security

Download free Information Security Classification and SOX Sensitive Information Standards Policy. This Policy classify the Information Security Sensitive Information as 4 level:

High:
The unauthorised disclosure of information could be expected to have a severe or catastrophic adverse effect on [COMPANY NAME]'s operations, assets, or on individuals.

Moderate:
The unauthorised disclosure of information could be expected to have a serious adverse effect on [COMPANY NAME]'s operations, assets, or on individuals.

Download Free IT Risk Register Database Template used as part of IT Risk Management process. This Risk Register help you to define and manage IT risk in your company.

1. Risk
- Failure to deliver
- New process not in place
- Programme becomes unviable
- Failure to take the opportunity to
- Building refurbishment delayed

The Federal Desktop Core Configuration (FDCC) is a security configuration that must be enabled on any desktop that connects to a federal network. FDCC began with a 2007 memorandum by the United States Office of Management and Budget (OMB). That memo discusses the need for a centralization of effort in defining a central configuration for all desktops contained within federal IT environments. Such a unified configuration would strengthen federal IT security by mandating a tested configuration across all federal IT organizations.

This configuration would additionally provide a standardized starting point for external vendors, easing their process with developing solutions that work across the whole of government IT. In conjunction with the FDCC, the OMB also began work on the Security Content Automation Protocol (SCAP), a cross platform vulnerability management protocol that enables outside vendors to validate their productsf functionality with FDCC desktops as well as other regulations required by government systems.

Download Free Cloud Computing IT Security Control Objectives

Asset management, access control

Data protection/segregation/encryption
To provide logical segregation of CSP customers’ data
To enable customer classification of sensitive data
To enable protection of data commensurate with risk and defined information classifications

Information systems acquisition, development, and maintenance

Encryption standards
To enable encryption of sensitive data using consistent mechanisms
To enable access to current and archived data regardless of which keys were used for encryption

Communications and operations management

WebTrust is AICPA/CICA audit framework, intended to focus on e-commerce services.often where there is a direct interaction with individual end users. WebTrust utilizes the same criteria as SysTrust (the Trust Services Security, Availability, Confidentiality and Processing Integrity principles and criteria). It can also include privacy criteria (based on the Generally Accepted Privacy Principles) where the service provider is interacting with and collecting personal information from individual end users in accordance with a Privacy Policy.. WebTrust results in an audit report indicating whether the specific criteria were met.

WebTrust topics covered by generally accepted privacy principles:
- Management
- Notice
- Choice and consent
- Collection