XML Feed


Security Manual Template


ISO 27000 - Sarbanes Oxley
Patriot Act  - HIPAA - PCI DSS Complaint
 


This Security Manual for the Internet and Information Technology is over 200 pages in length. All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley compliance).   In addition, the Security Manual Template PREMIUM Edition  contains 16 detail job descriptions that apply specifically to security and Sarbanes Oxley, ISO 27000, PCI DSS, and HIPAA.

Areas covered by the Security Template include:

  • Account privileges
  • Antivirus
  • Asset disposal
  • Backup end user
  • Backup server
  • Blackberry usage 
  • Blog
  • Business Continuity
  • Cellular phone
  • Change control
  • Change management
  • Copyright
  • Disaster Recovery
  • Document retention
  • Downtime
  • Email acceptable use
  • Email archiving
  • Email communications
  • Equipment loan
  • Firewall
  • GPS cell phone
  • Hardware sanitization
  • Helpdesk triage
  • Instant messenger
  • Internet usage
  • Move-add-change
  • Outsourcing
  • Password
  • Patch management
  • PDA usage
  • Personal network
  • Printer
  • Purchasing
  • Remote Access
  • Server space usage
  • Software acceptance
  • Software development
  • Software install
  • Support Technology
  • Standards
  • Telecommuting
  • Third party access
  • Travel
  • Voicemail
  • Web posting

 

 



 

 

 

 

 

 

 

Clients can also subscribe to Janco's Security Manual update service and receive all updates to the Security Manual Template. 

The template includes everything needed to customize the Internet and Information Technology Security Manual to fit your specific requirement.  The electronic document includes proven written text and examples for the following major topics / sections for your security plan:

  • Compliance to ISO 27000, Sarbanes-Oxley, Patriot Act and HIPAA

  • Security Manual Introduction - scope, objectives, general policy, and responsibilities

  • Risk Analysis - objectives, roles, responsibilities, program requirements, and practices program elements

  • Staff Member Roles - policies, responsibilities and practices

  • Sensitive Information Policy

  • Physical Security  - area classifications, access controls, and access authority

  • Facility Design, Construction and Operational Considerations - requirements for both central and remote access points

  • Media and Documentation - requirements and responsibilities

  • Data and Software Security - definitions, classification, rights, access control, INTERNET, INTRANET, logging, audit trails, compliance, and violation reporting and follow-up

  • Network Security - vulnerabilities, exploitation techniques, resource protection, responsibilities, encryption, and contingency planning

  • Internet and Information Technology contingency Planning - responsibilities and documentation requirements

  • Travel and Off=Site Meetings - specifics of what to do and not do to maximize security

  • Insurance - objectives, responsibilities and requirements

  • Outsourced Services - responsibilities for both the enterprise and the service providers

  • Waiver Procedures - process to waive security guidelines and policies,

  • Incident Reporting Procedures - process to follow when security violations occur

  • Access Control Guidelines - responsibilities and how to issue and manage badges / passwords

  • Sample Forms

    • Business and IT Impact Questionnaire

    • Threat & Vulnerability Assessment Tool

    • Security Violation Reporting form

    • Security Audit form

    • Inspection Check List

    • New Employee Security form

    • Security Access Application form

    • Employee Termination Checklist

    • Supervisor's Employee Termination Checklist

    • Sensitive Information Policy Compliance Agreement

    • HIPAA Audit Program Guide

    • ISO 27000 (ISO 27002 & ISO 27002) Security Checklist

    • PCI DSS Audit Program

 

 

* Update service is for 12 months unless it is purchased within 30 days of the purchase of the Template.  Janco reserves the right to validate purchase of the customer was made for the template.
 
 
 

 

 

Site Map

HTML News Feed

Effective Security with a Continuous Approach to ISO 27001 Compliance The Tripwire Enterprise solution provides organisations with powerful configuration control through its configuration assessment and change auditing capabilities. In this white paper, learn how with Tripwire Enterprise, ...
more info  

Information Security Consultant (Yahoo! Hot Jobs) Familiarity with security industry standards (ISO 17799, NIST 800 series, etc.) ? Knowledge of regulatory compliance a plus Specific Skills: ? General technical knowledge and/or expertise in information technology (eg, operating systems ...
more info  

Information Security | ISO 27001 and ISO 27002 (ISO 17799) Welcome to the International ISO 27001 and ISO 27002 (ISO 17799) Community Forum. Here we will publish news, articles and other information related to the ISO 27000 information security standards. However, primarily the Community Forum ...
more info  

Exam CISCO 646-561 Demo V2.83 Which government regulation is designed to create a common information security structure that is based on recognized best practices, and is an internationally recognized generic standard? A: Basel II B: BS 7799/ISO 17799 C: AS/NZS 4360 ...
more info  

A Brief Introduction to Information Security ... security is the protection of information from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities. (ISO 17799:2005) Security is not a ...
more info  

