Security Policies ProceduresThreat Vulnerability AssessmentRisk Assessment

Security Manual
Template

ISO 27000 - 27001 & 27002
(formerly ISO 17799),
Sarbanes Oxley, HIPAA,
PCI-DSS, and Patriot Act Compliant

 

Includes Audit Program for PCI DSS  Compliance, HIPAA Audit Guide, and ISO 27000 Checklist

Order Security Manual Template

The Security Manual for the Internet and Information Technology is over 240 pages in length. This electronic document is fully compliant with the ISO 27000 standard, Sarbanes Oxley, HIPAA standard, and the Patriot Act.

All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley compliance.   In addition, the Security Manual Template PREMIUM Edition  contains detail job descriptions that apply specifically to security and Sarbanes Oxley. The job descriptions are:

  • Chief Security Officer (CSO)
  • Chief Compliance Officer (CCO)
  • VP Strategy and Architecture
  • Director e-Commerce
  • Database Administrator
  • Data Security Administrator
  • Manager Data Security
  • Manager Facilities and Equipment
  • Manager Network and Computing Services
  • Manager Network Services
  • Manager Training and Documentation
  • Manager Voice and Data Communication
  • Manager Wireless Systems
  • Network Security Analyst
  • System Administrator - Unix
  • System Administrator - Windows

Clients can also subscribe to Janco's Security Manual update service and receive all updates to the Security Manual Template. 

The template includes everything needed to customize the Internet and Information Technology Security Manual to fit your specific requirement.  The electronic document includes proven written text and examples for the following major topics for your security plan:

  • Compliance to ISO 27000 (27001 & 27002), HIPAA, SOX, PCI, and the Patriot Act
  • Security Manual Introduction - scope, objectives, general policy, and responsibilities
  • Risk Analysis - objectives, roles, responsibilities, program requirements, and practices program elements
  • Staff Member Roles - policies, responsibilities and practices
  • Physical Security  - area classifications, access controls, and access authority
  • Facility Design, Construction and Operational Considerations - requirements for both central and remote access points
  • Media and Documentation - requirements and responsibilities
  • Data and Software Security - definitions, classification, rights, access control, INTERNET, INTRANET, logging, audit trails, compliance, and violation reporting and follow-up
  • Network Security - vulnerabilities, exploitation techniques, resource protection, responsibilities, encryption, and contingency planning
  • Internet and Information Technology contingency Planning - responsibilities and documentation requirements
  • Travel and Off - Site Meetings - specifics of what to do and not do to maximize security
  • Insurance - objectives, responsibilities and requirements
  • Outsourced Services - responsibilities for both the enterprise and the service providers
  • Waiver Procedures - process to waive security guidelines and policies,
  • Incident Reporting Procedures - process to follow when security violations occur
  • Access Control Guidelines - responsibilities and how to issue and manage badges / passwords
  • Sample Forms

    • Business and IT Impact Questionnaire
    • Threat & Vulnerability Assessment Tool
    • Security Violation Reporting form
    • Security Audit form
    • Inspection Check List
    • New Employee Security form
    • Security Access Application form

Order Security Manual Template

 

 

 

Latest News


One step to improve security on Windows based PCs

February 24th, 2014

Security Policies

If you take Windows XP out of the mix -- when Microsoft support for the archaic OS expires -- there will likely be far fewer security bulletins rated as Critical, and the idea of putting systems at risk by running with unobstructed administrator privileges will be mostly be a thing of the past.

Disaster Recovery Security Cloud DRP Security

Regardless of which version of Windows you use, though, the Avecto report underscores a very simple reality. An attacker can typically only execute malicious code in the context of the currently logged in user, and if that user is a standard user without access to critical system functions, and with no ability to run unknown software without explicit administrator permission, most threats would be rendered harmless.

Order Security ManualTable of Contents

- more info

New job title - Chief Digital Officer - CDO

February 13th, 2014

The job of chief digital officer (CDO) has recently emerged as a new role on the leadership team, as organizations are looking to bring in digital capabilities and seeing the need for an executive with a new set of competencies that combines strategy, marketing, and technology. Many are considering hiring or have already hired a digital leader to oversee enterprisewide digital strategy.

Position Descriptions IT Salary Survey

263 IT Job Descriptions and Organization Charts

The Internet and IT Position Descriptions HandiGuide® was completed in 2014 and is over 700 pages; which includes sample organization charts, a job progression matrix, and 263 Internet and IT job descriptions.   The book also addresses Fair Labor Standards, the ADA, and is in a new easier to read format

BuyTable of Contents
- more info

Security Tip - Always Check Credentials

February 5th, 2014

Security ManualAlways Check Credentials. The receptionist's PC had been running slowly, so he was pleased when a woman arrived and announced that she was a technician. She dropped the name of the IT manager and said, "Don't bother logging off, I'll only be a few minutes." Ten minutes later she was gone - along with a bunch of confidential documents.

Order Security ManualTable of Contents

Those documents enabled an unscrupulous competitor to beat the company to a lucrative contract. If the receptionist had checked the technician's credentials with the IT Manager, the security breach could have been avoided. Not only did the receptionist learn a lesson; the company also learned that they should control access to sensitive information!

