ISO 27000 - 27001 & 27002
(formerly ISO 17799),
Sarbanes Oxley, HIPAA,
PCI-DSS, and Patriot Act Compliant
Includes Audit Program for PCI DSS Compliance, HIPAA Audit Guide, and ISO 27000 Checklist
The Security Manual for the Internet and Information Technology is over 240 pages in length. This electronic document is fully compliant with the ISO 27000 standard, Sarbanes Oxley, HIPAA standard, and the Patriot Act.
All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley compliance. In addition, the Security Manual Template PREMIUM Edition contains detail job descriptions that apply specifically to security and Sarbanes Oxley. The job descriptions are:
- Chief Security Officer (CSO)
- Chief Compliance Officer (CCO)
- VP Strategy and Architecture
- Director e-Commerce
- Database Administrator
- Data Security Administrator
- Manager Data Security
- Manager Facilities and Equipment
- Manager Network and Computing Services
- Manager Network Services
- Manager Training and Documentation
- Manager Voice and Data Communication
- Manager Wireless Systems
- Network Security Analyst
- System Administrator - Unix
- System Administrator - Windows
Clients can also subscribe to Janco's Security Manual update service and receive all updates to the Security Manual Template.
The template includes everything needed to customize the Internet and Information Technology Security Manual to fit your specific requirement. The electronic document includes proven written text and examples for the following major topics for your security plan:
- Compliance to ISO 27000 (27001 & 27002), HIPAA, SOX, PCI, and the Patriot Act
- Security Manual Introduction - scope, objectives, general policy, and responsibilities
- Risk Analysis - objectives, roles, responsibilities, program requirements, and practices program elements
- Staff Member Roles - policies, responsibilities and practices
- Physical Security - area classifications, access controls, and access authority
- Facility Design, Construction and Operational Considerations - requirements for both central and remote access points
- Media and Documentation - requirements and responsibilities
- Data and Software Security - definitions, classification, rights, access control, INTERNET, INTRANET, logging, audit trails, compliance, and violation reporting and follow-up
- Network Security - vulnerabilities, exploitation techniques, resource protection, responsibilities, encryption, and contingency planning
- Internet and Information Technology contingency Planning - responsibilities and documentation requirements
- Travel and Off - Site Meetings - specifics of what to do and not do to maximize security
- Insurance - objectives, responsibilities and requirements
- Outsourced Services - responsibilities for both the enterprise and the service providers
- Waiver Procedures - process to waive security guidelines and policies,
- Incident Reporting Procedures - process to follow when security violations occur
- Access Control Guidelines - responsibilities and how to issue and manage badges / passwords
- Sample Forms
- Business and IT Impact Questionnaire
- Threat & Vulnerability Assessment Tool
- Security Violation Reporting form
- Security Audit form
- Inspection Check List
- New Employee Security form
- Security Access Application form
CIOs focus on cloud processing and outsourcing to improve productivityOctober 13th, 2014
Pervasive connectivity, advanced analytics, and increasing automation are driving rapid changes in business and placing great pressure on CIOs and CSOs. While the focus of CIOs has always been digital, digital technologies have now reached a critical mass and a tipping point that is changing how people live and work.
These changes are forcing CIOs to move beyond its traditional support role and operate on the forefront of business value delivery. CIOs must direct IT to function in two modes: operating more quickly than ever before to meet the demands for new business models and revenue acceleration while maintaining operational consistency and excellence in traditional workloads.
How to Guide for Cloud Processing and Outsourcing
"How to Guide for Cloud Processing and Outsourcing provides EVERYTHING that is needed to select a vendor, enter into an agreement, and manage the relationship," says a CIO of a Fortune 100 company.- more info
Business continuity after a disaster depends on communicationAugust 22nd, 2014
When a CEO thinks Business Continuity, he thinks of the safeguards that should be in place ensuring business operations are not disrupted. However, due to the heavy dependency on Information Technology, a business leaders first priority is to have adequate data backups in order to enable recovery in case of a disaster or any loss of data, and to ensure that systems remain available 24x7.
The right way to evaluate the quality of your system and data protection is to evaluate the Recovery Time Objective (RTO) and Recovery Point Objective (RPO). These metrics define how long you think it will take you to get back online and how current the data has to be.
All Business Continuity Disaster Recovery Planning efforts need to encompass how employees will communicate, where they will go and how they will keep doing their jobs. The details can vary greatly, depending on the size and scope of a company and the way it does business. For some businesses, issues such as supply chain logistics are most crucial and are the focus on the plan. For others, information technology may play a more pivotal role, and the Business Continuity Disaster Recovery Plan may have more of a focus on systems recovery.more info
Best Places to Work for IT ProsJune 23rd, 2014
Internet and IT Position Descriptions HandiGuide Without good personnel no Information Technology organization can succeed. The first step in getting the right people is to know what roles and responsibilities they have. The Internet and IT Position Descriptions HandiGuide has this plus more.
