Security Policies ProceduresThreat Vulnerability AssessmentRisk Assessment

Security Manual

ISO 27000 - 27001 & 27002
(formerly ISO 17799),
Sarbanes Oxley, HIPAA,
PCI-DSS, and Patriot Act Compliant


Includes Audit Program for PCI DSS  Compliance, HIPAA Audit Guide, and ISO 27000 Checklist

Order Security Manual Template

The Security Manual for the Internet and Information Technology is over 240 pages in length. This electronic document is fully compliant with the ISO 27000 standard, Sarbanes Oxley, HIPAA standard, and the Patriot Act.

All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley compliance.   In addition, the Security Manual Template PREMIUM Edition  contains detail job descriptions that apply specifically to security and Sarbanes Oxley. The job descriptions are:

  • Chief Security Officer (CSO)
  • Chief Compliance Officer (CCO)
  • VP Strategy and Architecture
  • Director e-Commerce
  • Database Administrator
  • Data Security Administrator
  • Manager Data Security
  • Manager Facilities and Equipment
  • Manager Network and Computing Services
  • Manager Network Services
  • Manager Training and Documentation
  • Manager Voice and Data Communication
  • Manager Wireless Systems
  • Network Security Analyst
  • System Administrator - Unix
  • System Administrator - Windows

Clients can also subscribe to Janco's Security Manual update service and receive all updates to the Security Manual Template. 

The template includes everything needed to customize the Internet and Information Technology Security Manual to fit your specific requirement.  The electronic document includes proven written text and examples for the following major topics for your security plan:

  • Compliance to ISO 27000 (27001 & 27002), HIPAA, SOX, PCI, and the Patriot Act
  • Security Manual Introduction - scope, objectives, general policy, and responsibilities
  • Risk Analysis - objectives, roles, responsibilities, program requirements, and practices program elements
  • Staff Member Roles - policies, responsibilities and practices
  • Physical Security  - area classifications, access controls, and access authority
  • Facility Design, Construction and Operational Considerations - requirements for both central and remote access points
  • Media and Documentation - requirements and responsibilities
  • Data and Software Security - definitions, classification, rights, access control, INTERNET, INTRANET, logging, audit trails, compliance, and violation reporting and follow-up
  • Network Security - vulnerabilities, exploitation techniques, resource protection, responsibilities, encryption, and contingency planning
  • Internet and Information Technology contingency Planning - responsibilities and documentation requirements
  • Travel and Off - Site Meetings - specifics of what to do and not do to maximize security
  • Insurance - objectives, responsibilities and requirements
  • Outsourced Services - responsibilities for both the enterprise and the service providers
  • Waiver Procedures - process to waive security guidelines and policies,
  • Incident Reporting Procedures - process to follow when security violations occur
  • Access Control Guidelines - responsibilities and how to issue and manage badges / passwords
  • Sample Forms

    • Business and IT Impact Questionnaire
    • Threat & Vulnerability Assessment Tool
    • Security Violation Reporting form
    • Security Audit form
    • Inspection Check List
    • New Employee Security form
    • Security Access Application form

Order Security Manual Template




Latest News

American Express hits privacy head on

September 2nd, 2015

American Express hits privacy head on with its "Privacy Center"

After many attack and phishing scams in the past year, American Express has come up with a proactive solution which is focused at provding an easy way for it customers to communicate with them. Customers can:

  • Explore your privacy choices and update communication preferences
  •  Review Privacy Notices and our Online Privacy Statement 
  • Learn how AMX protects customer privacy and keep thier information safe

Privacy readings

Privacy Policy,, Janco Associates, Janco
... Articles Archives Register CIO Roundtable Company Who we are Customers Downloads Advertizing Rate Sheet TestimonialsPrivacy Payment Options Terms and Conditions Return Policy Site Map Blog Top 10 Lists Privacy ...
BYOD guidelines are defined
... Articles Archives Register CIO Roundtable Company Who we are Customers Downloads Advertizing Rate Sheet TestimonialsPrivacy Payment Options Terms and Conditions Return Policy Site Map Blog Top 10 Lists BYOD ...
proposed privacy bill compliance nightmare
... Articles Archives Register CIO Roundtable Company Who we are Customers Downloads Advertizing Rate Sheet TestimonialsPrivacy Payment Options Terms and Conditions Return Policy Site Map Blog Top 10 Lists Compliance ...
Most business transactions and interactions between individuals and business are electronic
... Articles Archives Register CIO Roundtable Company Who we are Customers Downloads Advertizing Rate Sheet TestimonialsPrivacy Payment Options Terms and Conditions Return Policy Site Map Blog Top 10 Lists User ...

