download

Download free Information Security Classification and SOX Sensitive Information Standards Policy. This Policy classify the Information Security Sensitive Information as 4 level:

High:
The unauthorised disclosure of information could be expected to have a severe or catastrophic adverse effect on [COMPANY NAME]'s operations, assets, or on individuals.

Moderate:
The unauthorised disclosure of information could be expected to have a serious adverse effect on [COMPANY NAME]'s operations, assets, or on individuals.

Basic review of data flow diagrams
- Has a system boundary been included in the diagram?
- Are all data sources and recipients external to the boundary?
- Does each process name start with a strong verb, and include a noun that the verb acts upon?
- Has the location part of the process symbol been specified in physical system diagrams, and left blank in logical system diagrams?
- Does each process have input and output data flows?
- Is there an input and output to every data store (if data stores are duplicated then this may occur at different places in the DFD set)?
- Data stores should only be connected to processes (by data flows)?
- Have the data store reference letters been correctly defined, i.e.

Download Free IT Risk Register Database Template used as part of IT Risk Management process. This Risk Register help you to define and manage IT risk in your company.

1. Risk
- Failure to deliver
- New process not in place
- Programme becomes unviable
- Failure to take the opportunity to
- Building refurbishment delayed

Download Free Cloud Computing IT Security Control Objectives

Asset management, access control

Data protection/segregation/encryption
To provide logical segregation of CSP customers’ data
To enable customer classification of sensitive data
To enable protection of data commensurate with risk and defined information classifications

Information systems acquisition, development, and maintenance

Encryption standards
To enable encryption of sensitive data using consistent mechanisms
To enable access to current and archived data regardless of which keys were used for encryption

Communications and operations management

Download Free IT Risk Analysis Templates

Risk 1: Data corruption through loss or alteration of data without the application’s knowledge and consent
Source:
1. Faulty hardware (bit loss or incorrect ordering)
2. Software bugs (unexpected conditions reached and responded to incorrectly)
3. User or IT administrator error (accidental file deletion)

Risk 2: Downtime and/or data corruption through application errors