XML Feed


Security Manual Template


ISO 27000 - Sarbanes Oxley
Patriot Act  - HIPAA - PCI DSS Complaint
 


This Security Manual for the Internet and Information Technology is over 200 pages in length. All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley compliance).   In addition, the Security Manual Template PREMIUM Edition  contains 16 detail job descriptions that apply specifically to security and Sarbanes Oxley, ISO 27000, PCI DSS, and HIPAA.

Areas covered by the Security Template include:

  • Account privileges
  • Antivirus
  • Asset disposal
  • Backup end user
  • Backup server
  • Blackberry usage 
  • Blog
  • Business Continuity
  • Cellular phone
  • Change control
  • Change management
  • Copyright
  • Disaster Recovery
  • Document retention
  • Downtime
  • Email acceptable use
  • Email archiving
  • Email communications
  • Equipment loan
  • Firewall
  • GPS cell phone
  • Hardware sanitization
  • Helpdesk triage
  • Instant messenger
  • Internet usage
  • Move-add-change
  • Outsourcing
  • Password
  • Patch management
  • PDA usage
  • Personal network
  • Printer
  • Purchasing
  • Remote Access
  • Server space usage
  • Software acceptance
  • Software development
  • Software install
  • Support Technology
  • Standards
  • Telecommuting
  • Third party access
  • Travel
  • Voicemail
  • Web posting

 

 



 

 

 

 

 

 

 

Clients can also subscribe to Janco's Security Manual update service and receive all updates to the Security Manual Template. 

The template includes everything needed to customize the Internet and Information Technology Security Manual to fit your specific requirement.  The electronic document includes proven written text and examples for the following major topics / sections for your security plan:

  • Compliance to ISO 27000, Sarbanes-Oxley, Patriot Act and HIPAA

  • Security Manual Introduction - scope, objectives, general policy, and responsibilities

  • Risk Analysis - objectives, roles, responsibilities, program requirements, and practices program elements

  • Staff Member Roles - policies, responsibilities and practices

  • Sensitive Information Policy

  • Physical Security  - area classifications, access controls, and access authority

  • Facility Design, Construction and Operational Considerations - requirements for both central and remote access points

  • Media and Documentation - requirements and responsibilities

  • Data and Software Security - definitions, classification, rights, access control, INTERNET, INTRANET, logging, audit trails, compliance, and violation reporting and follow-up

  • Network Security - vulnerabilities, exploitation techniques, resource protection, responsibilities, encryption, and contingency planning

  • Internet and Information Technology contingency Planning - responsibilities and documentation requirements

  • Travel and Off=Site Meetings - specifics of what to do and not do to maximize security

  • Insurance - objectives, responsibilities and requirements

  • Outsourced Services - responsibilities for both the enterprise and the service providers

  • Waiver Procedures - process to waive security guidelines and policies,

  • Incident Reporting Procedures - process to follow when security violations occur

  • Access Control Guidelines - responsibilities and how to issue and manage badges / passwords

  • Sample Forms

    • Business and IT Impact Questionnaire

    • Threat & Vulnerability Assessment Tool

    • Security Violation Reporting form

    • Security Audit form

    • Inspection Check List

    • New Employee Security form

    • Security Access Application form

    • Employee Termination Checklist

    • Supervisor's Employee Termination Checklist

    • Sensitive Information Policy Compliance Agreement

    • HIPAA Audit Program Guide

    • ISO 27000 (ISO 27002 & ISO 27002) Security Checklist

    • PCI DSS Audit Program

 

 

* Update service is for 12 months unless it is purchased within 30 days of the purchase of the Template.  Janco reserves the right to validate purchase of the customer was made for the template.
 
 
 

 

 

Site Map

HTML News Feed

Taming the Wild wild web DTI (2006) “A Director’s Guide, Information Security” Dept. of Trade and Industry UK ISO 17799:1/17799:2 Standards Australia Leveson, Nancy & Turner, Clark S. (1993) “An Investigation of the Therac-25 Accidents” IEEE Computer, Vol. ...
more info  

IT Audit Manager ... including experience in a range of the following: Information security management and IS governance Structured methodologies and a familiarity with IS0 17799 and COBIT Basic understanding of database and network security Solid ...
more info  

[Jobs] IT Applications Security Analyst Experience in some or all of the following regulations or standards: o NCUA o GLBA o HIPAA o Sarbanes Oxley o ISO 17799/27001 o PCI DSS o OWASP Candidate should be able to demonstrate and understanding of specific IT security ...
more info  

Features of the BS 7799 and ISO 17799 standards An ISO 17799-certified organization has a winning edge over competitors who are not certified or those who do not comply with international security standards. In addition, a certified organization will have: ...
more info  

the changes in ISO 27001 ... field of information security management for a number of years. It has been revised several times since its inception in 1995 in terms of both structure and content and, in 2000, Part 1 became an international standard (ISO 17799). ...
more info  