- more info

New job title - Chief Digital Officer - CDO

July 1st, 2015

The job of chief digital officer (CDO) has recently emerged as a new role on the leadership team, as organizations are looking to bring in digital capabilities and seeing the need for an executive with a new set of competencies that combines strategy, marketing, and technology. Many are considering hiring or have already hired a digital leader to oversee enterprisewide digital strategy.

Position Descriptions IT Salary Survey

263 IT Job Descriptions and Organization Charts

The Internet and IT Position Descriptions HandiGuide® was completed in 2014 and is over 700 pages; which includes sample organization charts, a job progression matrix, and 263 Internet and IT job descriptions.   The book also addresses Fair Labor Standards, the ADA, and is in a new easier to read format

BuyTable of Contents
- more info

Top 10 Cloud Security practices identified by Janco

May 26th, 2015

necessary security for the data and the application

Outsourcing Template

10 Cloud Security best practices have been identified by Janco.  They are more important today than ever before with the increase in the number of cloud applications and the number of hackers that are out there.

- more info

Since Anti-virus software no longer works why is everyone still using it

May 14th, 2015

Companies have relied on antivirus (AV) software to help detect, prevent and remove malicious code before it becomes a problem. But does it work?

Traditional signature-based anti-malware solutions are increasingly ineffective. In cases where an enterprise is subject to an advanced targeted attack, it may provide no protection at all. [And] in cases where the end user is targeted directly, runs with full administrative rights on their PC and is tricked into running some kind of Trojan, traditional anti-malware solutions are of little value.”
So why do companies still use it?

Standalone AV is no longer effective at stopping today’s increasingly sophisticated barrage of key loggers, backdoors, rootkits, Trojan horses, worms and spyware.

There are two primary reasons why AV is still deployed on enterprise endpoints.

  • Antivirus is required for legal and compliance reasons
  •  Even though AV doesn’t catch everything, it still provides some level of protection. Microsoft has done studies to show that computers without any AV are infected at a much higher rate than computers with AV -- irrespective of what brand.
Order Compliance Kit

Related readings:

  1. CIOs worry more about cyber threats with mobile computing Cyber threats are now a much greater concern with the expansion of the use of mobile devices and services. At the same time online criminals...
  2. Fraud is on the rise CIOs need to address fraud issues with better security For the last three years it has been reported that estimated fraud losses that are doubling...
  3. Anatomy of a Chinese Cyber Attack Cyber Attack — How the Chinese do it… A Chinese cyber Attack (a Stuxnet-style attack) frequently makes its first entry into a company’s secure network...
  4. CIOs Worry More About Cyberthreats CIOs face more cyber threats Cybert hreats are now a much grater concern with the expansion of the use of mobile devices and services. At...
  5. Cyber war breaks out – slows Internet Cyber war pushes need for more security The recent cyber war between Spamhaus and Cyberbunker with commercial Denial of Service Attack (DDoS) pushed the Internet...


- more info

Total security is almost impossible to achieve

April 27th, 2015

Total security, protectetion of data and IT invulnerability are impossible at any price. Most companies spend a major portion of their IT budgets on computer security defenses to prevent hackers from taking advantage of known everyday vulnerabilities. The theory is simple: With enough layers of security, the bad guys will look elsewhere for easier targets.

Security Manual - Comprehensive, Detailed, and Customizable

The Security Manual is over 240 pages in length. All versions of the Security Manual Template include both the Business IT Impact Questionnaire and the Threat Vulnerability Assessment Tool (they were redesigned to address Sarbanes Oxley compliance).  

Order Security ManualSample DRP
- more info

Cloud disaster recovery planning

April 14th, 2015

Outsourcing TemplateMany companies now are including cloud disaster recovery process in their business continuity plans.   Janco has found that disaster plans that include the cloud if done well will simplify and  improve the success of the recovery process.

