Disaster Recovery & Business Continuity and Security Templates Audit Bundle
This bundle is fully compliant with Sarbanes-Oxley, HIPAA, PCI-DSS and the ISO 27000 Series (ISO 27001 and ISO 27002). It has been updated to reflect all of the recent legislation and other mandated requirements.
The Disaster Planning and Business Continuity Template has been selected by over 2,000 enterprises world-wide as the foundation of their DRP and BCP programs.
The Security Manual Template has just been updated to address issues such as SmartPhone and other PDAs
The Security Audit Program contains over 400 unique tasks divided into 11 areas of audit focus which are then divided into 38 separate task groupings. The audit program is one that either an external or an internal auditor can use to validate the compliance of the Information Technology and the enterprise to ISO 27000 (Formerly ISO 17799),Sarbanes-Oxley, HIPAA, and PCI-DSS.
The Disaster Recovery / Business Continuity Audit program identifies control objectives that are meet by the audit program. There are 36 specific items that the audit covers in the 11 page audit program.
The ISO 27000 series is a set of individual standards and documents defined as follows:
-
ISO 27001 - The specification for an Information Security Management System (ISMS) replaced the BS7799-2 standard.
-
ISO 27002 – The ISO 27002 standard is a renaming of the ISO 17799 standard, which is a code of practice for information security. It outlines controls and control mechanisms, which may be implemented subject to the guidance provided within ISO 27001.
-
ISO 27003 – This is a PROPOSED Standard, which has yet to be completely defined. This will be the official number of a new standard intended to offer guidance for the implementation of an ISMS (Information Security Management System). The purpose of this proposed development is to provide help and guidance in implementing ISMS. This will be a quality control standard when it is released. ISO 27003 will focus on utilizing the Plan-Do-Act-Check (PDCA) method, when establishing, implementing, reviewing, and improving the ISMS.
-
ISO 27004 - This is the designated number for a PROPOSED standard covering information security, system management, measurement, and metrics.
-
ISO 27005 – This is the name of a PROPOSED standard emerging standard covering information security risk management. As with the other standards within the ISO 27000 series, no firm dates have been established for its release. However, it will define the ISMS risk management process, including identification of assets, threats and vulnerabilities. This is the ISO number assigned for an emerging standard for information security risk management.
-
ISO 27006 - This standard offers guidelines for the accreditation of organizations that offer certification and registration with respect to ISMS.
Disaster Recovery / Business Continuity Security Audit News
What is the Chief Technology Officer's (CTO) Role
The
Chief Technology Officer (CTO) is responsible for overall direction of all
technology functions associated within the enterprise. This includes Information Technology
applications, communications (voice, data, and wireless), and computing services
within the enterprise that impact the both the enterprise, its products and its
customers. As the top technical
architect of the enterprise he or she provides a vision of how technology can be
applied. These areas include
product design, customer interactions with the enterprise, IT operating systems,
communications (voice, data, and wireless), transaction processing and database
administration, compliance with all mandated requirements, the information
center, personal computers, electronic and optical storage, and multimedia
applications.
You can get more by getting the Internet and Information Technology Position Descriptions Handiguide - 2010 version.
- more infoVirtualization improves disaster planning and change control
IT has been reported that organizations implementing
virtualization often experience less server downtime than organizations
not deploying virtualization, and many have taken steps to provide better
disaster recovery than they could have in an unvirtualized environment.
Several surveys show that virtualized environments experience between
35% to 40% fewer server outage hours per year than unvirtualized
environments.
The reasons often given are:
- Simplification - Virtualization allows more OS workloads and more applications per server. This results in fewer servers and more standardization, which results in easier provisioning of new or redeployed applications.
- Independence - Since the OS/application workload does not tie to a specific physical server, IT Management can migrate their workload from server to server thus becoming free a particular server. This facilitates the ability to dynamically migrate applications from an overused or failing server to a healthy server, avoiding outage.
- Flexibility - Virtualization simplifies the process of initiating an OS/application. This enables IT management to have options for locating the OS/application on a particular physical server. In that way IT Managers can easily suspend, relocate, and restart applications that are degrading on a server.
- Better Change Management - Virtualization makes it easier for system administrators to set up a replicate test OS image, which makes it easier to fully regression test new configurations (new application releases, new software versions, etc.). Fuller regression testing of new configurations results in fewer defects encountered in production.
I.T. hiring picks up
Salaries and hiring are both on the rise, Janco reports.
The I.T. jobs outlook is strongest among large companies, where many chief information officers have received the go-ahead to fulfill I.T. positions that were left unfulfilled last year, Janco Associates Inc., a management consulting firm specializing in information systems technology, says in its Mid-Year 2010 IT Salary Survey report.
In contrast, technology executives at smaller companies are being more cautious about hiring out of concern that the economic recovery will not be strong enough to support increased I.T. spending, the survey found.
Nonetheless, most chief information officers who participated in the survey said in post-survey interviews that theyre planning for 2011 with the assumption that the economy will improve early next year. If that holds true, I.T. hiring and compensation should rise for more companies, Janco says
- more infoConsequences of too much social networking
Facebook, MySpace, and other social networking sites make it easy to share information with friends. If you are not utilizing safety features and precautions, however, you are also sharing that information with strangers. Posting too much information on your profile can have consequences that reach all the way from your bank account to your future employment prospects.
According to Consumer Reports, in the last year 9 percent of social network users experienced some form of abuse, such as malware infections, scams, identity theft, or harassment. Many of these incidents are preventable, if you educate yourself about what to do and what not to do on social networking sites.
Similarly, an increasing number of prospective employers are turning to social networking sites to research applicants. Does your profile represent you the same way you would represent yourself in an interview?
- more infoChallenges CIOs face
CIOs are now challenged more than any time in the past with the economic earthquake around the globe CIOs have to be smarter, creative and innovative. The only way for CIOs to survive the world economic reset in a knowledge age is to capitalize on our human capital, put their staffs creativity to work, stoke our innovative furnace. There are many ways to fuel the creative fires - from management techniques, to team building, and effectively leveraging existing and emerging technological investments. However, the key is infrastructure. CIOs that have a one that address metrics, change management, version control, system development methodology, service management, and human resources have a better chance to make it through these tough times.