Disaster Recovery & Business Continuity and Security Templates Audit Bundle
This bundle is fully compliant with Sarbanes-Oxley, HIPAA, PCI-DSS and the ISO 27000 Series (ISO 27001 and ISO 27002). It has been updated to reflect all of the recent legislation and other mandated requirements.
The Disaster Planning and Business Continuity Template has been selected by over 2,000 enterprises world-wide as the foundation of their DRP and BCP programs.
The Security Manual Template has just been updated to address issues such as SmartPhone and other PDAs
The Security Audit Program contains over 400 unique tasks divided into 11 areas of audit focus which are then divided into 38 separate task groupings. The audit program is one that either an external or an internal auditor can use to validate the compliance of the Information Technology and the enterprise to ISO 27000 (Formerly ISO 17799),Sarbanes-Oxley, HIPAA, and PCI-DSS.
The Disaster Recovery / Business Continuity Audit program identifies control objectives that are meet by the audit program. There are 36 specific items that the audit covers in the 11 page audit program.
The ISO 27000 series is a set of individual standards and documents defined as follows:
-
ISO 27001 - The specification for an Information Security Management System (ISMS) replaced the BS7799-2 standard.
-
ISO 27002 – The ISO 27002 standard is a renaming of the ISO 17799 standard, which is a code of practice for information security. It outlines controls and control mechanisms, which may be implemented subject to the guidance provided within ISO 27001.
-
ISO 27003 – This is a PROPOSED Standard, which has yet to be completely defined. This will be the official number of a new standard intended to offer guidance for the implementation of an ISMS (Information Security Management System). The purpose of this proposed development is to provide help and guidance in implementing ISMS. This will be a quality control standard when it is released. ISO 27003 will focus on utilizing the Plan-Do-Act-Check (PDCA) method, when establishing, implementing, reviewing, and improving the ISMS.
-
ISO 27004 - This is the designated number for a PROPOSED standard covering information security, system management, measurement, and metrics.
-
ISO 27005 – This is the name of a PROPOSED standard emerging standard covering information security risk management. As with the other standards within the ISO 27000 series, no firm dates have been established for its release. However, it will define the ISMS risk management process, including identification of assets, threats and vulnerabilities. This is the ISO number assigned for an emerging standard for information security risk management.
-
ISO 27006 - This standard offers guidelines for the accreditation of organizations that offer certification and registration with respect to ISMS.
Disaster Recovery / Business Continuity Security Audit News
Outsouring impact IT Service Management
Lack of proactive monitoring threatens end-user satisfaction and application performance
To operate a cost-effective business in todays highly competitive market, an organisation requires an extremely efficient IT infrastructure to link its data centers, business operations and globally distributed customers. All business-critical applications must run smoothly to satisfy end-users and customers service level expectations. Consequently, an enterprise's IT support services play a vital role. Many international businesses, for example, operate multiple hosted data centers and have communication rooms in many of their overseas locations. These same businesses often outsource some of their IT operations management
However, executives are concerned about poor visibility of IT infrastructure problems, high levels of service disruption, low end-user satisfaction and the impact on application availability. Visibility of an enterprise's infrastructures performance and availability are often inadequate because they have very little monitoring and performance information. Thus, they are a reactive organization. Enterprises must introduce an IT Service Transformation process to improve all aspects of IT Service Management (ITSM) and act as a foundation to monitor the critical business processes, which cover multiple applications and infrastructure integrated incident, problem and asset management.
Key objectives are to manage the infrastructure and applications proactively; generate a centralized system for their outsourced service providers; and link problems to their existing help desk.
- more infoData Breachs Costly
The financial consequences of data breaches can be severe. Many
organizations lose customers and revenue because of the violation of trust
incurred from a breach. Due to the growing number of state privacy laws, most
breaches require that those whose information is compromised must be notified.
Most organizations now pay for credit monitoring services for several years for
all those impacted by a breach -- these services typically cost about $100 per
person per year. And in some cases, organizations are subject to fines for
revealing personal information.
Security Policy Manual (policies and procedures template) is over 240 pages in length. All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley compliance). In addition, the Security Manual Template PREMIUM Edition contains 16 detail job descriptions that apply specifically to security and Sarbanes Oxley, ISO 27000 (ISO27001 and ISO27002), PCI-DSS, and HIPAA. Data Protection is a priority and security myths need to addressed.
- more infoDow sinks over 600 points as China and Obama square off
WASHINGTON-- The Dow skids by over 600 points as the Obama
adminsitration squares off with China. China responds with "no more
loans".
U.S. Internet companies might soon need to find a new strategy for dealing with China.
In announcing that it is now U.S. policy to advocate a free and open Internet around the world, Secretary of State Hillary Rodham Clinton on Thursday essentially dared U.S. companies to follow Google's lead and put an end to their complicit censorship of Internet content. Google has said it will shut down its Chinese search engine if it can't find a way to offer an uncensored version under Chinese law, and while no one else has jumped on that bandwagon, they may soon have little choice.
"We are urging U.S. media companies to take a proactive role in challenging foreign governments' demands for censorship and surveillance. The private sector has a shared responsibility to help safeguard free expression. And when their business dealings threaten to undermine this freedom, they need to consider what's right, not simply what's a quick profit," Clinton said in remarks Thursday at the Newseum, before an audience including members of Congress, representatives from nonprofit groups, and perhaps more than one Internet company executive forced to ponder the meaning of that paragraph.
Clinton stopped short of actually proposing regulations or sanctions on Internet companies that comply with censorship laws. But her tone was clear: it's now the policy of the U.S. government to renounce corporate "engagement," or the belief that by merely being in countries like China, U.S. Internet companies are helping expand access to information.
Will it work? Google, Microsoft, and Yahoo have already formed the Global Network Initiative, a consortium of companies and organizations designed to provide guidelines for operating in countries with authoritarian governments without turning into tools of those governments. Clinton acknowledged the work of the GNI during her speech, but is calling on companies to do more.
- more infoFirefox plugs away in a tough market
Mozilla released a second release candidate of Firefox 3.6 browser, a modest upgrade that embodies Mozilla's effort to increase the frequency the open-source browser is developed.
The president of Firefox, announced second Firefox 3.6 release candidate Sunday but didn't share details. The release notes were equally mum, but the update process called the new software a "security and stability update."
The software is available from Mozilla's download site. More than 1 million people are testing Firefox 3.6 at present, and more than 300 million overall use Firefox, Mozilla said.
The new version includes Personas to let people customize the browser's appearance; blocks third-party software from encroaching on its file system turf to increase stability; and--perhaps most significantly given the competitive threat from Google Chrome--shortens start-up time and improves responsiveness and JavaScript performance.
- more infoWireless spectrum may be overloaded
The
FCC has identified the limited supply of wireless spectrum as one of the factors
that could limit the growth of broadband Internet services in the U.S., which
could result in slower economic growth and job creation.
Wireless spectrum will be addressed, along with other factors affecting broadband access and services, in a national broadband plan that the FCC is now assembling. The plan was originally due to be completed next month, but the FCC received a 30-day extension from the U.S. Congress.
The wide array of devices on display at CES that rely on wireless broadband underscores the urgency of resolving the spectrum issue, Genachowski said. "The wireless infrastructure in the U.S. will be our platform for ongoing innovation and investment," he said.
With the explosion of technology into every facet of the day-to-day business environment there is a need to define an effective infrastructure to support operating environment; have a strategy for the deployment and technology; and clearly define responsibilities and accountabilities for the use and application of technology.
- more info