The Global Information Security Compliance Packet (GISCP): The World's most In-Depth set of professionally researched and developed information
|
|
- Myron Horace Booth
- 6 years ago
- Views:
Transcription
1 The Global Information Security Compliance Packet (GISCP): The World's most In-Depth set of professionally researched and developed information security policies, procedures, forms, checklists, templates, provisioning & hardening documents, and so much more.
2 In accordance with Payment Card Industry Data Security Standards (PCI DSS) requirements, [company name] has established a formal policy and supporting procedures concerning the Primary Account Number (PAN) and the system used to protect it. This policy is to be implemented immediately. It will be evaluated on a(n) [annual, semi-annual, quarterly] basis for ensuring its adequacy and relevancy regarding [company name] s needs and goals [Company name] will ensure that the Primary Account Number (PAN) and the system used to protect it adheres to the following conditions for purposes of complying with the Payment Card Industry Data Security Standards (PCI DSS) initiatives (PCI DSS Requirements and Security Assessment Procedures, Version 3.0): Render PAN unreadable anywhere it is stored (including on portable digital media, backup media, and in logs) by using any of the following approaches: o One-way hashes based on strong cryptography, (hash must be of the entire PAN) o Truncation (hashing cannot be used to replace the truncated segment of PAN) o Index tokens and pads (pads must be securely stored) o Strong cryptography with associated key-management processes and procedures. Appropriately configure, examine, and confirm system settings and all necessary configurations for system components to ensure that the PAN is rendered unreadable Examine several tables or files from a sample of data repositories to verify the PAN is rendered unreadable (that is, not stored in plain-text). Appropriately configure, examine, and confirm system settings and all necessary configurations for system components to ensure that the PAN is rendered unreadable onremovable media. Appropriately configure, examine, and confirm system settings and all necessary configurations for system components to ensure that the PAN is rendered unreadable on audit logs or removed from the logs completely (a). (b). (1). user. [Company name] has developed and implemented a comprehensive program regarding the Primary Account Number (PAN) system protection, which encompasses the categories and supporting activities listed below. These policy directives will be fully enforced by [company name] for ensuring configuration standards initiatives are executed in a formal manner and on a consistent basis for all system type of Unique Identifier or other Employee ID Number Used by Organizations & Governments all Throughout the Globe General Information for Terminated User User Name and Contact Information General User Information Guest Information Company Name Street Address City State Zip Country Name of Guest User AUTHORIZATION FORM FOR USER ACCESS GUESTS Last Name First Name Middle Name Social Security Number or Internal EMPLOYEE SEPARATION FORM Have all the following applicable due diligence procedures been executed and fully completed by to granting access for the given guest user: (1). Confirmation from authorized personnel that guest user has a valid business justification & reasoning for accessing [company name] system resources. Last Name First Name Middle Name Social Security Number, Internal Employee ID Number, Type Of User (Circle one): Employee Guest Vendor Other Requirement 3.4 Over 2,500+ Pages of Professionally Developed Security Material Primary Account Number (PAN) System Protection Policy and Procedures 3.4 Overview 3.4 Policy 3.4 Procedure Item Number (a). (b). (c). (d). (2). (3). [company name] prior Yes No N/A Date of Completion: Enter Date (2). General business due diligence checks conducted on guest user. Yes No N/A Date of Completion: Enter Date (3). Reference and Background Checks conducted on specific guest user. Yes No N/A Date of Completion: Enter Date (4). Please list any other due diligence procedures that were performed: Please provide any additional comments and/or necessary information regarding the applicable due diligence procedures: Month: Day: Year: Voluntary Involuntary If user was involuntary terminated, please provide a brief overview as to the nature and reason for this: User Information Type of User: Title Job Function Telephone Expiration Date applicable) (if Department Division Office Immediate Supervisor Secondary Supervisor Responsible for Responsible for oversight of Guest User oversight of Guest User Name: Name: Please provide a general explanation and overview of why the specified Guest User is being granted access to [company ystem name] resources: List all applicable "identities" granted to guest user: Business Justification & Reasoning: Authorization and Access Rights Date of Termination Type of Termination (Circle one): Street Address City State ZIP Country (a). (b). (c). (d). Physical Office Address Where User Resided Administrative Actions (Financial and Legal) to Initiate for Terminated User Task or Action to be Performed Date Performed Determine financial amount ("wages") that are owed to terminated user, which must include any vacation, bonuses. or any other type of compensation issue that must be factored into consideration. Determine what deductions are necessary from final amount owed to terminated user. Determine if company has any obligations to terminated user regarding stock options or any other type of other securities and/or instruments. (a). (b). (c). (d). Determine if any legal actions (i.e., civil, criminal, other) are pending or are being considered against terminated (c). (d). Determine if any non-compete, confidentiality, trade secret rights are in place and enforceable, if necessary. (a). (b). General Notes and/or Comments System Name Type of Access Duties to be Performed Other Date of Request Hundreds of Pages of Provisioning & Hardening Checklists Included! Vital for HIPAA, NIST, FISMA, Safe Harbor, SOX, PCI DSS Compliance Over 200+ High Quality Information Security Templates Great Resource for all ISO Publications A Must-Have for I.T. and Compliance Auditors Includes 175 pages and PPT Slides of Security Awareness Training Material! The Global Information Security Compliance Packet (GISCP) comes complete with over information security, operational, and business specific policies, procedures, forms, checklists, templates, provisioning and hardening documents and much more consisting of over 2,500 pages of material. Hundreds of pages of essential provisioning and hardening documents for network devices (firewalls and more), operating systems (Windows, UNIX, Linux), web servers (Apache, Tomcat, IIS), databases (Oracle, MySQL, MS SQL Server, PostgreSQL), DNS, Active Directory, MS Exchange, and more. Incredibly in-depth set of information security policies and procedures for Change Management, Incident Response, SDLC, PII, Backups, Asset Inventory, Patch Management, Vulnerability Management, Access Control, Wireless Security, Encryption, Data Backup and Recovery, Virtualization, Remote Access, and all other essential security categories and domains. Developed by leading cyber security, military, computer forensic and compliance specialists from North America, Europe and other select countries, and in accordance with industry leading, globally accepted information security benchmarks, standards, frameworks, and best practices Excellent Resource for HIPAA, NIST, FISMA, Safe Harbor, SOX, PCI DSS Compliance, FERC, NERC, Banking, Financial Services, Drug & Clinical compliance, Cloud Computing, and virtually any other global and/or regional compliance, legislative and/or industry specific mandate. Comes complete with over 500 pages of PCI DSS 3.0 information security policies, procedures, forms, checklists, and template, each mapped directly to each Requirement put forth by the Payment Card Industry Data Security Standards. Includes comprehensive Security Awareness Training Program, consisting of in-depth PowerPoint (PPT) presentation, employees training manual, certificate of acknowledgement, and more.
