security

List of Information System Logs that required during Security Assessment

1. Authentication server or system logs may include successful and failed authentication attempts.

2. System logs may include system and service startup and shutdown information, installation of unauthorized software, file accesses, security policy changes, account changes (e.g., account creation and deletion, account privilege assignment), and privilege use.

3. Intrusion detection and prevention system logs may include malicious activity and inappropriate use.

UK Law Computer Misuse Act 1990 and 2006 is an Act to make provision for securing computer material against unauthorised access or modification; and for connected purposes. Detail of legislation can be download here:
http://www.opsi.gov.uk/acts/acts1990/ukpga_19900018_en_1.htm

Basically this Law govern there things:

1. Unauthorized access
You need to be able to prove the suspect knew his access was not authorized. The maximum prison sentence is six months imprisonment or £5000 or both.

Download Free Samples of Information Technology Technical Skills Matrix Template. If you're a company want to assess the skill level of your employee. Or you just an HR Department who trying to create a balanced score card system then you can simplyfing it by creating IT Skill Matrix like this.

This skills matrix contain requirement such as:
Administration
- Database
- Network or Operating System
- SAP Basis, SIEBEL

Download Free ISO 27001 Information Security Management Framework Compliance Report Template

This ISO 27001 Information Security Management Framework Compliance Report Template would typically form part of the suite of reports completed by a department in the course of preparation for response to ISO 27001 / 17799 Information Security Management System.

Download Free IT Security Plan Template

The purpose of the system security plan (SSP) is to provide an overview of federal information system security requirements and describe the controls in place or planned to meet those requirements. The SSP also delineates responsibilities and expected behavior of all individuals who access the information system and should be viewed as documentation of the structured process for planning adequate, cost-effective security protection for a major application or general support system. It should reflect input from various managers with responsibilities concerning the information system, including information owner(s), system owner(s), system operator(s), and the information security manager. Additional information may be included in the basic plan, and the structure and format organized according to requirements.