XML Feed


Security Manual Template


ISO 27000 - Sarbanes Oxley
Patriot Act  - HIPAA - PCI DSS Complaint
 


This Security Manual for the Internet and Information Technology is over 200 pages in length. All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley compliance).   In addition, the Security Manual Template PREMIUM Edition  contains 16 detail job descriptions that apply specifically to security and Sarbanes Oxley, ISO 27000, PCI DSS, and HIPAA.

Areas covered by the Security Template include:

  • Account privileges
  • Antivirus
  • Asset disposal
  • Backup end user
  • Backup server
  • Blackberry usage 
  • Blog
  • Business Continuity
  • Cellular phone
  • Change control
  • Change management
  • Copyright
  • Disaster Recovery
  • Document retention
  • Downtime
  • Email acceptable use
  • Email archiving
  • Email communications
  • Equipment loan
  • Firewall
  • GPS cell phone
  • Hardware sanitization
  • Helpdesk triage
  • Instant messenger
  • Internet usage
  • Move-add-change
  • Outsourcing
  • Password
  • Patch management
  • PDA usage
  • Personal network
  • Printer
  • Purchasing
  • Remote Access
  • Server space usage
  • Software acceptance
  • Software development
  • Software install
  • Support Technology
  • Standards
  • Telecommuting
  • Third party access
  • Travel
  • Voicemail
  • Web posting

 

 



 

 

 

 

 

 

 

Clients can also subscribe to Janco's Security Manual update service and receive all updates to the Security Manual Template. 

The template includes everything needed to customize the Internet and Information Technology Security Manual to fit your specific requirement.  The electronic document includes proven written text and examples for the following major topics / sections for your security plan:

  • Compliance to ISO 27000, Sarbanes-Oxley, Patriot Act and HIPAA

  • Security Manual Introduction - scope, objectives, general policy, and responsibilities

  • Risk Analysis - objectives, roles, responsibilities, program requirements, and practices program elements

  • Staff Member Roles - policies, responsibilities and practices

  • Sensitive Information Policy

  • Physical Security  - area classifications, access controls, and access authority

  • Facility Design, Construction and Operational Considerations - requirements for both central and remote access points

  • Media and Documentation - requirements and responsibilities

  • Data and Software Security - definitions, classification, rights, access control, INTERNET, INTRANET, logging, audit trails, compliance, and violation reporting and follow-up

  • Network Security - vulnerabilities, exploitation techniques, resource protection, responsibilities, encryption, and contingency planning

  • Internet and Information Technology contingency Planning - responsibilities and documentation requirements

  • Travel and Off=Site Meetings - specifics of what to do and not do to maximize security

  • Insurance - objectives, responsibilities and requirements

  • Outsourced Services - responsibilities for both the enterprise and the service providers

  • Waiver Procedures - process to waive security guidelines and policies,

  • Incident Reporting Procedures - process to follow when security violations occur

  • Access Control Guidelines - responsibilities and how to issue and manage badges / passwords

  • Sample Forms

    • Business and IT Impact Questionnaire

    • Threat & Vulnerability Assessment Tool

    • Security Violation Reporting form

    • Security Audit form

    • Inspection Check List

    • New Employee Security form

    • Security Access Application form

    • Employee Termination Checklist

    • Supervisor's Employee Termination Checklist

    • Sensitive Information Policy Compliance Agreement

    • HIPAA Audit Program Guide

    • ISO 27000 (ISO 27002 & ISO 27002) Security Checklist

    • PCI DSS Audit Program

 

 

* Update service is for 12 months unless it is purchased within 30 days of the purchase of the Template.  Janco reserves the right to validate purchase of the customer was made for the template.
 
 
 

 

 

Site Map

HTML News Feed

Bs 7799 BS 7799-2 focused on how to implement an Information Security Management System (ISMS), referring to the information security management structure and controls identified in ISO 17799. The 2002 version of BS 7799-2 introduced the ...
more info  

IEC 17799 The standards provide a complete intercept, implementation, maintenance and documentation of the organization’s information security framework. 17799 was originally developed as the Kingdom of Great Britain and the code [...]
more info  

Download ISO 27001 / ISO 17799 Audit Questions and Checklist Free ISO 27001 / ISO 17799 Audit Questions and Checklist.
more info  

Download ISO 27001 / ISO 17799 Audit Questions and Checklist Whether the process ensures that a review takes place in response to any changes affecting the basis of the original assessment, example: significant security incidents, new vulnerabilities or changes to organisational or technical ...
more info  

Surviving a Security Audit Will they measure you against your company's security policies, industry standards (ISO 17799), laws (HIPAA, GLBA, Sarbanes-Oxley) or a combination? What is the scope of the audit, and which systems will be examined? ...
more info  

Information Security Policies, Procedures, and Standards ... The book contains checklists, sample policies, procedures, standards, guidelines, and a synopsis of British Standard 7799 and ISO 17799. Peltier provides you with the tools you need to develop policies, procedures, and standards. ...
more info  

