Sarbanes Oxley Compliance Kit

Order Sarbanes Oxley kit

The audit spotlight now shines on IT. After years of regulation and embarrassing data breaches, the highest levels of management now comfortably discuss IT controls and audit results. However, their quality expectations are rising. Where IT once performed audits annually, many now support quarterly, monthly, and ad hoc exercises. Each audit expands the scope of the technologies assessed, measured, and proven compliant. Broader scope means more complexity and more work. With the Sarbanes Oxley Compliance Kit you can increase timeliness and accuracy of audit data while reducing IT audit effort, disruption, and cost.

Sarbanes-Oxley Section 404 requires that:

  • Enterprises have an enterprise wide security policy;
  • Enterprises have enterprise wide classification of data for security, risk, and business impact;
  • Enterprises have security related standards and procedures;
  • Enterprises have formal security based documentation, auditing, and testing in place;
  • Enterprise enforce separation of duties; and
  • Enterprises have policies and procedures in place for Change Management, Help Desk, Service Requests, and changes to applications, policies, and procedures.

To meet these needs the Sarbanes Oxley Compliance Resource Kit, which comes in four editions (Standard, Silver, Gold, and Platinum) contains:

  • Security Policies (all editions);
  • Threat & Vulnerability Assessment Tool (all editions);
  • Business & IT Impact Questionnaire Risk Assessment Tool (all editions);
  • Safety Program Template (all editions);
  • Disaster Recovery Template (all editions);
  • Outsourcing guide update to reflect what you vendors need to do (all editions);
  • Software tool to monitor key data files (all editions);
  • Internet and IT Job Descriptions (Silver, Gold, and Platinum Editions) and;
  • IT Service Management Template (Platinum Edition).

Order Sarbanes Oxley Kit

 


Disaster Plan

Disaster Recovery Template (DRP) 

The Disaster Recovery Plan template (DRP) can be used for any enterprise.   DRP Template is sent to you via e-mail in WORD and/or PDF format. Included is a Business Impact Questionnaire as well as a full Job Description for the Download Disaster Recovery TemplateDisaster Recovery Manager





Order Security Manual TemplateSecurity Manual 

The plan is 178 pages and includes everything needed to customize the Internet and Information Technology Security Manual to fit your specific requirement.  The electronic document includes proven written text and examples for your security plan.Download Security Manual Template

 



Order IT Job Descriptions220 Internet and  IT Job Descriptions     

The 220 Internet and IT Position Descriptions are in Word for Windows format.  Includes positions from CIO and CTO to Wireless and Metrics Managers. All of the positions in the book have been created to reflect the technology world of today.Download IT Job Descriptions

 



ITSM IT Service ManagementOrder IT Service ManagementThe IT Service Management Template

The  IT Service Management Template contains policies, standards,  procedures and metrics for Change Control, Help Desk and Service Request processing.  ITSM template also contains several easy to implement forms and conforms with ITIL.Download IT Job Descriptions

 


Order Oursouricng HandiGuidePractical Guide for IT Outsourcing

The guide is 91 packed pages and includes everything needed to plan for, negotiate, and manage an outsourcing process within an enterprise. Download Outsourcing HandiGuide

 



Order Safety Program TemplateSafety Program Template

The plan is 60 pages and includes everything needed to customize the Safety Program to fit your specific requirement.  The Safety was updated in December of 2004 and reflects the latest issues associated with the most recent legislation (Sarbanes Oxley).  Download Safety Program Template

 

                             


 

 

 

 

 

 

Sarbanes-Oxley Issues and News


Cybercriminals are expanding the scope and breath of attacks

October 23rd, 2014

Security Policies


Every day cybercriminals are deploying new threats that are more destructive than ever before. While most CIOs have more people devoted to IT security, established businesses are are vulnerable to a wider array of attacks.

The IT Security Manual Template provides CIOs, CSOs, and IT Managers all of the essential materials with real live useable text for a complete security manual. Detailed language addressing more than a dozen security topics is included in a 230 plus page Microsoft Word document, which you can modify as much or as little as you need to fit your business requirements.

Order Security ManualTable of Contents

- more info

Security Policies - Procedures - Audit Tools

September 3rd, 2014

74% of government IT executives said they expect at least one foreign-based cyber attack, including viruses, malware or hacking, within the next year.

Security Manual Purchase Options

Order Security Manual
Sample DRP
- more info

Surplus of stem degreed US employees unemployed

August 21st, 2014

With a nearlly 8 million STEM (science, technology, engineering, and mathematics) degreed workers who are not in the STEM workforce why do we need more H-1B visas?

Despite the economic downturn, Census Bureau data show that, between 2007 and 2012, about 700,000 new immigrants who have STEM degrees were allowed to settle in the country, yet at the same time, total STEM employment grew by only about 500,000.

IT Hiring IT Job Descriptions IT Salary SurveyIT Salary SurveyJob Descriptions
Order IT Hiring Kit

 

- more info

Internet of Everthing - a reality

March 26th, 2014

The fast pace of technology is changing our notion of the modern organization. As barriers to market entry are falling, customers, employees, and citizens alike are demanding new ways to interact. This trend is moving us into the next wave of Internet evolution known as the "Internet of Everything" (IoE). Connecting people, data, processes, and things, IoE is creating a digital disruption with great societal value as everything is coming online.

Organizations of all types are realizing the benefit of this increased connectedness through operational efficiency and improved customer and citizen experiences. Many organizations are using IoE connections to run- not just monitor - complex operations in manufacturing, healthcare, financial services, utilities, and the public sector to generate and deliver significant value.