3 Included within the GISCP Packet are the Following Sections: Firewall Policies and Procedures Firewall Provisioning and Hardening Checklists, Forms, and Templates Routers Provisioning and Hardening Checklists, Forms, and Templates Switches Provisioning and Hardening Checklists, Forms, and Templates Microsoft Windows Server Operating System Policies and Procedures Microsoft Windows Server Provisioning and Hardening Checklists, Forms, and Templates Microsoft Active Directory Services Policies and Procedures Red Hat Linux Directory Services Policies and Procedures Microsoft Active Directory Services Provisioning and Hardening Checklists,Forms, and Templates Red Had Linux Directory Services Provisioning and Hardening Checklists, Forms, and Templates Microsoft Exchange Policies and Procedures Microsoft Exchange Provisioning and Hardening Checklists, Forms, and Templates Microsoft SharePoint Policies and Procedures Microsoft SharePoint Provisioning and Hardening Checklists, Forms, and Templates Linux Operating System Policies and Procedures Linux Operation System Provisioning and Hardening Checklists, Forms, and Templates Virtualization Policies and Procedures Virtualization Provisioning and Hardening Checklists, Forms, and Templates Database Policies and Procedures Database Provisioning and Hardening Checklists, Forms, and Templates Web Server Policies and Procedures Web Server Provisioning and Hardening Checklists, Forms, and Templates All-in-One PCI Policies Packet (Policies, Procedures, Forms, and More) Security Awareness Training Documentation Risk Management Policies and Procedures Risk Assessment Template Business Continuity and Disaster Recovery Planning (BCDRP) Documentation Systems Software Development Life Cycle (SDLC) Policies and Procedures Anti-Virus and Anti-Malware Policies and Procedures
4 Included within the GISCP Packet are the Following Sections: Access Control Policies and Procedures Change Management Policies and Procedures Configuration Management Policies and Procedures Data and Information Classification Policies and Procedures Data Backup and Recovery Policies and Procedures Domain Name Service (DNS) Policies and Procedures Domain Name Service (DNS) Provisioning and Hardening Checklists, Forms, and Templates Encryption & Key Management Policies and Procedures Fraud Manual Policies and Procedures Incident Response Policies and Procedures Information Asset Inventory Policies and Procedures Information Technology Due Diligence Network Time Synchronization (NTP) Policies and Procedures OFAC Compliance Policies and Procedures Patch Management Policies and Procedures Personally Identifiable Information (PII) Policies and Procedures Protected Health Information (PHI) Policies and Procedures Physical Security and Environmental Security Policies and Procedures Remote Access Rights Policies and Procedures Removal Media Policies and Procedures Social Media Policies and Procedures Vendor Management Policies and Procedures Vulnerability Management Policies and Procedures Wireless Security Policies and Procedures Workstation Security Policies and Procedures Usage Policies and Procedures
5 Firewall Policies and Procedures Purpose: Offer documentation that encompasses, formalizes, and documents all essential policies, procedures, and processes relating to the configuration, use, and administration of firewalls. Topics Covered: Planning, Security Categorization, Physical Security, Personnel, Security Awareness Training, Provisioning and Hardening, Reference Material, Time Synchronization, Testing, Placement within Network Architecture, Firewall Configuration and Rule sets, Documented Business Needs, Review and Auditing, Access Rights, Change Control Change Management, Patch Management, Backup and Storage, Encryption, Event Monitoring, Configuration and Change Monitoring, Logging and Reporting, Incident Response, Performance and Security Testing, Disaster Recovery, and other supporting topics. Frameworks Utilized: Developed in accordance with best practices derived from industry specific vendor administrator guides, NIST SP 800 publications, FIPS publications, ISO series of standards, COBIT, US- CERT, NSA hardening documents, DIACAP, DISA STIGs, industry leading cloud computing publications, Defense-In-Depth and Layered Security best practices, along with numerous other globally recognized benchmarks, standards, frameworks, association, and publications within the broader field of information security. Length: Ten (10) comprehensive documents, totaling approximately 253 pages. 1. Cisco PIX Firewall Policy and Procedures 2. Cisco ASA Firewall Policy and Procedures 3. Juniper Networks NetScreen & SSG Firewall Policy and Procedures 4. Linux Iptables Firewall Policy and Procedures 5. SonicWALL Firewall Policy and Procedures 6. Fortinet FortiGate Firewall Policy and Procedures 7. Palo Alto Firewall Policy and Procedures 8. Checkpoint Firewall Policy and Procedures 9. Barracuda Web Filter Firewall Policy and Procedures 10. WatchGuard Firewall Policy and Procedures
6 Firewall Provisioning and Hardening Checklists, Forms, and Templates Purpose: Provide industry leading documentation for ensuring firewalls are properly provisioned, hardened, secured, and locked down in accordance with best practices for ultimately ensuring their confidentiality, integrity, and availability (CIA). Topics Covered: Operating System Security, Systems Auditing, System Access Controls, User Account Privilege Controls, Local Security Options, and other supporing topics. Frameworks Utilized: Developed in accordance with best practices derived from industry specific vendor administrator guides, NIST SP 800 publications, FIPS publications, ISO series of standards, COBIT, US- CERT, NSA hardening documents, DIACAP, DISA STIGs, industry leading cloud computing publications, Defense-In-Depth and Layered Security best practices, along with numerous other globally recognized benchmarks, standards, frameworks, association, and publications within the broader field of information security. Length: Thirty (30) comprehensive documents, totaling approximately 125 pages. 1. Cisco PIX Firewall Provisioning and Hardening Checklist, Business Needs Checklist, Review and Audit Checklist 2. Cisco ASA Firewall Provisioning and Hardening Checklist, Business Needs Checklist, Review and Audit Checklist 3. Juniper Networks NetScreen & SSG Firewall Provisioning and Hardening Checklist, Business Needs Checklist, Review and Audit Checklist 4. Linux Iptables Firewall Provisioning and Hardening Checklist, Business Needs Checklist, Review and Audit Checklist 5. SonicWALL Firewall Provisioning and Hardening Checklist, Business Needs Checklist, Review and Audit Checklist 6. Fortinet FortiGate Firewall Provisioning and Hardening Checklist, Business Needs Checklist, Review and Audit Checklist 7. Palo Alto Firewall Provisioning and Hardening Checklist, Business Needs Checklist, Review and Audit Checklist 8. Checkpoint Firewall Provisioning and Hardening Checklist, Business Needs Checklist, Review and Audit Checklist 9. Barracuda Web Filter Firewall Provisioning and Hardening Checklist, Business Needs Checklist, Review and Audit Checklist 10. WatchGuard Firewall 1050 and 2060 Provisioning and Hardening Checklist, Business Needs Checklist, Review and Audit Checklist
