Patriot Act Security Bundle

The Patriot Act Security Buncle contains the Security Manual Template; the Disaster Recovery Plan Template; the Sensitive Information Policy Template; the Internet, E-Mail & Electronic Communications Policy Template; the Internet and PC Workstation Policies and Procedures HandiGuide; and 3 key job descriptions - Chief Security Officer (CSO) - Manager Internet - Intranet and Internet Administrator.

The Patriot Act Security Bundle has been updated to reflect all of the legislation that has be enacted by the United States Congress. You can purchase the entire bundle by clicking on the order button above or individual components by clicking on the images below.

Security Manual Template - Policies and Procedures

The Security Manual Template includes two of our most popular and successful tools - the Business & IT Impact Analysis Questionnaire and the Threat and Vulnerability Assessment Tool.

The Security Manual Template is over 200 pages and includes everything needed to customize the Internet and Information Technology Security Manual to fit your specific requirement. The electronic document includes proven written text and examples for the following major sections for your security plan:

Security Manual Introduction

Risk Analysis

Staff Member Roles

Physical Security

Facility Design, Construction and Operational Considerations

Media and Documentation

Data and Software Security

Network Security

Internet and Information Technology contingency Planning

Insurance

Outsourced Services

Waiver Procedures

Incident Reporting Procedures

Access Control Guidelines

Glossary

Sample Forms

Sensitive Information Policy Template

Policy defines how to treat Credit Card, Social Security, Employee, and Customer Data. The policy is 15 pages in length. This policy complies with Sarbanes Oxley Section 404.

This policy applies to the entire enterprise, its vendors, its suppliers (including outsourcers) and co-location providers and facilities regardless of the methods used to store and retrieve sensitive information (e.g. online processing, outsourced to a third party, Internet, Intranet or swipe terminals).

Disaster Recovery Plan (DRP) and
Business Continuity Plan (BCP)

This Disaster Recovery Plan (DRP) can be used as a template for any size of enterprise. The DRP is sent to you via e-mail in WORD and/or PDF formats. Included is a 13 page Business Impact Questionnaire as well as a 3 page Job Description for the Disaster Recovery Manager.

The Template inclues the following sections in pre-written format. There is no reason for you to re-invent the procss. The template has all of the text and forms that you need.

Plan Introduction

Work Plan to implement the template

Business Impact Analysis

DRP Organization Responsibilities

Backup Strategy

Recovery Strategy

Disaster Recovery Procedures Check List

Plan Administration Process

13 page Risk Assessment - Business Impact Questionnaire

3 page Job Description for Disaster Recovery Manager

Plus much more

Internet and PC Workstation Policies and Procedures HandiGuide

The use of the Internet and PCs is now part of normal work and personal activities. Terms such as cyberspace, information highway and the Internet are now part of everyone's vocabulary. New operating systems, complex networks, inter-company e-mail and work at home programs have made the management of most enterprises understand the total effort required to support PCs, LANs and workstations. With this in mind, we've developed the Internet and PC Workstation Policies and Procedures HandiGuide® to assist you in managing your environment with valuable guidelines, rules, forms, and standards that many enterprises have already adopted. Some of the chapter include:

Security Guidelines
Back-Up and Recovery
Service Requests
Electronic
Communication
Internet
Security Guidelines
Facility Requirements
Local Area Networks

Business Resumption Plan
Applications Development Standards
Viruses
Justification, Acquisition & Support
Manager's PC & LAN
Responsibilities
Change Control
How to get Technical Support

Internet, Email & Electronic Communication Policy

Internet, Email & Electronic Communication Policy sections include appropriate use of equipment, Internet access, Intellectual Property, e-mail, e-mail retention period, data security and ownership of information. This has been updated to reflect file sharing,, music and video file capture and use.

3 Key Job Descriptions:

Chief Security Officer (CSO)

Manager Internet and Intranet

Internet - Intranet Administrator

Patriot Act and Security News

Recession continues in IT

01/28/2012

Lockheed Martin Corp. expects sales in its IT division to continue downward in 2012 as it did in 2011, during which net sales decreased by 5 percent.

