Download Free The Information Security Governance (ISG) Assessment Tool and Information Security Framework.
This tools covers:
1. Information Technology Security Framework
2. Information Technology Security Environment - A Framework
- Regulation: Federal mandate (FM), state mandate (SM), HIPAA, FERPA, GLB, SOX
- ISO Standard: ISO reference number for audit compliance
3. Risk Assessment Calculations
4. Scoring Tools
Download Free Acceptable Use Policy Template
The purpose of this policy is to establish acceptable and unacceptable use of electronic devices and network resources at [Company Name] in conjunction with its established culture of ethical and lawful behavior, openness, trust, and integrity.
[Company Name] provides computer devices, networks, and other electronic information systems to meet missions, goals, and initiatives and must manage them responsibly to maintain the confidentiality, integrity, and availability of its information assets. This policy requires the users of information assets to comply with company policies and protects the company against damaging legal issues.
Download Free Information Security Plan
Roles and Responsibilities
Note to agencies - These role descriptions come from the statewide information security policies and are presented here simply as an example. Agencies should adjust these descriptions as necessary to best meet their business environment and include any additional roles that have been identified in the agency that apply such as Security Officer, Privacy Officer, etc.
Agency Director: Responsible for information security in the agency, for reducing risk exposure, and for ensuring the agency's activities do not introduce undue risk to the enterprise. The director also is responsible for ensuring compliance with state enterprise security policies, standards, and security initiatives, and with state and federal regulations.
Download Free Corporate Information Security Policy Template
The purpose of this policy is to protect from all threats, whether internal or external, deliberate or accidental, the information assets of:
Download Free Database Server Disaster Recovery Plan Presentation
Sample of Database Server Disaster Event:
- Data are deleted from a critical application table
- Perform point-in-time recovery to time of problem
- A network hardware failure prevents a database server from being accessed over network
- Wait for hardware to be replaced
- Fail over to warm standby
- Fail over to hot standby
- 2 drives fail in a RAID-5 disk array
Download Free Business Impact Analysis and Risk Assessment for Information Resources
Business Impact Analysis and Risk Assessment Process
The Business Impact Analysis and Risk Assessment process includes the following five parts followed by a section to document recommendations and plans. Through the process, specific business function, process, research, or extension environment that might involve information resources defined for the department will be
Download Free ISO/IEC 27001 NIST SP 800-53 Control Mapping Templates
ISO/IEC 27001 (Annex A) CONTROLS
A.5 Security Policy
A.5.1 Information security policy
A.5.1.1 Information security policy document
A.5.1.2 Review of the information security policy
A.6 Organization of information security
A.6.1.1 Management commitment to information security
A.6.1.2 Information security coordination
A.6.1.3 Allocation of information security responsibilities
A.6.1.4 Authorization process for information processing facilities
A.6.1.5 Confidentiality agreements
A.6.1.6 Contact with authorities
A.6.1.7 Contact with special interest groups
A.6.1.8 Independent review of information security
A.6.2 External Parties
A.6.2.1 Identification of risks related to external parties
A.6.2.2 Addressing security when dealing with customers
A.6.2.3 Addressing security in third party agreements
Download Free ISO 27002, COBIT, PCI-DSS 1.2, FFIEC Examination Handbooks Mapping Templates
INDUSTRY RELEVANCE DOCUMENT:
MAPPING OF THE SHARED ASSESSMENTS SIG TO THE AUP, ISO 27002, COBIT, PCI-DSS 1.2 AND FFIEC EXAMINATION HANDBOOKS
This document provides a linkage between the Shared Assessments Standardized Information Gathering (SIG) Questionnaire and certain federal regulatory requirements and international standards. This linkage is presented in the form of a "map" that highlights the overlap between the SIG's controls questions and specific requirements for the other standards.
Download Free HIPAA Security Assessment Questionnaire
HIPAA/HITECH SECURITY AND BREACH NOTIFICATION RULES:
CROSSWALK TO THE SHARED ASSESSMENTS STANDARDIZED INFORMATION GATHERING (SIG) QUESTIONNAIRE (VERSION 5.0)
This document provides a linkage between certain federal regulatory requirements pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), and the Shared Assessments Program Standardized Information Gathering (SIG) questionnaire v5.0. This linkage is presented in the form of a "crosswalk" that highlights the potential overlap between the SIG's controls questions and specific requirements for information security and breach notification for entities subject to HIPAA/HITECH.
Download Free PCI DSS Card Data Security Responsibilities
The key responsibilities in connection with the policy for card data security are given below.
Heads of Departments and Units
Heads of Departments and Units are responsible for ensuring that this policy is adhered to, in particular the policies on:
- Receiving card data
- Transmitting card data
- Processing card data
- Storage of card data