7 Routers Provisioning and Hardening Checklists, Forms, and Templates Purpose: Provide industry leading documentation for ensuring routers are properly provisioned, hardened, secured, and locked down in accordance with best practices for ultimately ensuring their confidentiality, integrity, and availability (CIA). Topics Covered: Initial Hardening, System Hardening, System Access Controls, User Account Privilege Controls, Local Security Options, and much more. Frameworks Utilized: Developed in accordance with best practices derived from industry specific vendor administrator guides, NIST SP 800 publications, FIPS publications, ISO series of standards, COBIT, US- CERT, NSA hardening documents, DIACAP, DISA STIGs, industry leading cloud computing publications, Defense-In-Depth and Layered Security best practices, along with numerous other globally recognized benchmarks, standards, frameworks, association, and publications within the broader field of information security. Length: One (1) comprehensive document, totaling approximately 12 pages. 1. Cisco Routers (800, 1000, 2000, 3000 Series) Provisioning and Hardening Checklist
8 Switches Provisioning and Hardening Checklists, Forms, and Templates Purpose: Provide industry leading documentation for ensuring switches are properly provisioned, hardened, secured, and locked down in accordance with best practices for ultimately ensuring their confidentiality, integrity, and availability (CIA). Topics Covered: Initial Hardening, System Hardening, System Access Controls, User Account Privilege Controls, Local Security Options, and much more. Frameworks Utilized: Developed in accordance with best practices derived from industry specific vendor administrator guides, NIST SP 800 publications, FIPS publications, ISO series of standards, COBIT, US- CERT, NSA hardening documents, DIACAP, DISA STIGs, industry leading cloud computing publications, Defense-In-Depth and Layered Security best practices, along with numerous other globally recognized benchmarks, standards, frameworks, association, and publications within the broader field of information security. Length: Three (3) comprehensive documents, totaling approximately 47 pages. 1. Adtran Switch (Netvanta Series) Provisioning and Hardening Checklist 2. Cisco Switches (2900,3000,4000, Nexus Series) Provisioning and Hardening Checklist 3. Juniper Switch (SRX and EX Series) Provisioning and Hardening Checklist
9 Microsoft Windows Server Operating System Policies and Procedures Purpose: Offer documentation that encompasses, formalizes, and documents all essential policies, procedures, and processes relating to the configuration, use, and administration of the Microsoft server series of operation systems. Topics Covered: Data and Information Classification, Security Categorization, Physical Security, Personnel, Security Awareness Training, Provisioning and Hardening, Reference Material, Time Synchronization, Access Rights, Remote Access, Malware, Change Control Change Management, Patch Management, Backup and Storage, Encryption, Event Monitoring, Configuration and Change Monitoring, Performance and Utilization Monitoring, Logging and Reporting, Incident Response, Performance and Security Testing, Disaster Recovery, and other supporing topics. Frameworks Utilized: Developed in accordance with best practices derived from Microsoft specific administrator guides, NIST SP 800 publications, FIPS publications, ISO series of standards, COBIT, US-CERT, NSA hardening documents, DIACAP, DISA STIGs, industry leading cloud computing publications, Defense-In-Depth and Layered Security best practices, along with numerous other globally recognized benchmarks, standards, frameworks, association, and publications within the broader field of information security. Length: Three (3) comprehensive documents, totaling approximately 72 pages. 1. Windows Server 2003 (Win2K3) Policy and Procedures 2. Windows Server 2008 (Win2K8) Policy and Procedures 3. Windows Server 2008 R2 (Win2K8R2) Policy and Procedures
10 Microsoft Windows Server Provisioning and Hardening Checklists, Forms, and Templates Purpose: Provide industry leading documentation for ensuring Microsoft Operating Systems are properly provisioned, hardened, secured, and locked down in accordance with best practices for ultimately ensuring their confidentiality, integrity, and availability (CIA). Topics Covered: Operating System Security, Systems Auditing, System Access Controls, User Account Privilege Controls, Networking Security, Local Security Options, and other supporing topics. Frameworks Utilized: Developed in accordance with best practices derived from Microsoft specific administrator guides, NIST SP 800 publications, FIPS publications, ISO series of standards, COBIT, US-CERT, NSA hardening documents, DIACAP, DISA STIGs, industry leading cloud computing publications, Defense-In-Depth and Layered Security best practices, along with numerous other globally recognized benchmarks, standards, frameworks, association, and publications within the broader field of information security. Length: Three (3) comprehensive documents, totaling approximately 51 pages. 1. Windows Server 2003 (Win2K3) Provisioning and Hardening Checklist 2. Windows Server 2008 (Win2K8) Provisioning and Hardening Checklist 3. Windows Server 2008 R2 (Win2K8R2) Provisioning and Hardening Checklist
11 Microsoft Active Directory Services Policies and Procedures Purpose: Offer documentation that encompasses, formalizes, and documents all essential policies, procedures, and processes relating to the configuration, use, and administration of Microsoft Active Directory. Topics Covered: Data and Information Classification, Security Categorization, Physical Security, Personnel, Security Awareness Training, Provisioning and Hardening, Reference Material, Time Synchronization, Access Rights, Remote Access, Malware, Change Control Change Management, Patch Management, Backup and Storage, Encryption, Event Monitoring, Configuration and Change Monitoring, Performance and Utilization Monitoring, Logging and Reporting, Incident Response, Performance and Security Testing, Disaster Recovery, and other supporing topics. Frameworks Utilized: Developed in accordance with best practices derived from Microsoft specific administrator guides, NIST SP 800 publications, FIPS publications, ISO series of standards, COBIT, US-CERT, NSA hardening documents, DIACAP, DISA STIGs, industry leading cloud computing publications, Defense-In-Depth and Layered Security best practices, along with numerous other globally recognized benchmarks, standards, frameworks, association, and publications within the broader field of information security. Length: One (1) comprehensive document, totaling approximately 22 pages. 1. Microsoft Active Directory Services Policy and Procedures