Sales in the companys Information Systems and Global Solutions (IS&GS) segment decreased $92 million, or 3 percent, during the forth quarter, which ended Dec. 31, compared to the last quarter of 2010. It also declined by $540 million, or 5 percent, for all of 2011, compared to the previous year, according to financial figures released Jan. 26.

Overall though, the business segment was hit by the fiscal pressures the government is under, which keep agencies from spending as much on IT products and services in 2011. Executives expect the segment's annual operating margins in 2012 to be similar to the annual 2011 figures.
- more info

Recession drags on

01/20/2012

IT spending by banks will grow to $173.3 billion this year, up just 2.8% over 2011 and well short of an earlier forecast that pegged growth at 4.3% in 2012, according to research firm Celent. In fact, IT spending in banking is expected to be weak over the next couple of years.

IT Job Market Employment Trends

In a new report, Celent said the tumultuous state of the banking industry since 2009 continues to affect tech spending. For instance, when Celent published its report on worldwide banking last year, it appeared that a turnaround had begun. "This is no longer the case; there is still plenty of uncertainty," Celent stated.
- more info

Security is still an issue

01/08/2012

Executives are getting targeted by "whale phishing" attacks - malicious e-mails and Web sites designed to coerce them into giving up valuable personal and business data. How are you going to protect your top managers? And while you are thinking scary thoughts, have you taken adequate steps to protect all your employees from the aggressive and adaptive Storm worm, which exploits e-mail and Web 2.0 vulnerabilities to propagate spam-churning malware across business networks? And do you have measures in place to prevent staff from accidentally "leaking" sensitive customer data in e-mails, a crucial element of compliance with PCI, HIPAA, and global privacy regulations? What need to know information about whale phishing, the Storm worm, and e-mail leakage, plus details on a cutting-edge solution that can protect your staff, executives and data from all three are you missing? - more info

What Information Do You Need to Implement a Complete Security Plan?

01/08/2012

Execurives are getting targeted by "whale phishing" attacks - malicious e-mails and Web sites designed to coerce them into giving up valuable personal and business data. How are you going to protect your top managers? And while you are thinking scary thoughts, have you taken adequate steps to protect all your employees from the aggressive and adaptive Storm worm, which exploits e-mail and Web 2.0 vulnerabilities to propagate spam-churning malware across business networks? And do you have measures in place to prevent staff from accidentally "leaking" sensitive customer data in e-mails, a crucial element of compliance with PCI, HIPAA, and global privacy regulations? What need to know information about whale phishing, the Storm worm, and e-mail leakage, plus details on a cutting-edge solution that can protect your staff, executives and data from all three are you missing? - more info

Downtime is a lost opportunity

12/16/2011

Downtime, whether planned or unplanned, often translates into lost opportunities and increased costs - and for many enterprises today, any amount of downtime is unacceptable.

Having an effective recovery strategy and a set of coherent disaster recovery plans is essential to helping avoid downtime during a crisis. The need for enhanced quality, efficiency, and predictability for disaster recovery and business continuity has increased significantly, highlighting the necessity of a well-defined set of recovery plans and regular testing. However, as the required scope of critical processes, production applications, and enterprise demands increases, sustaining the timeliness and effectiveness of a recovery plan can become increasingly difficult.

For most organizations, disaster recovery is extremely labor intensive, often requiring the manual coordination of hundreds of recovery tasks. So although the importance of having an effective disaster recovery plan is clear, organizations often find it difficult to achieve the level of protection they need.
- more info

IT Pros are reluctant to change companies

11/05/2011

Many IT workers are staying put at their current jobs due to a combination of lingering economic concerns and improving conditions at work.

In a survey of 500 IT pros, a staffing firm found the vast majority (89 percent) are currently happy with their jobs. Nearly two-thirds (64 percent) said they intend to stay with their current employer, and 25 percent said they'd only leave if the right opportunity came along. Just 11 percent are unhappy with their current position, which includes 4 percent of respondents who are actively searching for a new job.

Part of the reason IT pros are staying put is caution. Employees are nervous about unemployment levels, an unstable economy, and the possibility of a double-dip recession. Marketplace paranoia is keeping people where they are.

