RSS News Feed Feed Description

 

 

Security Manual TemplateSecurity Manual Template
ISO 27000 (27001 & 27002) - Sarbanes-Oxley -
PCI - Patriot Act - HIPAA
Compliant

This Security Manual for the Internet and Information Technology is over 200 pages in length.  The template is compliant with ISO 27000 (formerly ISO 17799), Sarbanes-Oxley, Patriot Act and HIPAA and includes a PCI DSS Audit program. All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley compliance).   In addition, the Security Manual Template PREMIUM Edition  contains 16 detail job descriptions that apply specifically to security and Sarbanes Oxley.

Clients can also subscribe to Janco's Security Manual update service and receive all updates to the Security Manual Template. 

The template includes everything needed to customize the Internet and Information Technology Security Manual to fit your specific requirement.  The electronic document includes proven written text and examples for the following major topics / sections for your security plan:
 

  • ISO 27000, Sarbanes-Oxley, Patriot Act, and HIPAA compliant

  • Security Manual Introduction - scope, objectives, general policy, and responsibilities

  • Risk Analysis - objectives, roles, responsibilities, program requirements, and practices program elements

  • Staff Member Roles - policies, responsibilities and practices

  • Physical Security  - area classifications, access controls, and access authority

  • Facility Design, Construction and Operational Considerations - requirements for both central and remote access points

  • Media and Documentation - requirements and responsibilities

  • Data and Software Security - definitions, classification, rights, access control, INTERNET, INTRANET, logging, audit trails, compliance, and violation reporting and follow-up

  • Sensitive Information Policy

  • Network Security - vulnerabilities, exploitation techniques, resource protection, responsibilities, encryption, and contingency planning

  • Internet and Information Technology contingency Planning - responsibilities and documentation requirements

  • Travel and Off-Site Meetings - specifics of what to do and not do to maximize security

  • Insurance - objectives, responsibilities and requirements

  • Outsourced Services - responsibilities for both the enterprise and the service providers

  • Waiver Procedures - process to waive security guidelines and policies,

  • Incident Reporting Procedures - process to follow when security violations occur

  • Access Control Guidelines - responsibilities and how to issue and manage badges / passwords

  • Sample Forms

    • Business and IT Impact Questionnaire

    • Threat & Vulnerability Assessment Tool

    • Security Violation Reporting form

    • Security Audit form

    • Inspection Check List

    • New Employee Security form

    • Security Access Application form

    • Employee Termination Checklist

    • Supervisor's Employee Termination Checklist

    • Sensitive Information Policy Compliance Agreement

    • HIPAA Audit Program Guide

    • ISO 27000 (27001 & 27002) Security Checklist

    • PCI DSS Audit Program

     


View The Table of Contents And A Few Pages


 

 
 
 
 
 
 

Latest News

HA tightens security for patients' data - The chairman of the Hospital Authority, Anthony Wu, says new measures will be in place in a week's time to tighten up the protection of patients' data. This came after hospitals lost several USB memory devices, containing the records of ... more info

FBI Backs Off From Secret Order for Data After Lawsuit - It is one of only three known instances in which the FBI has backed off from such a data demand, known as a "national security letter," or NSL, which is not subject to judicial approval and whose recipient is barred from disclosing the ... more info

All About The (Digital) File Shredder - As digital data and storage become more important, security considerations begin to enter the picture. Inevitably, the usefulness of computers would lead to their use in handling, processing, and storing confidential and private data. ... more info

Another Data Security Breach Headache For The Government - “Could I ask you to remind staff of the heightened security surrounding data transfer and ensure that data and passwords are sent separately.” Read more. -  more info

Security :: RE: Tunneling data - Author: DaFoxx Posted: Sat May 10, 2008 10:50 pm (GMT 1) XSS vuln after the said site DID hit the link ? Beware of Geeks bearing GIF's. -  more info

Comment on Destroying Our Health Care by wwb - Fix Social Security data base errors and issue new tamper proof Social Security card. Instead of biometrics, I prefer we would use a secret pin number type system and photo. This will cost billions but needs to be done to modernize the ... more info