THE HEALTH INFORMATION TRUST ALLIANCE (HITRUST) SELECTS BRABEION ... Brabeion Software today announced that the Health Information Trust Alliance (HITRUST) has selected Brabeion as its IT GRC tool to aid in the development and coordination of the Common Security Framework (CSF). ...
more info  

IT Auditing: Information Security Based on ISO 27001/ISO 17799 The ISO/IEC 17799:2000 Code of Practice was intended to provide a framework for international best practice in Information Security Management and systems interoperability. It also provided guidance on how to implement an ISMS that ...
more info  

IT Auditing: COBIT Security Baseline: An Information Survival Kit ... The COBIT-based security baseline, providing key controls and mapping to ISO 17799; Information security survival kits, providing essential awareness messages for:. Home users; Professional users; Managers; Executives; Senior executives ...
more info  

IT Auditing: Information Security: Design, Implementation ... Fortunately, Information Security: Design, Implementation, Measurement, and Compliance outlines a complete roadmap to successful adaptation and implementation of a security program based on the ISO/IEC 17799:2005 (27002) Code of ...
more info  

AMS9000 Audit Management Software ISO 17799 (ISO 27001 or BS 7799-1) is a code of practice for information security management. It gives recommendations for information security management, ie for initiating, implementing or maintaining security. ISO 17799 provides a ...
more info  

Effective Security with a Continuous Approach to ISO 27001 Compliance ISO 27001 is recognized internationally as a structured methodology for information security.A widely-held opinion is that ISO 27001 is an umbrella over other standards (such as PCI, SOX, GLBA, HIPAA and COBIT). Companies that choose to ...
more info  

Linux Expert+ Security Program Extensive knowledge and hands-on experience on Information Security for mission critical environments, Implemented high-end Security Products & Policies based on ISO 17799 & BS 7799 standards for more than 25 enterprises & various ...
more info  

Automating ISO 27001 security audits ISO 17799 is Part 1 of BS 7799 (the ISO standard for information security). ISO 17799 is a code of best practice for information security management and provides practical guidance on implementation of the security controls that should ...
more info  

Dan Swanson’s Security Resources: #7 Information security is a vital element of corporate and IT governance and risk management. It minimizes risks to valuable information assets and maximizes compliance with laws, regulations and standards such as ISO 17799/ISO 27001, ...
more info  

Verizon Business Helps Companies Better Manage Security Needs Verizon Business customers now can get an even better handle on the effectiveness of their security programs. At the Gartner IT Security Summit, Verizon Business announced significant enhancements to its already robust Security ...
more info  

Symbio Group Announces ISO 27001 Information Security Management ... We are proud to achieve ISO 27001 ISMS certification, as further proof of our commitment to providing the highest levels of security to our customers that outsource their software development to our China-based teams, said Jake Hsu, ...
more info  

The Bare Minimum Especially when it comes to the base foundation for security controls and ISMS. So what can you do? Here is a 10 step guide to becoming certified. Prepare the ground: obtain copies of the ISO 17799 and BS7799-2 standards, research the ...
more info  

SECURITY RISK ANALYSIS AND DISASTER RECOVERY PLAN Second, we must consider a document developed by ISO (International Standards Organization) that provides directives for developing and implementing information security policy, ISO 17799. Third, we must design a comprehensive plan that ...
more info  

Security Awareness Programs It is an important message, particularly with respect to information security. More ISO 17799/27001 Frequently Asked Questions ======================================= 1) How Does Risk Analysis/Assessment Relate to the Standards? ...
more info  

IT Auditing: Information Security Policies Made Easy, Version 10 A complete policy library with over 1350 individual pre-written security policies including: Coverage of the latest technical, legal and regulatory issues. ISO 17799 outline format, allowing for easy gap-analysis against existing ...
more info  

ISO 27001 Security Newsletter those taking the first steps towards addressing the standards. It includes both of the standards, audit checklists, a roadmap, a set of ISO compliant security policies, and a range of other materials. http://17799.standardsdirect.org ...
more info  

Your Information Security Program: It’s All About The Bones The standards are updates to the older BS 17799 and ISO/IEC 17799 standards. The standards are a very good guide in establishing an information security framework in your organization. The standards set down key requirements for an ...
more info  

Features of the BS 7799 and ISO 17799 standards An ISO 17799-certified organization has a winning edge over competitors who are not certified or those who do not comply with international security standards. In addition, a certified organization will have: ...
more info  

Integrating ISO 17799 into your Software Development Lifecycle In this paper, published on the 11th issue of INSECURE Magazine (May 2007), I explain how information security controls can be integrated in the Software Development Lifecycle (SDLC) using ISO/IEC 17799 (now ISO/IEC 27002). ...
more info  

High Tower Software Unveils Security Information Event Manager Security solutions developer High Tower Software has released a security appliance designed to help IT personnel in smaller organizations mitigate network security risks and better manage regulatory compliance. ...
more info  

© 1999 - 2008 Janco Associates, Inc. - ALL RIGHTS RESERVED  --  Revised: 07/02/08.