guidelines

Download free Information Security Classification and SOX Sensitive Information Standards Policy. This Policy classify the Information Security Sensitive Information as 4 level:

High:
The unauthorised disclosure of information could be expected to have a severe or catastrophic adverse effect on [COMPANY NAME]'s operations, assets, or on individuals.

Moderate:
The unauthorised disclosure of information could be expected to have a serious adverse effect on [COMPANY NAME]'s operations, assets, or on individuals.

The Federal Desktop Core Configuration (FDCC) is a security configuration that must be enabled on any desktop that connects to a federal network. FDCC began with a 2007 memorandum by the United States Office of Management and Budget (OMB). That memo discusses the need for a centralization of effort in defining a central configuration for all desktops contained within federal IT environments. Such a unified configuration would strengthen federal IT security by mandating a tested configuration across all federal IT organizations.

This configuration would additionally provide a standardized starting point for external vendors, easing their process with developing solutions that work across the whole of government IT. In conjunction with the FDCC, the OMB also began work on the Security Content Automation Protocol (SCAP), a cross platform vulnerability management protocol that enables outside vendors to validate their productsf functionality with FDCC desktops as well as other regulations required by government systems.

Download Free GLBA Compliance Risk Assessment Templates for Banking and Financial Institution.
Administrative Safeguards
1) Do you check references prior to hiring employees who will have access to customer information?
2) Do you ask every new employee to sign an agreement to follow your organization's confidentiality and security standards for handling customer information
3) Do you train employees to take basic steps to maintain the security, confidentiality and integrity of customer information, such as:
a. locking rooms and file cabinets where paper records are kept;
b. using password-activated screensavers;

Download free ITIL v3 Study Notes that covering area such as:

1. Service Strategy
1.1. Service Portfolio
1.2. Demand Management
1.3. Financial Management

2. Service Design
2.1. Service Catalogue Management
2.2. Service Level Management
2.3. Availability Management
2.4. Capacity Management
2.5. IT Service Continuity Management
2.6. Supplier Management

Twenty Most Important Controls and Metrics for Effective Cyber Defense and Continuous FISMA Compliance

Securing our Nation against cyber attacks has become one of the Nation's highest priorities. To achieve this objective, networks, systems, and the operations teams that support them must vigorously defend against external attacks. Furthermore, for those external attacks that are successful, defenses must be capable of thwarting, detecting, and responding to follow-on attacks on internal networks as attackers spread inside a compromised network.

A central tenet of the US Comprehensive National Cybersecurity Initiative (CNCI) is that "offense must inform defense". In other words, knowledge of actual attacks that have compromised systems provides the essential foundation on which to construct effective defenses. The US Senate Homeland Security and Government Affairs Committee moved to make this same tenet central to the Federal Information Security Management Act in drafting FISMA 2008. That new proposed legislation calls upon Federal agencies to:

"Establish security control testing protocols that ensure that the information infrastructure of the agency, including contractor information systems operating on behalf of the agency, are effectively protected against known vulnerabilities, attacks, and exploitations."