12 Red Hat Linux Directory Services Policies and Procedures Purpose: Offer documentation that encompasses, formalizes, and documents all essential policies, procedures, and processes relating to the configuration, use, and administration of Red Hat Linux Directory services. Topics Covered: Data and Information Classification, Security Categorization, Physical Security, Personnel, Security Awareness Training, Provisioning and Hardening, Reference Material, Time Synchronization, Access Rights, Remote Access, Malware, Change Control Change Management, Patch Management, Backup and Storage, Encryption, Event Monitoring, Configuration and Change Monitoring, Performance and Utilization Monitoring, Logging and Reporting, Incident Response, Performance and Security Testing, Disaster Recovery, and other supporing topics. Frameworks Utilized: Developed in accordance with best practices derived from Red Hat specific administrator guides, NIST SP 800 publications, FIPS publications, ISO series of standards, COBIT, US-CERT, NSA hardening documents, DIACAP, DISA STIGs, industry leading cloud computing publications, Defense-In-Depth and Layered Security best practices, along with numerous other globally recognized benchmarks, standards, frameworks, association, and publications within the broader field of information security. Length: One (1) comprehensive document, totaling approximately 23 pages. 1. Red Hat Linux Directory Services Policy and Procedures
13 Microsoft Active Directory Services Provisioning and Hardening Checklists, Forms, and Templates Purpose: Provide industry leading documentation for ensuring Microsoft Active Directory is properly provisioned, hardened, secured, and locked down in accordance with best practices for ultimately ensuring their confidentiality, integrity, and availability (CIA). Topics Covered: Implementation, Configuration, Directory Service Integrity, and other supporing topics. Frameworks Utilized: Developed in accordance with best practices derived from Microsoft specific administrator guides, NIST SP 800 publications, FIPS publications, ISO series of standards, COBIT, US-CERT, NSA hardening documents, DIACAP, DISA STIGs, industry leading cloud computing publications, Defense-In-Depth and Layered Security best practices, along with numerous other globally recognized benchmarks, standards, frameworks, association, and publications within the broader field of information security. Length: One (1) comprehensive document, totaling approximately 11 pages. 1. Microsoft Active Directory Services Provisioning and Hardening Checklist
14 Red Had Linux Directory Services Provisioning and Hardening Checklists, Forms, and Templates Purpose: Provide industry leading documentation for ensuring Red Hat Directory is properly provisioned, hardened, secured, and locked down in accordance with best practices for ultimately ensuring their confidentiality, integrity, and availability (CIA). Topics Covered: Implementation, Configuration, Directory Service Integrity, and other supporing topics. Frameworks Utilized: Developed in accordance with best practices derived from Red Hat administrator specific guides, NIST SP 800 publications, FIPS publications, ISO series of standards, COBIT, US-CERT, NSA hardening documents, DIACAP, DISA STIGs, industry leading cloud computing publications, Defense-In-Depth and Layered Security best practices, along with numerous other globally recognized benchmarks, standards, frameworks, association, and publications within the broader field of information security. Length: One (1) comprehensive document, totaling approximately 12 pages. 1. Red Hat Linux Directory Services Provisioning and Hardening Checklist
15 Microsoft Exchange Policies and Procedures Purpose: Offer documentation that encompasses, formalizes, and documents all essential policies, procedures, and processes relating to the configuration, use, and administration of Microsoft Exchange. Topics Covered: Data and Information Classification, Security Categorization, Physical Security, Personnel, Security Awareness Training, Provisioning and Hardening, Reference Material, Time Synchronization, Access Rights, Remote Access, Malware, Change Control Change Management, Patch Management, Backup and Storage, Encryption, Event Monitoring, Configuration and Change Monitoring, Performance and Utilization Monitoring, Logging and Reporting, Incident Response, Performance and Security Testing, Disaster Recovery, and other supporing topics. Frameworks Utilized: Developed in accordance with best practices derived from Microsoft specific administrator guides, NIST SP 800 publications, FIPS publications, ISO series of standards, COBIT, US-CERT, NSA hardening documents, DIACAP, DISA STIGs, industry leading cloud computing publications, Defense-In-Depth and Layered Security best practices, along with numerous other globally recognized benchmarks, standards, frameworks, association, and publications within the broader field of information security. Length: Two (2) comprehensive documents, totaling approximately 44 pages. 1. Microsoft Exchange Policy and Procedures 2. Microsoft Exchange 2010 Policy and Procedures
16 Microsoft Exchange Provisioning and Hardening Checklists, Forms, and Templates Purpose: Provide industry leading documentation for ensuring Microsoft Exchange is properly provisioned, hardened, secured, and locked down in accordance with best practices for ultimately ensuring their confidentiality, integrity, and availability (CIA). Topics Covered: Availability, Confidentiality, Integrity, Deployment, Configuration, Unified Messaging and Information Rights Management, and other supporing topics. Frameworks Utilized: Developed in accordance with best practices derived from Microsoft specific administrator guides, NIST SP 800 publications, FIPS publications, ISO series of standards, COBIT, US-CERT, NSA hardening documents, DIACAP, DISA STIGs, industry leading cloud computing publications, Defense-In-Depth and Layered Security best practices, along with numerous other globally recognized benchmarks, standards, frameworks, association, and publications within the broader field of information security. Length: Two (2) comprehensive documents, totaling approximately 26 pages. 1. Microsoft Exchange Provisioning and Hardening Checklist 2. Microsoft Exchange 2010 Provisioning and Hardening Checklist
