Security - How To Implement
The process to implement World Class security is simplified with the
Security Manual Template
The steps to implement a World Class security process are made easy with the Security Manual Template. End users are not security-conscious and do not think about the implications of their on-line activities.
Over 3,000 organizations from over 100 countries have used this template to create their security environment. They have found the process one that is very manageable for companies of all sizes.
Download This Complete and Customizable Security Framework
Each component of this kit comes in editable Microsoft Office templates, is customizable to the specific needs of your business and contains clear instructions and examples. The tools and guides in this package follow the following four steps:
Step 1. Conduct Business Impact Analysis
The business impact analysis is an essential and often overlooked component of a solid IT security plan. This 28 page questionnaire walks you through the documentation process so management can understand the business risks and impact associated with each physical location, business function and IT application.
As you go through this analysis, you will likely discover risk areas that you have not previously considered. Conversely, you are likely to miss critical risk areas if you do not conduct the essential step of methodically documenting all risk areas.
Step 2. Assess Threats and Vulnerabilities
Once you have documented and understand the various business risks, the next step is to conduct an objective evaluation of threats, risks and vulnerabilities in which assumptions and uncertainties are clearly considered and presented to management.
In risk management, you need to have a good understanding of both the level of risk severity and the level of risk probability and how to use that understanding to best measure the overall risk your company faces.
This 10-page Microsoft Word template and companion Excel workbook template will help you put everything into the right perspective so that your top security priorities receive the proper share of attention from management and ensure the “tail does not wag the dog”.
Step 3: Customize Your Security Manual Template
This is where the “rubber meets the road” with your security plan. The known risks, threats and vulnerabilities discovered in the previous 2 steps are methodically documented in the template along with clear and specific language defining all aspects of security management including staff member roles, physical security, data storage, network security, contingency planning and more.
The manual also documents the policies and procedures for incident reporting, access control, and various other processes that relate to security.
Step 4: Enforce Security Policies and Procedures
The Security Manual has recommended policies, procedures and written agreements with employees, vendors and other parties who have access to the company's technology assets. To make this process as easy as possible, Janco provides 18 formatted electronic forms for distribution and documentation. All forms are in easy-to-edit Microsoft Word templates so all you need to do is add your corporate logo, make your own additions and changes and your task of policy and procedure documentation is nearly complete!
The ELECTRONIC forms included with the Security Manual template are:
- Blog Policy Compliance Agreement
- BYOD Access and Use Agreement
- Company Asset Employee Control Log
- Email Employee Agreement
- Employee Termination Procedures and Checklist
- FIPS 199 Assessment
- Internet Access Request Form
- Internet and Electronic Communication Employee Agreement
- Internet use Approval
- Mobile Device Access and Use Agreement
- Mobile Device Security and Compliance Checklist
- New Employee Security Acknowledgment and Release
- Outsourcing and Cloud Security Compliance Agreement
- Outsourcing Security Compliance Agreement
- Preliminary Security Audit Checklist
- Risk Assessment
- Security Access Application
- Security Audit Report
- Security Violation Procedures
- Sensitive Information Policy Compliance Agreement
- Server Registration
- Social networking Policy Compliance Agreement
- Telecommuting Work Agreement
- Text Messaging Sensitive Information Agreement
- Threat and Vulnerability Assessment Inventory