- more info

10 Backup Best Practices supplementing a disaster recovery and business continuity solution with the cloud

February 3rd, 2014

10 Backup Best Practices supplementing a disaster recovery and business continuity solution with the cloud

10 Backup best practices -  supplementing a disaster recovery and business continuity back-up solution with the cloud Backup best practices are used by many CIOs who want to improve their ability to recover from system failures and data loss. This … Continue reading

 Order Disaster Plan TemplateDisaster Plan Sample
- more info

Change the combination on opened laptop locks

January 15th, 2014

Security ManualWhen laptops have cables with combination locks for securing their devices at their workstation, they always remember to turn the tumblers when they secure the laptop. But what happens when they unsecure the laptop? Many people won't turn the tumblers on the opened lock because it is much easier to lock the laptop later if the combination is already set. About half a dozen laptops in our office disappeared one day. The laptops were stolen by someone who came by when the laptops were not there and noted the combination. They came back later when the laptops were there and used the combination they had noted earlier.

Order Security ManualTable of Contents

- more info

Cyber-Attack Digest

December 19th, 2013

Cyber-Attack Digest - recent articles:

  1. Anatomy of a Chinese Cyber Attack  Cyber Attack — How the Chinese do it… A Chinese cyber Attack (a Stuxnet-style attack) frequently makes its first entry into a company’s secure network...
  2. Cyber attacks are on the rise  Cyber attacks are more extensive as the criminal element moves in Cyber attacks and threats to networks and enterprise data are not going away. Risk...
  3. Security cyber war recent articles Cyber war  continues Cyber war and security recent postings: CIOs worry more about cyber threats with mobile computing  Cyber threats are now a much greater...
  4. CIOs worry more about cyber threats with mobile computing Cyber threats are now a much greater concern with the expansion of the use of mobile devices and services. At the same time online criminals...
  5. Life cycle for business continuity and security breaches are the same  When a security breach or business interruption occur, the life cycle from the start to the end are the same.  First and foremost you must...
Order Security TemplateTable of Contents
- more info

Infrastructure and Other Top CIO concerns

December 14th, 2013

As profitability is more difficult to find than prior to the financial crisis, 2014 will be a year of foundational investment for the financial markets, with the primary focus on investment in IT infrastructure, according to new research from Ovum.

IT InfrastructureThis investment is required for finding new opportunities to drive profit, by moving into new markets, trading venues, geographies and asset classes. Over two thirds of respondents queried on infrastructure spending forecasted an increase of between one and six percent in their outlay.

Meanwhile, the ongoing volatility in global markets is making profitability a challenge and, as a result, customer loyalty is declining. As neither the buy side nor the sell side can guarantee profit margins in current market conditions, both sides are set to invest in IT systems that improve service levels in the hope that it positively impacts customer satisfaction and ultimately customer loyalty.

Order IT Infrastructure KitDownload Infrastructure


"Financial markets will face two main challenges in 2014, with the difficulties of achieving profits in a post-financial crisis environment and complying with the ever-increasing raft of rules and regulations," says a senior analyst, financial services technology at Ovum. "This will drive an increase in IT infrastructure spending, as well as a focus on servicing systems to improve customer loyalty levels.

'Regulatory compliance will continue to be a particularly large area of spending. The ever-increasing range of rules and regulations is requiring large investments and is currently consuming as much as 40% of overall IT budgets across the financial markets.'