17 Microsoft SharePoint Policies and Procedures Purpose: Offer documentation that encompasses, formalizes, and documents all essential policies, procedures, and processes relating to the configuration, use, and administration of Microsoft SharePoint. Topics Covered: Data and Information Classification, Security Categorization, Physical Security, Personnel, Security Awareness Training, Provisioning and Hardening, Reference Material, Time Synchronization, Access Rights, Remote Access, Malware, Change Control Change Management, Patch Management, Backup and Storage, Encryption, Event Monitoring, Configuration and Change Monitoring, Performance and Utilization Monitoring, Logging and Reporting, Incident Response, Performance and Security Testing, Disaster Recovery, and other supporing topics. Frameworks Utilized: Developed in accordance with best practices derived from Microsoft specific administrator guides, NIST SP 800 publications, FIPS publications, ISO series of standards, COBIT, US-CERT, NSA hardening documents, DIACAP, DISA STIGs, industry leading cloud computing publications, Defense-In-Depth and Layered Security best practices, along with numerous other globally recognized benchmarks, standards, frameworks, association, and publications within the broader field of information security. Length: One (1) comprehensive document, totaling approximately 22 pages. 1. Microsoft SharePoint Policy and Procedures
18 Microsoft SharePoint Provisioning and Hardening Checklists, Forms, and Templates Purpose: Provide industry leading documentation for ensuring Microsoft SharePoint is properly provisioned, hardened, secured, and locked down in accordance with best practices for ultimately ensuring their confidentiality, integrity, and availability (CIA). Topics Covered: Availability, Confidentiality, Integrity, Deployment, Configuration, Unified Messaging and Information Rights Management, and other supporing topics. Frameworks Utilized: Developed in accordance with best practices derived from Microsoft specific administrator guides, NIST SP 800 publications, FIPS publications, ISO series of standards, COBIT, US-CERT, NSA hardening documents, DIACAP, DISA STIGs, industry leading cloud computing publications, Defense-In-Depth and Layered Security best practices, along with numerous other globally recognized benchmarks, standards, frameworks, association, and publications within the broader field of information security. Length: Two (2) comprehensive documents, totaling approximately 23 pages. 1. Microsoft SharePoint Provisioning and Hardening Checklist 2. Microsoft SharePoint 2010 Provisioning and Hardening Checklist
19 Linux Operating System Policies and Procedures Purpose: Offer documentation that encompasses, formalizes, and documents all essential policies, procedures, and processes relating to the configuration, use, and administration of the various Linux operation system distributions. Topics Covered: Data and Information Classification, Security Categorization, Physical Security, Personnel, Security Awareness Training, Provisioning and Hardening, Reference Material, Time Synchronization, Access Rights, Remote Access, Malware, Change Control Change Management, Patch Management, Backup and Storage, Encryption, Event Monitoring, Configuration and Change Monitoring, Performance and Utilization Monitoring, Logging and Reporting, Incident Response, Performance and Security Testing, Disaster Recovery, and other supporing topics. Frameworks Utilized: Developed in accordance with best practices derived from Linux specific administrator guides, NIST SP 800 publications, FIPS publications, ISO series of standards, COBIT, US-CERT, NSA hardening documents, DIACAP, DISA STIGs, industry leading cloud computing publications, Defense-In-Depth and Layered Security best practices, along with numerous other globally recognized benchmarks, standards, frameworks, association, and publications within the broader field of information security. Length: Three (3) comprehensive documents, totaling approximately 72 pages. 1. Linux Distributions Policy and Procedures 2. Red Hat Enterprise Linux (RHEL) 5 Policy and Procedures 3. Red Hat Enterprise Linux (RHEL) 6 Policy and Procedures
20 Linux Operation System Provisioning and Hardening Checklists, Forms, and Templates Purpose: Provide industry leading documentation for ensuring Linux operation systems are properly provisioned, hardened, secured, and locked down in accordance with best practices for ultimately ensuring their confidentiality, integrity, and availability (CIA). Topics Covered: Operating System Security, Systems Auditing, System Access Controls, User Account Privilege Controls, Networking Security, Local Security Options, and other supporing topics. Frameworks Utilized: Developed in accordance with best practices derived from Linux specific administrator guides, NIST SP 800 publications, FIPS publications, ISO series of standards, COBIT, US-CERT, NSA hardening documents, DIACAP, DISA STIGs, industry leading cloud computing publications, Defense-In-Depth and Layered Security best practices, along with numerous other globally recognized benchmarks, standards, frameworks, association, and publications within the broader field of information security. Length: Three (3) comprehensive documents, totaling approximately 50 pages. 1. Linux Distributions Provisioning and Hardening Checklist 2. Red Hat Enterprise Linux (RHEL) 5 Provisioning and Hardening Checklist 3. Red Hat Enterprise Linux (RHEL) 6 Provisioning and Hardening Checklist
21 Virtualization Policies and Procedures Purpose: Offer documentation that encompasses, formalizes, and documents all essential policies, procedures, and processes relating to the configuration, use, and administration of the various virtualization platforms currently available, such as Citrix XenServer, Microsoft Hyper-V, VMware, and Red Hat Enterprise Virtualization (RHEV). Topics Covered: Data and Information Classification, Security Categorization, Physical Security, Personnel, Security Awareness Training, Provisioning and Hardening, Hypervisor security, Guest Operating System Security, Host Operating System Security, Reference Material, Time Synchronization, Access Rights, Remote Access, Malware, Change Control Change Management, Patch Management, Backup and Storage, Encryption, Event Monitoring, Configuration and Change Monitoring, Performance and Utilization Monitoring, Logging and Reporting, Incident Response, Performance and Security Testing, Disaster Recovery, and other supporing topics. Frameworks Utilized: Developed in accordance with best practices derived from virtualization specific administrator guides, NIST SP 800 publications, FIPS publications, ISO series of standards, COBIT, US- CERT, NSA hardening documents, DIACAP, DISA STIGs, industry leading cloud computing publications, Defense-In-Depth and Layered Security best practices, along with numerous other globally recognized benchmarks, standards, frameworks, association, and publications within the broader field of information security. Length: Four (4) comprehensive documents, totaling approximately 101 pages. 1. VMware Virtualization Policy and Procedures 2. Microsoft Hyper-V Virtualization Policy and Procedures 3. Citrix XenServer Virtualization Policy and Procedures 4. Red Hat Enterprise Virtualization (RHEV) Policy and Procedures