In addition, companies are working hard to keep their current IT teams intact. A lot of employers are creating environments that are hard to leave. Perks such as the opportunity to telecommute, flexible schedules, and onsite daycare are helping with retention efforts. They've made it endearing so that people think twice about moving on to something else.
- more info

Security driven by how enterprise governs the process

10/27/2011

How many of the recent, high-profile data breaches at blue-chip companies could have been prevented with better governance? While corporate governance is common practice, often obligatory, in many aspects of business, governance is not always present in information security. Yet it plays a vital role in reducing risk and speeding response.

When the information security function adopts governance, it raises its game, engaging with senior management and other corporate governance functions. This not only minimises information risk and reputational damage, it also delivers continuing added value from information technology.

New technologies are constantly increasing the complexity of business information, while more sophisticated technology and processes are needed to manage it. Furthermore, that information is simultaneously more critical to the business and more susceptible to attack or abuse.

Information security governance enables the direction and oversight of information security-related activities across an enterprise, as an integrated part of corporate governance. It shows customers, business partners, shareholders and regulators that information is being protected according to industry best practice. It provides the agility to deal with incidents quickly and effectively, and enables better management of all of information security activities decreasing the chances of headline-grabbing incidents.
- more info

Remote Branch Offices are a Disaster Recovery Business Continuity Risk

10/16/2011

Distributed data at remote and branch offices (ROBOs) continues to grow substantially year after year. Leaving this data unprotected or inadequately protected poses, serious business risks for organizations. Protection approaches require careful consideration as factors such as technical complexity, capital and operational costs, and expertise of personnel must be taken into account.

Local disk-based data protection strategies improve backup efficiency and reliability over tape-based ones. Consolidation of edge data to the core data center may introduce further efficiencies. Data de-duplication can drive both backup-to-disk and consolidation adoption.
- more info

Security as a concept is out-dated

10/10/2011

The current focus on complying with the myriad of assurance frameworks is taking focus away from the obligations placed on organizations to identify and manage the risks to their information assets; which, in turn, places an inordinate and inappropriate burden on external service providers to satisfy the concerns of organizations with no common terms of reference.

While security in the cloud services environment is clearly a concern for many IT security professionals, there is still a lack of assurance within the external supply chain as whole.

The message on security is getting through to businesses, there is no consistent language to determine whether the service provider will operate the controls to a level that assures the client that their risks are managed appropriately. This proves that the current security mindset is little more than managing risks to achieving compliance rather than empowering organizations to understand the controls required to manage the risks to their information.

All organizations on both sides of the public/private sector divide, have an explicit obligation under law to ensure that personal and corporate information is managed in a safe manner.

The current compliance overload over the past four or five years has led to an inordinate focus on managing risks to compliance rather than understanding the risks to information - and this focus has meant that we look to overuse of technical controls to show due diligence to ensure that when a breach occurs, that penalties will not be levied; it is not designed to reduce the likelihood of breaches themselves.

This approach is unsustainable, as it does not look to the implementation of the controls and fails to address the business risk management issue that exists in most organizations. This is turn has no more benefit to the business than placing money in the shredder.

The current lack of corporate information governance in today's businesses will soon result in increased penalties. This proves that the current focus on compliance risk management as we know it is nearing an end, and something else is required to assist organizations to understand and manage the risks to their information going forward.
- more info

Future Evolution of Technology

10/01/2011

During the next two to three years there will be a continued advancement in web-based technology that will ease integration and facilitate integrated enterprise content management (ECM) and business process management (BPM) and analytics into business infrastructure software applications.

Key business dynamics could alter this progress. Include the possibility of double-dip recession in the United States and European countries, continuous credit and derivative losses that threaten business expansion. These developments would cause many business to reduce their total IT spending budgets and make lower-cost, lower-automation system improvements. Business will, however, continue strategic cost reduction initiatives that drive ITO and BPO spending.

A number of technologies are generating interest but little spending or are early in their growth cycle. For example, research and development for mobile business infrastructure applications is accelerating although spending on mobile is still very low compared with spending on other distribution channels. The continued growth of the installed base of mobile devices will eventually create "network effects" that accelerate adoption beyond mobile status information into more customer relationship management applications.

Social media and peer-to-peer (P2P) transactions and IT spending are in their infancy. The combination of social media with P2P transactions could spur P2P application development.
- more info