- more info

CIOs are paid to lead

November 5th, 2013
A CIO is paid to lead. But it's difficult to do so when you don't have the right organizational structure in place. A house, after all, is only as strong as its foundation. So whether you're "the new guy" as a CIO or you've worked within your current position for a year or longer, you should carefully consider the following nine winning organizational moves to implement for your IT department. As compiled by Janco Associates, the best practices here aren't the stuff of rocket science (even if you happen to supervise a number of rocket scientists). Instead, they're a useful collection of suggestions that cover both the big picture, such as alignment with company-wide strategies, and the day-to-day, like assigning key roles to your employees. By putting the following in play, you'll find that you've covered many critical bases, including the need to delegate, develop talent, ensure business continuity, track tech trends and monitor the competition. Better yet: It's not an "all or nothing" list. You can adapt only one or two ideas and still take advantage of results. For more about Janco's list, click here. - See more at: http://www.cioinsight.com/it-management/leadership/slideshows/nine-ways-to-better-organize-your-it-department-08/#sthash.G89cO1jc.dpuf
A CIO is paid to lead. But it's difficult to do so when you don't have the right organizational structure in place. A house, after all, is only as strong as its foundation. So whether you're "the new guy" as a CIO or you've worked within your current position for a year or longer, you should carefully consider the following nine winning organizational moves to implement for your IT department. As compiled by Janco Associates, the best practices here aren't the stuff of rocket science (even if you happen to supervise a number of rocket scientists). Instead, they're a useful collection of suggestions that cover both the big picture, such as alignment with company-wide strategies, and the day-to-day, like assigning key roles to your employees. By putting the following in play, you'll find that you've covered many critical bases, including the need to delegate, develop talent, ensure business continuity, track tech trends and monitor the competition. Better yet: It's not an "all or nothing" list. You can adapt only one or two ideas and still take advantage of results. For more about Janco's list, click here. - See more at: http://www.cioinsight.com/it-management/leadership/slideshows/nine-ways-to-better-organize-your-it-department-08/#sthash.G89cO1jc.dpuf
A CIO is paid to lead. But it's difficult to do so when you don't have the right organizational structure in place. A house, after all, is only as strong as its foundation. So whether you're "the new guy" as a CIO or you've worked within your current position for a year or longer, you should carefully consider the following nine winning organizational moves to implement for your IT department. As compiled by Janco Associates, the best practices here aren't the stuff of rocket science (even if you happen to supervise a number of rocket scientists). Instead, they're a useful collection of suggestions that cover both the big picture, such as alignment with company-wide strategies, and the day-to-day, like assigning key roles to your employees. By putting the following in play, you'll find that you've covered many critical bases, including the need to delegate, develop talent, ensure business continuity, track tech trends and monitor the competition. Better yet: It's not an "all or nothing" list. You can adapt only one or two ideas and still take advantage of results. For more about Janco's list, click here. - See more at: http://www.cioinsight.com/it-management/leadership/slideshows/nine-ways-to-better-organize-your-it-department-09/#sthash.lWy9izzG.dpuf
A CIO is paid to lead. But it's difficult to do so when you don't have the right organizational structure in place. A house, after all, is only as strong as its foundation. So whether you're "the new guy" as a CIO or you've worked within your current position for a year or longer, you should carefully consider the following nine winning organizational moves to implement for your IT department. As compiled by Janco Associates, the best practices here aren't the stuff of rocket science (even if you happen to supervise a number of rocket scientists). Instead, they're a useful collection of suggestions that cover both the big picture, such as alignment with company-wide strategies, and the day-to-day, like assigning key roles to your employees. By putting the following in play, you'll find that you've covered many critical bases, including the need to delegate, develop talent, ensure business continuity, track tech trends and monitor the competition. Better yet: It's not an "all or nothing" list. You can adapt only one or two ideas and still take advantage of results. For more about Janco's list, click here. - See more at: http://www.cioinsight.com/it-management/leadership/slideshows/nine-ways-to-better-organize-your-it-department-09/#sthash.pF2ECXTa.dpuf

A CIO is paid to lead. But it's difficult to do so when you don't have the right organizational structure in place. A house, after all, is only as strong as its foundation. So whether you're "the new guy" as a CIO or you've worked within your current position for a year or longer, you should carefully consider the following nine winning organizational moves to implement for your IT department.

Order CIO Job Description

Highest Paid CIOs in publicly traded companies in 2012 as reported to the SEC in 2013

CIO Lenght of Employment

As compiled by Janco Associates (www.e-janco.com), the best practices here aren't the stuff of rocket science (even if you happen to supervise a number of rocket scientists). Instead, they're a useful collection of suggestions that cover both the big picture, such as alignment with company-wide strategies, and the day-to-day, like assigning key roles to your employees. By putting the following in play, you'll find that you've covered many critical bases, including the need to delegate, develop talent, ensure business continuity, track tech trends and monitor the competition. Better yet: It's not an "all or nothing" list. You can adapt only one or two ideas and still take advantage of results.

- more info

Ethics in the business world is a complex issue

October 14th, 2013

What is right vs. wrong is pretty obvious. If it is not obvious, you have more work to do that can be shared here. The real tough decisions now are when two values that you deeply believe in are in conflict with each other. Now what do you do? How do you do it? And what tools, techniques, different training do you need to handle these tough decision.

For example: Truth vs. loyalty. How do you handle a situation when you want the truth and the person is loyal to someone or something else? What insights, techniques are available to help discern the process to make the best decision?
Or how about justice vs. mercy, what is your criteria for justice, mercy? Justice according to what, the law, code of ethics, values statement, mission statement or?? Mercy, based on what? How transparent are you as to which one you chose? If you’re not transparent, why not?

What is crucial here is that one needs to truly know what values one believes and has internalized BEFORE a situation occurs, so that there is no hesitation about what needs to do done, when it needs to be done and why it needs to be done.

IT Job Descriptions
Salary Data

IT Job DescriptionsIT Hiring KitIT Salary Survey
Download Salary Survey

- more info

New Technology - 3D Printers

September 14th, 2013

IT Infrastructure3D printers apply materials such as plastic and metal in fine layers to create objects ranging from buttons and small widgets all the way up to walls for prefabricated homes.

Although 3D printers have been in use for more than 20 years, the market has soared in the last few years as companies buy the devices to make prototypes of planned new products, and to quickly launch full-scale production.

Recently, home 3D printers selling for less than $1,000 have let consumers make replacement parts for appliances, toys, decoration and other items at home. The market is expected to see strong long-term growth.

Order IT Infrastructure KitDownload Infrastructure


- more info