22 Virtualization Provisioning and Hardening Checklists, Forms, and Templates Purpose: Provide industry leading documentation for ensuring various virtualization platforms are properly provisioned, hardened, secured, and locked down in accordance with best practices for ultimately ensuring their confidentiality, integrity, and availability (CIA). Topics Covered: Operating System Security, Systems Auditing, System Access Controls, User Account Privilege Controls, Networking Security, Local Security Options, and other supporing topics. Frameworks Utilized: Developed in accordance with best practices derived from virtualization specific administrator guides, NIST SP 800 publications, FIPS publications, ISO series of standards, COBIT, US- CERT, NSA hardening documents, DIACAP, DISA STIGs, industry leading cloud computing publications, Defense-In-Depth and Layered Security best practices, along with numerous other globally recognized benchmarks, standards, frameworks, association, and publications within the broader field of information security. Length: Four (4) comprehensive documents, totaling approximately 51 pages. 1. VMware Vsphere 4.0 and 5.0 Virtualization Provisioning and Hardening Checklist 2. Microsoft Hyper-V Provisioning and Hardening Checklist 3. Citrix XenServer Virtualization Provisioning and Hardening Checklist 4. Red Hat Enterprise Virtualization (RHEV) 3.0 Provisioning and Hardening Checklist
23 Database Policies and Procedures Purpose: Offer documentation that encompasses, formalizes, and documents all essential policies, procedures, and processes relating to the configuration, use, and administration of the various databases available for commercial use. Topics Covered: Data and Information Classification, Security Categorization, Physical Security, Personnel, Security Awareness Training, Provisioning and Hardening, Reference Material, Time Synchronization, Access Rights, Remote Access, Malware, Change Control Change Management, Patch Management, Backup and Storage, Encryption, Event Monitoring, Configuration and Change Monitoring, Performance and Utilization Monitoring, Logging and Reporting, Incident Response, Performance and Security Testing, Disaster Recovery, and other supporing topics. Frameworks Utilized: Developed in accordance with best practices derived from database specific administrator guides, NIST SP 800 publications, FIPS publications, ISO series of standards, COBIT, US-CERT, NSA hardening documents, DIACAP, DISA STIGs, industry leading cloud computing publications, Defense-In-Depth and Layered Security best practices, along with numerous other globally recognized benchmarks, standards, frameworks, association, and publications within the broader field of information security. Length: Seven (7) comprehensive documents, totaling approximately 173 pages. 1. Oracle 11 Database Policy and Procedures 2. MySQL 5 Database Policy and Procedures 3. Microsoft (MS) SQL Server 2005 Policy and Procedures 4. Microsoft (MS) SQL Server 2008 Database Policy and Procedures 5. Microsoft (MS) SQL Server 2008 R2 Database Policy and Procedures 6. Microsoft (MS) SQL Server 2012 Database Policy and Procedures 7. PostgreSQL Database Policy and Procedures
24 Database Provisioning and Hardening Checklists, Forms, and Templates Purpose: Provide industry leading documentation for ensuring various databases available for commercial use are properly provisioned, hardened, secured, and locked down in accordance with best practices for ultimately ensuring their confidentiality, integrity, and availability (CIA). Topics Covered: Operating System Security, Systems Auditing, System Access Controls, User Account Privilege Controls, Networking Security, Local Security Options, and other supporing topics. Frameworks Utilized: Developed in accordance with best practices derived from database specific administrator guides, NIST SP 800 publications, FIPS publications, ISO series of standards, COBIT, US-CERT, NSA hardening documents, DIACAP, DISA STIGs, industry leading cloud computing publications, Defense-In-Depth and Layered Security best practices, along with numerous other globally recognized benchmarks, standards, frameworks, association, and publications within the broader field of information security. Length: Seven (7) comprehensive documents, totaling approximately 112 pages. 1. Oracle 11 Database Provisioning and Hardening Checklist 2. MySQL 5 Database Provisioning and Hardening Checklist 3. Microsoft (MS) SQL Server 2005 Provisioning and Hardening Checklist 4. Microsoft (MS) SQL Server 2008 Provisioning and Hardening Checklist 5. Microsoft (MS) SQL Server 2008 R2 Provisioning and Hardening Checklist 6. Microsoft (MS) SQL Server 2012 Provisioning and Hardening Checklist 7. PostgreSQL Provisioning and Hardening Checklist
25 Web Server Policies and Procedures Purpose: Offer documentation that encompasses, formalizes, and documents all essential policies, procedures, and processes relating to the configuration, use, and administration of the various web servers available for commercial use. Topics Covered: Data and Information Classification, Security Categorization, Physical Security, Personnel, Security Awareness Training, Provisioning and Hardening, Reference Material, Time Synchronization, Access Rights, Remote Access, Malware, Change Control Change Management, Patch Management, Backup and Storage, Encryption, Event Monitoring, Configuration and Change Monitoring, Performance and Utilization Monitoring, Logging and Reporting, Incident Response, Performance and Security Testing, Disaster Recovery, and other supporing topics. Frameworks Utilized: Developed in accordance with best practices derived from web server specific administrator guides, NIST SP 800 publications, FIPS publications, ISO series of standards, COBIT, US-CERT, NSA hardening documents, DIACAP, DISA STIGs, industry leading cloud computing publications, Defense-In-Depth and Layered Security best practices, along with numerous other globally recognized benchmarks, standards, frameworks, association, and publications within the broader field of information security. Length: Four (4) comprehensive documents, totaling approximately 96 pages. 1. Apache (Version 2.2) Linux Web Server Policy and Procedures 2. Apache (Version 2.2) Windows Web Server Policy and Procedures 3. Apache Tomcat Web Server Policy and Procedures 4. Microsoft Internet Information Services (IIS) Web Server Policy and Procedures
