Download free Information Security Classification and SOX Sensitive Information Standards Policy. This Policy classify the Information Security Sensitive Information as 4 level:

High:
The unauthorised disclosure of information could be expected to have a severe or catastrophic adverse effect on [COMPANY NAME]'s operations, assets, or on individuals.

Moderate:
The unauthorised disclosure of information could be expected to have a serious adverse effect on [COMPANY NAME]'s operations, assets, or on individuals.

Basic review of data flow diagrams
- Has a system boundary been included in the diagram?
- Are all data sources and recipients external to the boundary?
- Does each process name start with a strong verb, and include a noun that the verb acts upon?
- Has the location part of the process symbol been specified in physical system diagrams, and left blank in logical system diagrams?
- Does each process have input and output data flows?
- Is there an input and output to every data store (if data stores are duplicated then this may occur at different places in the DFD set)?
- Data stores should only be connected to processes (by data flows)?
- Have the data store reference letters been correctly defined, i.e.

Download Free IT Risk Register Database Template used as part of IT Risk Management process. This Risk Register help you to define and manage IT risk in your company.

1. Risk
- Failure to deliver
- New process not in place
- Programme becomes unviable
- Failure to take the opportunity to
- Building refurbishment delayed

Download Free Due Diligence Checklist Templates

A- Identification of the Company
1. Corporate name
2. Address
3. Mailing address
4. Main telephone number
5. Main telecopier number
6. Main e-mail address
7. Other (specify):

B- Identification of the Authorized Representative
8. Salutation (Mr., Ms.)
9. Representative's first name
10. Initial(s)
11. Representative's family name
12. Position held
13. Telephone number (direct line)
14. Telephone number (general)
15. Mobile telephone number
16. Pager number
17. Telecopier number
18. E-mail address (office)
19. Telephone number (residence)
20. E-mail address (residence)
21. Other (specify):

The Federal Desktop Core Configuration (FDCC) is a security configuration that must be enabled on any desktop that connects to a federal network. FDCC began with a 2007 memorandum by the United States Office of Management and Budget (OMB). That memo discusses the need for a centralization of effort in defining a central configuration for all desktops contained within federal IT environments. Such a unified configuration would strengthen federal IT security by mandating a tested configuration across all federal IT organizations.

This configuration would additionally provide a standardized starting point for external vendors, easing their process with developing solutions that work across the whole of government IT. In conjunction with the FDCC, the OMB also began work on the Security Content Automation Protocol (SCAP), a cross platform vulnerability management protocol that enables outside vendors to validate their productsf functionality with FDCC desktops as well as other regulations required by government systems.