Download Microsoft Security Assessment Tool 3.5 The questions and the recommendations that the tool offers are based on standards such as ISO 17799 and NIST-800.x, as well as recommendations and prescriptive guidance from Microsoft’s Trustworthy Computing Group and additional ...
more info  

(ISO) Using ISO/IEC17799 and ISO/IEC27001 Standard as Audit ... The most effective way to do this is to have a common standard on best practice for information security management such as BS ISO/IEC 17799:2005. Organizations can then benefit from common best practice at a truly international level, ...
more info  

Project Manager - Information Security CITPM) Security certification (eg CISSP, GIAC) Experience in managing projects for Information Security Passion for Security Knowledge of ISO 17799 Information Security framework" for more details please call us on ...
more info  

Audit Programs It was submitted to the International Standards Organization who published it as the Code of Practice for Information Security Management and was subsequently published by ISO under the number 17799 in 2000. [2] ...
more info  

International IT Governance: An Executive Guide to ISO 17799/ISO 27001 The development of IT Governance, which recognizes the convergence between business and IT management, makes it essential for managers at all levels to understand how best to deal with information security risks. ...
more info  

IT Auditing: Implementing Information Security Based on ISO 27001 ... ISO 27001 and ISO 17799 Implementing Information Security Based on ISO 27001 and ISO 17799: A Management Guide (Best Practice) (Paperback). by Alan Calder (Author), Jan Van Bon (Editor). Designed by IT Auditing Book Store or IS Auditing ...
more info  

Dan Swanson’s Security Resources: #12 ... to help company directors and IT project managers understand and achieve certification to ISO 27001, the newly published global certification standard for information security management (replaces BS7799 and complements ISO 17799). ...
more info  

Effective Security with a Continuous Approach to ISO 27001 Compliance The Tripwire Enterprise solution provides organisations with powerful configuration control through its configuration assessment and change auditing capabilities. In this white paper, learn how with Tripwire Enterprise, ...
more info  

Information Security | ISO 27001 and ISO 27002 (ISO 17799) Welcome to the International ISO 27001 and ISO 27002 (ISO 17799) Community Forum. Here we will publish news, articles and other information related to the ISO 27000 information security standards. However, primarily the Community Forum ...
more info  

Exam CISCO 646-561 Demo V2.83 8.Which government regulation is designed to create a common information security structure that is based on recognized best practices, and is an internationally recognized generic standard? A: Basel II. B: BS 7799/ISO 17799 ...
more info  

THE HEALTH INFORMATION TRUST ALLIANCE (HITRUST) SELECTS BRABEION ... Brabeion Software today announced that the Health Information Trust Alliance (HITRUST) has selected Brabeion as its IT GRC tool to aid in the development and coordination of the Common Security Framework (CSF). ...
more info  

IT Auditing: Information Security Based on ISO 27001/ISO 17799 The ISO/IEC 17799:2000 Code of Practice was intended to provide a framework for international best practice in Information Security Management and systems interoperability. It also provided guidance on how to implement an ISMS that ...
more info  

IT Auditing: Information Security: Design, Implementation ... Fortunately, Information Security: Design, Implementation, Measurement, and Compliance outlines a complete roadmap to successful adaptation and implementation of a security program based on the ISO/IEC 17799:2005 (27002) Code of ...
more info  

AMS9000 Audit Management Software ISO 17799 (ISO 27001 or BS 7799-1) is a code of practice for information security management. It gives recommendations for information security management, ie for initiating, implementing or maintaining security. ISO 17799 provides a ...
more info  

What is BS7799? ISO17799 and BS7799 are security policies and standards procedures. The standard was initially known as a British standard called BS 7799, developed by the British Standards Institution. Later, it became the ISO IEC 17799 standard when ...
more info  

Automating ISO 27001 security audits ISO 17799 is Part 1 of BS 7799 (the ISO standard for information security). ISO 17799 is a code of best practice for information security management and provides practical guidance on implementation of the security controls that should ...
more info  

SECURITY POLICY FOR PROACTIVE MEASURES This security planning solution covers all international rules and regulations including Sarbanes Oxley requirements and is fully ISO 17799 Compliant! We can customize this Comprehensive Framework to suit Your Business. ...
more info  

Verizon Business Helps Companies Better Manage Security Needs Verizon Business customers now can get an even better handle on the effectiveness of their security programs. At the Gartner IT Security Summit, Verizon Business announced significant enhancements to its already robust Security ...
more info  

Features of the BS 7799 and ISO 17799 standards An ISO 17799-certified organization has a winning edge over competitors who are not certified or those who do not comply with international security standards. In addition, a certified organization will have: ...
more info  

© 1999 - 2008 Janco Associates, Inc. - ALL RIGHTS RESERVED  --  Revised: 07/02/08.