- more info
- The No. 1 large place to work in IT: Quicken Loans
- The No. 1 midsize place to work in IT: LinkedIn
- The No. 1 small place to work in IT: Noah Consulting
- Ira S. Wolfe: Companies can't thrive when generations bicker
- Best Places by the numbers: What IT employees want, what employers offer
- Best Places to Work in IT 2014: The three best organizations
- Best Places spotlight: Kimpton Hotels & Restaurants aims for well-rounded workers
- Best Places spotlight: Career development is a strong suit at Caesars Entertainment
- Best Places spotlight: Independence reigns at NASA's Jet Propulsion Laboratory
- Best Places spotlight: VMware encourages tech workers to explore ideas
- Best Places spotlight: A 'get-involved' attitude reigns at International Paper
- Best Places spotlight: At HCA, IT employees have a chance to make an impact
- Best Places spotlight: Paychex invests in, encourages tech innovation
- Best Places spotlight: AMC Theatres attracts IT pros with cutting-edge tech
- Best Places spotlight: Johnsonville Sausage gives IT pros autonomy
- Best Places spotlight: Problem-solving is Job 1 at Janney Montgomery Scott
- Best Places spotlight: Top benefits and perks keep Clearlink staffers happy
- Best Places spotlight: Sev1Tech offers top benefits and career development
- Best Places spotlight: Connectria's 'no jerks' policy draws a better IT crowd
- Best Places spotlight: At Radiant Logic, technologists manage their own projects
Intellectual property theft is a major security risk that all companies faceMarch 24th, 2014
For many companies, in particular in industries like pharmaceuticals, software development, or entertainment, their intellectual property is more valuable than any physical asset. And with the increasing need to collaborate with external business partners to accelerate product life cycles and enhance innovation, there is a greater risk for sensitive information to be compromised.
With identify theft and cyber attacks on the rise, you're facing new pressures to protect sensitive information. In fact, in 46 states have now passed data security laws that apply to companies that do business with residents of those states. These laws are designed to protect residents against identity theft by mandating security practices
- Implementing an information security program
- Encrypting data
- Notifying customers in the event of a security breach that compromises unencrypted personal information
One step to improve security on Windows based PCsFebruary 24th, 2014
If you take Windows XP out of the mix -- when Microsoft support for the archaic OS expires -- there will likely be far fewer security bulletins rated as Critical, and the idea of putting systems at risk by running with unobstructed administrator privileges will be mostly be a thing of the past.
Regardless of which version of Windows you use, though, the Avecto report underscores a very simple reality. An attacker can typically only execute malicious code in the context of the currently logged in user, and if that user is a standard user without access to critical system functions, and with no ability to run unknown software without explicit administrator permission, most threats would be rendered harmless.more info
New job title - Chief Digital Officer - CDOFebruary 13th, 2014
The job of chief digital officer (CDO) has recently emerged as a new role on the leadership team, as organizations are looking to bring in digital capabilities and seeing the need for an executive with a new set of competencies that combines strategy, marketing, and technology. Many are considering hiring or have already hired a digital leader to oversee enterprisewide digital strategy.
263 IT Job Descriptions and Organization Charts
The Internet and IT Position Descriptions HandiGuide® was completed in 2014 and is over 700 pages; which includes sample organization charts, a job progression matrix, and 263 Internet and IT job descriptions. The book also addresses Fair Labor Standards, the ADA, and is in a new easier to read format.more info
Security Tip - Always Check CredentialsFebruary 5th, 2014
Always Check Credentials. The receptionist's PC had been running slowly, so he was pleased when a woman arrived and announced that she was a technician. She dropped the name of the IT manager and said, "Don't bother logging off, I'll only be a few minutes." Ten minutes later she was gone - along with a bunch of confidential documents.
Those documents enabled an unscrupulous competitor to beat the company to a lucrative contract. If the receptionist had checked the technician's credentials with the IT Manager, the security breach could have been avoided. Not only did the receptionist learn a lesson; the company also learned that they should control access to sensitive information!- more info
10 Backup Best Practices supplementing a disaster recovery and business continuity solution with the cloudFebruary 3rd, 2014
10 Backup Best Practices supplementing a disaster recovery and business continuity solution with the cloud
10 Backup best practices - supplementing a disaster recovery and business continuity back-up solution with the cloud Backup best practices are used by many CIOs who want to improve their ability to recover from system failures and data loss. This Continue reading
- more info
- Disaster Recovery Business Continuity Template
- Disaster Recovery Business Continuity Audit Program
- Disaster Recovery Remote Sites
- Disaster Recovery Business Continuity Template and Security Manual Template Bundle
- Disaster Recovery Business Continuity Template and Security Manual Template Audit Bundle
- Disaster Recovery Business Continuity Template and Safety Program Bundle
- Disaster Recovery Business Continuity Template, Security Manual Template, and Safety Program Bundle
- Disaster Recovery Electronic Forms
- BIA - Business Impact Analysis Methodology
- Compliance with ISO Standards
- Compliance with ISO 22301 - Business Continuity Management (BCM)
- Compliance with HIPAA Standards
- Enterprise and Worldwide License Options
Change the combination on opened laptop locksJanuary 15th, 2014
When laptops have cables with combination locks for securing their devices at their workstation, they always remember to turn the tumblers when they secure the laptop. But what happens when they unsecure the laptop? Many people won't turn the tumblers on the opened lock because it is much easier to lock the laptop later if the combination is already set. About half a dozen laptops in our office disappeared one day. The laptops were stolen by someone who came by when the laptops were not there and noted the combination. They came back later when the laptops were there and used the combination they had noted earlier.more info
Cyber-Attack DigestDecember 19th, 2013
Cyber-Attack Digest - recent articles:
- Anatomy of a Chinese Cyber Attack Cyber Attack How the Chinese do it A Chinese cyber Attack (a Stuxnet-style attack) frequently makes its first entry into a companys secure network...
- Cyber attacks are on the rise Cyber attacks are more extensive as the criminal element moves in Cyber attacks and threats to networks and enterprise data are not going away. Risk...
- Security cyber war recent articles Cyber war continues Cyber war and security recent postings: CIOs worry more about cyber threats with mobile computing Cyber threats are now a much greater...
- CIOs worry more about cyber threats with mobile computing Cyber threats are now a much greater concern with the expansion of the use of mobile devices and services. At the same time online criminals...
- Life cycle for business continuity and security breaches are the same When a security breach or business interruption occur, the life cycle from the start to the end are the same. First and foremost you must...