 Order Disaster Plan TemplateDisaster Plan Sample

Related posts:

  1. Disaster Recovery Plan in the cloud Paper disaster recovery and business continuity plans are difficult to keep up to date and be available for the recovery process. One solution that we...
  2. Top 10 Reasons Why Disaster Recovery Business Continuity Plans Fail In the recession many organizations put disaster recovery and business continuity on the back burner. As a result those plans are not as functional as...
  3. DRP BCP Best Practices Defined DRP BCP Best Practices Defined Here are some Disaster Recovery Business Continuity best practices   Keep your primary backup  disaster recovery business continuity data in...
  4. Radiological and Nuclear Disaster Planning ...
  5. Disaster Planning - Business Continuity Cost of No Plan Cost of no Plan CIO and the organizations they manage need to place a high value on being prepared for disasters of any kind because...
- more info

Problem with traditional email systems

April 6th, 2015

One of the majors shortcoming of email is it is next to impossible to retrieve a message that you wish you hadn’t sent. Perhaps there is more up-to-date information shortly after you sent the email, maybe you sent it to the wrong person, or maybe you simply said something you should not have.

Electronic Communication

 Who has not realized that offering the CIO a candid assessment of his style was just a bad idea? If the recipient is using a POP3 email system, you can pretty much forget it, because everything is downloaded locally and is no longer influenced by changes to the server. But even when that’s not the case, you’re not likely to have any luck with an email recall attempt. And if you try, the recipient is probably going to know about it, and so your plan will backfire as the recipient will suddenly take an intense interest in what you so very much want to take back.

Defining Your Optimal IT Infrastructure is a critical task that can no longer wait with all of the changes mandated by PCI-DSS, HIPAA, ISO, ITIL, Sarbanes-Oxley, changing economic environment, and changes to enterprise operating environments.

Order PolicySample policy


- more info

Shadow IT puts organizations and DR plans at risk

February 18th, 2015

As smartphone and tablet usage continues to grow,  CIOs and companies will continue to see he growth of Shadow IT , fueled by users’ requirements for anytime, anywhere access to files. Furthermore, policy and education alone cannot address the emergence of Shadow IT and resulting unmanaged file sharing and data exposure.

In order to fully address this issue, CIOs must consider providing the tools that deliver the convenient and flexible access to information that users want. Without the proper tools provided, managed, and supported by IT, users will continue to find alternative solutions and work around existing policies, leaving IT in the dark.

Over a six month period Janco Associates interviewed managers and executives in enterprises of all sizes that had experienced a business interruption and had to take some sort of action to continue their operations. Only 72 of the 195 Interviewees were able to recover with no major problems. 123 of the others faced some issue with their recovery efforts.

Why DR and BC plans fail

 Order Disaster Plan TemplateDisaster Plan Sample
- more info

Net neutrality now in a fight between Congress and the FCC

January 15th, 2015

The game is on for net neutrality as Congress is set for legislation that they say will ensure net neutrality protections for Internet users and will spur U.S. economic growth.

The new law would create “unambiguous” rules prohibiting broadband providers from selectively blocking or throttling Web traffic, while avoiding a reclassification of broadband as a regulated public utility. The FCC wants to treat the Internet as a utility to regulate and tax it.  This proposal is the new Congress'way to stop that from happening.

The bill would not allow broadband provides to “charge a premium to prioritize content delivery,” but it would create new rules without relying on reclassification of broadband under Title II of the Telecommunications Act.


You can get all of Janco's templates in its IT Management Suite. When you do that you save over $2,500 and when implemented your enterprise is positioned to have a "WORLD CLASS" Information Technology function. You will be in compliance with all mandated requirements including all US and International requirements.

- more info

Pros and Cons of Millennial Employees

December 9th, 2014

More than 70%of CIOs say an advantage of hiring millennials (workers under the age of 35) is the technology savviness they bring to the job. 21%of CIOs say millennials are more creative and innovative than other workers. More pragmatically, nearly 50%acknowledge that millennials are less expensive to employ.

At the same time, they say, millennials offer unique employment challenges.

  • 53% say millennials are less loyal to the company,
  • 46% say the group exhibits an attitude of entitlement,
  • 31% believe millennials require more intense management, and
  • 27% say young workers are more interested in their own personal development than they are in the company.

“One surprising finding is how few U.S. companies have instituted workplace changes to accommodate millennials. In the United States, only 41% have made changes to adapt to younger workers. Other regions of the world have been more accommodating: for example, about 70% of Latin American and Asian firms have adapted to hire/retain millennials.

The most common adaptions to accommodate millennials are making work hours more flexible (21 percent), allowing work from home (17%), increasing training (16 percent), implementing new mentoring programs (13%), and altering corporate culture (10%).

- more info