26 Web Server Provisioning and Hardening Checklists, Forms, and Templates Purpose: Provide industry leading documentation for ensuring various databases available for commercial use are properly provisioned, hardened, secured, and locked down in accordance with best practices for ultimately ensuring their confidentiality, integrity, and availability (CIA). Topics Covered: Operating System Security, Systems Auditing, System Access Controls, User Account Privilege Controls, Networking Security, Local Security Options, and other supporing topics. Frameworks Utilized: Developed in accordance with best practices derived from database specific administrator guides, NIST SP 800 publications, FIPS publications, ISO series of standards, COBIT, US-CERT, NSA hardening documents, DIACAP, DISA STIGs, industry leading cloud computing publications, Defense-In-Depth and Layered Security best practices, along with numerous other globally recognized benchmarks, standards, frameworks, association, and publications within the broader field of information security. Length: Ten (10) comprehensive documents, totaling approximately 107 pages. 1. Apache (Version 2.2) Linux Web Server Provisioning and Hardening Checklist 2. Apache (Version 2.2) Linux Web Server Final Checklist 3. Apache (Version 2.2) Windows Web Server Provisioning and Hardening Checklist 4. Apache (Version 2.2) Windows Web Server Final Checklist 5. Apache Tomcat Web Server Provisioning and Hardening Checklist 6. Apache Tomcat Web Server Final Checklist 7. Apache Tomcat 5.5 to 7.0 Web Server Provisioning and Hardening Checklist 8. Apache Tomcat 5.5 to 7.0 Web Server Final Checklist 9. Microsoft Internet Information Services (IIS) Web Server Provisioning and Hardening Checklist 10. Microsoft Internet Information Services (IIS) Web Server Final Checklist
27 All-in-One PCI Policies Packet (Policies, Procedures, Forms, and More) Purpose: Provide industry leading documentation for ensuring that merchants and service providers have all necessary information security policies and procedures as mandated by the Payment Card Industry Data Security Standards (PCI DSS). Topics Covered: All material as mandated from Requirement 1 to Requirement 12 of the PCI DSS standards. Frameworks Utilized: Developed in accordance with best practices derived from database specific administrator guides, NIST SP 800 publications, FIPS publications, ISO series of standards, COBIT, US-CERT, NSA hardening documents, DIACAP, DISA STIGs, industry leading cloud computing publications, Defense-In-Depth and Layered Security best practices, along with numerous other globally recognized benchmarks, standards, frameworks, association, and publications within the broader field of information security. Length: One (1) comprehensive document, totaling approximately 238 pages. 1. Formal Process for Testing and Approval of All Network Connections and Changes to Network Configurations 2. Current Network Diagram with All Connections to Cardholder Data, Including Wireless Networks 3. Firewall Requirements Policy and Procedures 4. Description of Groups, Roles and Responsibilities for Logical Management of Network Components 5. Documentation and Business Justification for Use of All Services, Protocols and Ports Allowed 6. All Services, Protocols and Ports Checklist 7. Requirements to Review Firewall and Router Rules Sets at least Every Six (6) Months 8. Firewall and Router Review Checklist 9. Firewall and Router Configurations Policy and Procedures 10. DMZ Configuration and Internet Access to the Cardholder Data Environment Policy and Procedures 11. DMZ Configuration Checklist 12. Personal Firewall Software Policy and Procedures 13. Changing of Vendor Supplied Default Settings Policy and Procedures 14. Changing of Vendor Supplied Default Checklist 15. Configuration Standards for All System Components Policy and Procedures 16. Configurations Standards Checklist 17. Non-Console Administrative Access Policy and Procedures 18. Inventory of System Components Matrix 19. Data Retention and Disposal Policy and Procedures 20. Sensitive Authentication Data (SAD) Storage Policy and Procedures 21. Sensitive Authentication Data Checklist for System Components
28 22. Primary Account Number (PAN) Policy and Procedures for Masking & Displaying the PAN Digits 23. Primary Account Number (PAN) System Protection Policy and Procedures 24. Disk Encryption Policy and Procedures 25. Protection of Keys used for Encryption of Cardholder Data Policy and Procedures 26. Key Management Policy and Procedures 27. Strong Cryptography and Protocols Policy and Procedures 28. Unencrypted Primary Account Numbers (PAN) Policy and Procedures 29. Anti-Virus Policy and Procedures 30. Security Patch Management Installation Policy and Procedures 31. Software Development Life Cycle Processes 32. Custom Application Code Change Reviews Policy and Procedures 33. Change Control Policy and Procedures 34. Software Development Secure Coding Guidelines and Training Policy and Procedures 35. Data Control & Access Control Policies and Procedures 36. Unique ID & Authentication Methods Policy and Procedures 37. Shared, Group, Generic, and Other Authentication Methods Policy and Procedures 38. Database Access & Configuration Settings Policy and Procedures 39. Physical Security Controls Checklist 40. Personnel and Visitor Access Checklist 41. Media Storage, Distribution and Classification Policy and Procedures 42. Media Destruction Policy and Procedures 43. Media Device Protection Policy and Procedures 44. Audit Trails Checklists 45. Time-Synchronization Technology Policy and Procedures 46. Securing of Audit Trails Policy and Procedures 47. Security Logs & Events Policy and Procedures 48. Review of Security Logs Checklist 49. Wireless Security & Access Points Policy and Procedures 50. Wireless Access Points Checklist 51. Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Change Detection Software (CDS) Policy and Procedures 52. Security Monitoring & Testing Policy and Procedures 53. Risk Assessment Matrix 54. Usage Policies and Procedures 55. Information Security Responsibility Policy and Procedures 56. Formal Security Awareness Program 57. Management of Service Providers Policy and Procedures 58. Incident Response Plan