  • CIO IT Infrastructure Policy Bundle (more info...) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable
    • Backup and Backup Retention Policy (more info...)
    • Blog and Personal Web Site Policy (more info...) Includes electronic Blog Compliance Agreement Form
    • BYOD Policy Template (more info...) Includes electronic BYOD Access and Use Agreement Form
    • Google Glass Policy Template (more info...) Includes electronic Google Glass Access and Use Agreement Form
    • Incident Communication Plan Policy (more info...) Updated to include social networks as a communication path
    • Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy (more info...) Includes 5 electronic forms to aid in the quick deployment of this policy
    • Mobile Device Access and Use Policy (more info...)
    • Patch Management Policy (more info...)
    • Outsourcing Policy (more info...)
    • Physical and Virtual Security Policy (more info...)
    • Record Management, Retention, and Destruction Policy (more info...)
    • Sensitive Information Policy (more info...) HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form
    • Service Level Agreement (SLA) Policy Template with Metrics (more info...)
    • Social Networking Policy (more info...) Includes electronic form
    • Telecommuting Policy (more info...) Includes 3 electronic forms to help to effectively manage work at home staff
    • Text Messaging Sensitive and Confidential Information (more Info...)
    • Travel and Off-Site Meeting Policy (more info...)
    • IT Infrastructure Electronic Forms (more info...)

IT Infrastructure PoliciesInfrastructure Policy Sample

- more info

IT Pros can advance in general company management

February 24th, 2014

Because technology touches so many aspects of most organizations, an IT background can be an advantage, a steppingstone to other areas of your business. To advance, look at change as an opportunity to grow. Sure, change means stepping out of your comfort zone, but you'll likely be glad you altered your career mindset.

IT Hiring IT Job Descriptions IT Salary SurveyIT Salary SurveyJob Descriptions

Once you become known as an able business chameleon, you'll have a good shot at being offered new opportunities. What's more, there's no better training to be a CIO -- if that's even your goal -- than to work in many areas of business.

Understanding the business goals of different branches of an organization is the most important nontechnical skill a senior IT leader can master.

If you follow this kind of career path, look for experienced mentors to help you along the way.

- more info

How Compliance Impacts Backup Strategy

February 17th, 2014

Given the concurrent explosion of digital information and compliance requirements, having a sound, workable backup and restore policy is essential. When a disaster occurs – whether that be a terrorist attack, hurricane, or just human error – having and enforcing a backup strategy can get you quickly back in business.

Order Compliance Kit

- more info

Target breach described in detail

February 6th, 2014

According to Krebs, sources close to the investigation said the attackers first gained access to Target's network on Nov. 15, 2013 with a username and password stolen from Fazio Mechanical Services, a Sharpsburg, Pa.-based company that specializes in providing refrigeration and HVAC systems for companies like Target.

Fazio apparently had access rights to Target's network for carrying out tasks like remotely monitoring energy consumption and temperatures at various stores.

The attackers leveraged the access provided by the Fazio credentials to move about undetected on Target's network and upload malware programs on the company's Point of Sale (POS) systems.

Plan Do Act

The hackers first tested the data-stealing malware on a small number of cash registers and then, after determining that the software worked, uploaded it to a majority of Target's POS systems. Between Nov. 27 and Dec. 15, 2013, the attackers used the malware to steal data on about 40 million debit and credit cards. U.S., Brazil and Russia.

Order DRP BCP SecuritySample DRP Security Manual
- more info

Social Media Digest - Current Articles

January 20th, 2014

Social Media Digest - Current Articles

  1. Include Social Media in Your Business Continuity Plans  6 Ways to Utilize Social Media Before a Disaster Strikes by Adam Crowe When creating a disaster recovery plan include social media.  Simple things like...
  2. Social media policy needed to meet internal audit requirements Social Media Policy is Missing in Over 50% of all Organizations Internal audit has never been easy, and a recent survey shows that 43% of...
  3. CIO challenge – how to manage the social media risks  CIO challenge – how to manage the social media risks CIOs are faced with new social media risks.  Analysts are predicting that by 2016 as...
  4. 10 steps to jump start your business continuity planning  business continuity planning – 10 steps to jump start your BCP Business Continuity – For many businesses there is some technology component that allows them...
  5. 10 best practices in managing social networks and relationships  10 Best Practices in Managing Social Networks and Social Relationship Social networks provide an opportunity to communicate electronically with both personal and business associates.  Done...
Order PolicySample policy
- more info

Some say IT spending to rise in 2014

January 6th, 2014

Global spending on information technology is expected to rise 3.1% to $3.8 trillion in 2014, up from growth of just 0.4% last year according to one research firm.

The enterprise software group is expected to show the fastest growth, with sales rising 6.8% to $320 billion, a plus for industry leaders that include Oracle (ORCL) and Salesforce.com (CRM).

Salary Survey Job Descriptions IT Hiring Kit Interview Guide

The increased spending on enterprise software is coming partly from the growth in Big Data, a term used to describe how companies are using software and related services to better comprehend massive inflows of digital information from numerous sources.

Order Salary Survey    Free Salary Survey


 

- more info

Compliance is driven from the top down

December 15th, 2013

Compliance is driven from the top down.  Executive Management is the prime mover.

Order Compliance Kit

The tone at the top is vital with communication from top management into the middle management team. Some best practices that can periodically reinforce compliance of various policies include middle management facilitating a short time of staff meeting to discuss a specific policy relative to actual business behavior. Training is great yet people need to know what compliant behavior looks to their daily work.

Compliance Process
- more info