Security :: RE: Tunneling data - I think Harry mentioned he didn't exploit the firewall at all.. The local admin was to the box behind the firewall.. I'm with outer here - my thinking is that if the firewall wasn't accepting any inbound connections, you somehow had to ... more info

Computers Hacking People ver 2.0 - Government funded unrestricted Data Mining and Information Awareness programs develop and run revolutionary Information Awareness Systems. Despite public opinion, these National Security systems continue to work to protect the nation ... more info

Shuttle Columbia's hard drive data recovered from crash site - Data recovery specialists at Kroll Ontrack Inc. painstakingly retrieved 99% of the information stored on the charred 400MB Seagate hard drive's 2.5-in. platters over a two day period after the device was discovered six months after the ... more info

We rank VASCO Data Security International Inc. (up 3.98 percent ... - Compared to other stocks in the market, the performance of VASCO Data Security International Inc. (up 3.98 percent, VDSI) has been below average. VDSI has underperformed 90% of all the stocks we track. -  more info

Data Loss Prevention Seeks To Define Itself And Find Its Nic - Data loss prevention (DLP) is one of the better category names simply because it does such a good job of describing what the technology is meant to do. The current dynamic in the sector is well framed in a recent InfoWorld story. -  more info

Data security bungles continue - GOVERNMENT staff have been sending out highly-sensitive data in packages that include the passwords, it was revealed yesterday. -  more info

Achieving Rapid Data Recovery for IBM AIX® Environments: An ... - This podcast looks closely at a unique data recovery solution for IBM AIX® Environments called EchoStream for AIX. Published by: Vision Solutions. -  more info

New Add-on Creates Vault-like Protection for Data on BlackBe - JumpVault™ keeps data safe even if devices are lost or stolen. -  more info

EASEUS Data Recovery & Security Suite 1.0 | 15.2 MB - As well as recover all your data loss, you can also protect any of your file, folder, partition and hard disk without any chances of recovery with our special Data Recovery & Security Suite solution. Data Security Wizard, using the best ... more info

Princeton Tower Club Leaks Alumni Data - The e-mail in question was sent with a spreadsheet containing the names and Social Security numbers of 103 alumni from 2006 and 2007 attached. Tower Club officers sent an e-mail asking those individuals that received the alumni ... more info

patterns & practices WCF Security Practices at a Glance Now Available - How to avoid proxy spoofing; How to expose service metadata for your clients; How to create a proxy to a service hosted in IIS that requires certificate authentication and transport security. Sensitive Data ... more info

Data Mining In Law Enforcement - How has 9/11 and later terrorist threats changed the way the US law enforcement searches public data. -  more info

MP3: Avoiding Data Security Breaches - (9 May) Listen to a brief news report on the settlements between retailer TJX Cos. and data brokers Reed Elsevier and Seisint and the Federal Trade Commission. -  more info

Data security breached at DWP - Government staff have been sending out highly sensitive data in packages that include the passwords. -  more info

DWP statement on data security breach - ... that the morons in the department were bundling passwords in the same packaging with encrypted data disc and sending them off to others. The DWP spokeswoman told El Reg, We take the security of individuals' data extremely seriously. ... more info

Comment on You have to pay for quality by Underground marketplace ... - Francois gave a running commentary of the above diagram in his blog post: As you can see in the following screenshot, pricing depends on available balance, bank organization and country. Additional information such as PIN and Transfer ... more info

The Shmoocon Report — oops, meant to post this in February! - We also moved several copies of Linux Firewalls (thanks to author Michael Rash for hanging out, helping out at the table, and for signing his book, and to Geoff Conti for doing his part with Security Data Visualization). ... more info

Webroot launches $1 million security data centre - Security provider Webroot this week launched its first data centre in the southern hemisphere to support its expansion into the Asia Pacific market. -  more info

DWP staff breach data security rules - I've just been forwarded a copy of a rather interesting email that appears to have been sent by a Security Advisor at the Department of Work Pension to staff reminding them of the security polcies around the transfer of public data of a ... more info

 

2008 Janco Associates, Inc. - ALL RIGHTS RESERVED --  Revised: 05/02/08.