document

Download free Information Security Classification and SOX Sensitive Information Standards Policy. This Policy classify the Information Security Sensitive Information as 4 level:

High:
The unauthorised disclosure of information could be expected to have a severe or catastrophic adverse effect on [COMPANY NAME]'s operations, assets, or on individuals.

Moderate:
The unauthorised disclosure of information could be expected to have a serious adverse effect on [COMPANY NAME]'s operations, assets, or on individuals.

Basic review of data flow diagrams
- Has a system boundary been included in the diagram?
- Are all data sources and recipients external to the boundary?
- Does each process name start with a strong verb, and include a noun that the verb acts upon?
- Has the location part of the process symbol been specified in physical system diagrams, and left blank in logical system diagrams?
- Does each process have input and output data flows?
- Is there an input and output to every data store (if data stores are duplicated then this may occur at different places in the DFD set)?
- Data stores should only be connected to processes (by data flows)?
- Have the data store reference letters been correctly defined, i.e.

Download Free IT Risk Register Database Template used as part of IT Risk Management process. This Risk Register help you to define and manage IT risk in your company.

1. Risk
- Failure to deliver
- New process not in place
- Programme becomes unviable
- Failure to take the opportunity to
- Building refurbishment delayed

Download Free Due Diligence Checklist Templates

A- Identification of the Company
1. Corporate name
2. Address
3. Mailing address
4. Main telephone number
5. Main telecopier number
6. Main e-mail address
7. Other (specify):

B- Identification of the Authorized Representative
8. Salutation (Mr., Ms.)
9. Representative's first name
10. Initial(s)
11. Representative's family name
12. Position held
13. Telephone number (direct line)
14. Telephone number (general)
15. Mobile telephone number
16. Pager number
17. Telecopier number
18. E-mail address (office)
19. Telephone number (residence)
20. E-mail address (residence)
21. Other (specify):

Download Free Cloud Computing IT Security Control Objectives

Asset management, access control

Data protection/segregation/encryption
To provide logical segregation of CSP customers’ data
To enable customer classification of sensitive data
To enable protection of data commensurate with risk and defined information classifications

Information systems acquisition, development, and maintenance

Encryption standards
To enable encryption of sensitive data using consistent mechanisms
To enable access to current and archived data regardless of which keys were used for encryption

Communications and operations management