Availabe Consultants Excellent IT Audit/Sox/Information Security ... Certified ISO 17799 Lead Auditor, BSI , UK. Summary. Over 12 years of experience in Enterprise Information Security, Compliance, IT Governance, Regulatory requirements and Project Management and are able to effectively adapt to changing ...
more info  

Job ID: SC13 Information Security Engineer - (Santa Clara, CA ... Development and maintenance of applications systems security and compliance programs and tools • Solid knowledge of security regulations such as PCI DSS; security standards including ISO 17799; auditing standards SAS 70, SOX ...
more info  

Security Frameworks ISO/IEC 17799:2005 Is a security best practices. It has a great scope: Business continuiti management, access control, system development security controls, physical and environmental security, civil laws compliance, RRHH security, ...
more info  

Availabe Consultants Excellent IT Audit/Sox/Information Security ... Certified ISO 17799 Lead Auditor, BSI , UK. Summary. Information Systems Audit Professional with over 11 years of progressive experience in Information Technology (IT) audits, Compliance Audits (SOX, GLBA, SAS70), primarily working on ...
more info  

Integrating ISO 17799 into your Software Development Lifecycle In this paper, published on the 11th issue of INSECURE Magazine (May 2007), I explain how information security controls can be integrated in the Software Development Lifecycle (SDLC) using ISO/IEC 17799 (now ISO/IEC 27002). ...
more info  

High Tower Software Unveils Security Information Event Manager Security solutions developer High Tower Software has released a security appliance designed to help IT personnel in smaller organizations mitigate network security risks and better manage regulatory compliance. ...
more info  

ISO 17799 Information Security Newsletter Released Issue 8 of the ISO 17799 Newsletter has today been released. This periodic publication covers news and developments with respect to the international information security standard. The latest edition covers the following topics: ...
more info  

IT Security Manager Should have previous experience of leading the implementation of security standards such as ISO 17799/BS 7799, COBIT and taken the initiative successfully through a certification An sound understanding of Applications, LAN, WAN, ...
more info  

Security standards: a stitch in time The BS 7799 standards set has been the forerunner of today’s ISO 27001/17799 information security standards. By helping to define and put in place an ISMS, these standards help organisations achieve their security goals. ...
more info  

Mind Mapping Weber, Information Assurance Director at Ultimate Solutions, Inc. and a member of the Security Catalyst community, was inspired to use mind mapping to help him develop a security plan based on the ISO 17799:2005 standard. ...
more info  

Information Security Management Systems ISO Comparison Accreditation and certification schemes are launched. LRQA and BSI are the first certification bodies. 2000: In December, BS7799 is again re-published, this time as a fast tracked ISO standard. It becomes ISO 17799 (or more formally, ...
more info  

Enabling ISO17799 and BS7799 Compliance with Open Service Security ... The International Organization or standardization ISO 17799, derived from the British Standards Institute IS017799 standards, is an internationally recognized information security management standard first published n December 2000. ...
more info  

Re: Mapping BS 25999 with ISo 17799 ISO 17799 (now ISO 27002) is a guideline for ISO 27001, which is Information Security Management System (ISMS). On the other hand, BS 25999 is a Business Continuity Management (BCM) standard. So these two ...
more info  

Mapping BS 25999 with ISo 17799 Are there any overlaps? I feel..there would be many. Is it worth going for both at the same time while planning for process certification? Pls advise!!
more info  

ISO 17799 and ISO 27002 go here and here.
more info  

Callio Toolkit 17799 1.02 BS7799 / ISO 17799 compliance software: tools, documents, policy generator, etc.
more info  

How to select an ISO 27001 consultant For those of you that read my last blog, you already know my rant about why ISO 17799 was converted to ISO 27002, and its proper use as a normative document for ISO 27001. PS – ISO17799/ISO27002 is not a controls framework; ...
more info  

What ISO 17799 Provide and Address Essential parts of ISO 17799 Information Technology—Code of Practice for Information Security Management were developed and published by the British Standards Institution, including BS 7799-1:1999 and parts of BS 7799-2:1999. ...
more info  

Re: ISO IEC 27002 (ISO-17799) assistance please. To: security-basics@securityfocus.com Sent: Friday, 11 January, 2008 2:36:02 AM Subject: ISO IEC 27002 (ISO-17799) assistance please. I am hoping that the experts on this list might be able to assist me with problem. ...
more info  

RE: ISO IEC 27002 (ISO-17799) assistance please. Subject: RE: ISO IEC 27002 (ISO-17799) assistance please. Hi Chris. You can find in the topic 7.3.1 (Clear desk and clear screen policy) included in Physical and environmental security topic, where the objective ...
more info  

2008 Janco Associates, Inc. - ALL RIGHTS RESERVED  --  Revised: 05/02/08.