VP Strategy and Architecture, Director e-Commerce, Database Administrator, Data Security Administrator, Manager Data Security, Manager Facilities and Equipment, Manager Network and Computing Services, Manager Network Services, Manager Training and Documentation, Manager Voice and Data Communication, Manager Wireless Systems, Network Security Analyst, System Administrator - Unix, and System Administrator - Windows

Security Manual Template - Gold Edition

Security Manual TemplateSecurity Manual Gold Edition

  • Business and IT Impact Questionnaire
  • Threat and Vulnerability Assessment Form
  • Security Management Checklist
  • HIPAA Audit Program
  • Sarbanes Oxley Section 404 Checklist
  • Security Audit Program
  • Over two dozen Electronic Forms
  • eReader version of the Security Manual Template

IT Job Descriptions  MS Word Format - Updated to meet all mandated security requirements

  • 288 Job Descriptions from the Internet and IT Job Descriptions HandiGuide in MS Word Format including all of the job descriptions in the Premium Edition. Each job description is at least 2 pages long and some of the more senior positions are up to 8 pages in length.

DR BC SecurityDisaster Recovery Business Continuity & Security Manual Templates Standard Edition Includes

  • Disaster Recovery Business Continuity Template
  • Disaster Recovery Business Continuity Audit Program
  • Security Manual Template
  • Business and IT Impact Questionnaire - 21 pages
  • Threat and Vulnerability Assessment Form

DR BC SecurityDisaster Recovery Business Continuity & Security Manual Templates Premium

  • Disaster Recovery Business Continuity Template
  • Security Manual Template
  • 25 Job Descriptions
    • Chief Information Officer - CIO; Chief Compliance Officer - CCO; Chief Security Officer - CSO;VP Strategy and Architecture; Director e-Commerce; Database Administrator; Data Security Administrator; Manager Data Security; Manager Database; Manager Disaster Recovery; Manager Disaster Recovery and Business Continuity; Pandemic Coordinator; Manager Facilities and Equipment; Manager Media Library Support; Manager Network and Computing Services; Manager Network Services; Manager Site Management; Manager Training and Documentation; Manager Voice and Data Communication; Manager Wireless Systems;Capacity Planning Supervisor; Disaster Recovery Coordinator; Disaster Recovery - Special Projects Supervisor; Network Security Analyst; System Administrator - Unix; System Administrator - Windows

DR BC SecurityDisaster Recovery Business Continuity & Security Manual Templates Gold

  • Disaster Recovery Business Continuity Template
  • Security Manual Template
  • 288 Job Descriptions which includes all of the job descriptions in the premium edition

"Best of Breed - Best Practices Disaster Recovery Planning / Business Continuity Planning, Security Policies, IT Job Descriptions" according to the IT Productivity Center

Order Security ManualDownload Security Table of Contents