29 Security Awareness Training Documentation Purpose: Provide industry leading documentation for helping organizations put in place comprehensive security awareness & training initiatives for all employees and workforce members. Topics Covered: The Importance of Security Awareness Training, Data Security Breaches, What is Information Security?, Roles and Responsibilities, Information Security Solutions, Defense-in-Depth, Layered Security, Cyber Security, Cloud Computing, HIPAA Introduction, HITECH Introduction, HIPAA Security Awareness Training Requirements, HIPAA Security Rule, HIPAA Privacy Rule, Covered Entities, Business Associates, Final Omnibus Ruling (January, 2013), Helpful HIPAA Resources, FERPA, FACTA, Red Flags Rule, 12 PCI DSS Requirements and their Relation to Security Awareness, The Payment Card Industry Data Security Standards Council, The Importance of PCI Compliance, Cardholder Data, GLBA, Other Regulations, Security Awareness Topics, Account Security and Access Rights, Malware, Security Updates, Clean Desk Policy, Workstation Security, Laptop Security, Software Licensing and Usage, Internal Threats, Physical Security and Environmental Security, Incident Response, Personally Identifiable Information (PII), Protecting Information (Hard-Copy), Protecting Information (Electronic Format), Data Retention, Identity Theft, Online Security and Mobile Computing, Shopping Online, Securing Your Home Network, Protecting your Children Online, Security Tips for Travelling, Other Important Security Awareness Considerations and Top Internet Scams, If you see something, say something Immediately, Top 20 Security Considerations for I.T. Personnel, Security Awareness Resources Frameworks Utilized: Developed in accordance with best practices derived from database specific administrator guides, NIST SP 800 publications, FIPS publications, ISO series of standards, COBIT, US-CERT, NSA hardening documents, DIACAP, DISA STIGs, industry leading cloud computing publications, Defense-In-Depth and Layered Security best practices, along with numerous other globally recognized benchmarks, standards, frameworks, association, and publications within the broader field of information security. and Microsoft PowerPoint (PPT) Length: Training Manual: 68 Pages. PowerPoint (PPT) Presentation: 143 Slides. Policy Document: 18 Pages. 1. Comprehensive PowerPoint Slide Presentation. 2. In-Depth Security Awareness Training Manual. 3. Security Awareness Secure Coding Training Checklist. 4. Employee Tracking Sheet. 5. Certificate of Completion Template. 6. Security Awareness Training Policy and Procedures
Altius IT Policy Collection Compliance and Standards Matrix
Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More information01.0 Policy Responsibilities and Oversight
Number 1.0 Policy Owner Information Security and Technology Policy Policy Responsibility & Oversight Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 1. Policy Responsibilities
More informationChecklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)
Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP) ecfirst, chief executive Member, InfraGard Compliance Mandates Key Regulations
More informationGoogle Cloud Platform: Customer Responsibility Matrix. December 2018
Google Cloud Platform: Customer Responsibility Matrix December 2018 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect
More informationGoogle Cloud Platform: Customer Responsibility Matrix. April 2017
Google Cloud Platform: Customer Responsibility Matrix April 2017 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect Cardholder
More informationPayment Card Industry Internal Security Assessor: Quick Reference V1.0
PCI SSC by formed by: 1. AMEX 2. Discover 3. JCB 4. MasterCard 5. Visa Inc. PCI SSC consists of: 1. PCI DSS Standards 2. PA DSS Standards 3. P2PE - Standards 4. PTS (P01,HSM and PIN) Standards 5. PCI Card
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationData Classification, Security, and Privacy
Data Classification, Security, and Privacy Jennifer Bayuk Securities Industry and Financial Markets Association Internal Audit Division October, 2007 Overview of Information Classification Logical Relationship
More informationAltius IT Policy Collection
Altius IT Policy Collection Complete set of cyber and network security policies Over 100 Policies, Plans, and Forms Fully customizable - fully customizable IT security policies in Microsoft Word No software
More informationChecklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
More informationVendor Security Questionnaire
Business Associate Vendor Name Vendor URL Vendor Contact Address Vendor Contact Email Address Vendor Contact Phone Number What type of Service do You Provide Covenant Health? How is Protected Health Information
More informationIT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I
Standards Sections Checklist Section Security Management Process 164.308(a)(1) Information Security Program Risk Analysis (R) Assigned Security Responsibility 164.308(a)(2) Information Security Program
More informationSQL Security Whitepaper SECURITY AND COMPLIANCE SOLUTIONS FOR PCI DSS PAYMENT CARD INDUSTRY DATA SECURITY STANDARD
SQL Security Whitepaper SECURITY AND COMPLIANCE SOLUTIONS FOR PCI DSS PAYMENT CARD INDUSTRY DATA SECURITY STANDARD The Payment Card Industry Data Security Standard (PCI DSS), currently at version 3.2,
More informationADDRESSING PCI DSS 3.0 REQUIREMENTS WITH THE VORMETRIC DATA SECURITY PLATFORM
ADDRESSING PCI DSS 3.0 REQUIREMENTS WITH THE VORMETRIC DATA SECURITY PLATFORM How Solution Capabilities Map to Specific Vormetric, Inc. 2545 N. 1st Street, San Jose, CA 95131 United States: 888.267.3732
More informationGUIDE TO STAYING OUT OF PCI SCOPE
GUIDE TO STAYING OUT OF PCI SCOPE FIND ANSWERS TO... - What does PCI Compliance Mean? - How to Follow Sensitive Data Guidelines - What Does In Scope Mean? - How Can Noncompliance Damage a Business? - How
More informationCOMPLIANCE BRIEF: HOW VARONIS HELPS WITH PCI DSS 3.1
COMPLIANCE BRIEF: HOW VARONIS HELPS WITH OVERVIEW The Payment Card Industry Data Security Standard (PCI-DSS) 3.1 is a set of regulations that govern how firms that process credit card and other similar
More informationDaxko s PCI DSS Responsibilities
! Daxko s PCI DSS Responsibilities According to PCI DSS requirement 12.9, Daxko will maintain all applicable PCI DSS requirements to the extent the service prov ider handles, has access to, or otherwise
More informationEC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led
EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led Certification: Certified Network Defender Exam: 312-38 Course Description This course is a vendor-neutral, hands-on,
More informationTotal Security Management PCI DSS Compliance Guide
Total Security Management PCI DSS Guide The Payment Card Industry Data Security Standard (PCI DSS) is a set of regulations to help protect the security of credit card holders. These regulations apply to
More informationPayment Card Industry (PCI) Data Security Standard
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire Version 1.0 Release: December 2004 How to Complete the Questionnaire The questionnaire is divided into six sections. Each
More informationSQL Compliance Whitepaper HOW COMPLIANCE IMPACTS BACKUP STRATEGY
SQL Compliance Whitepaper HOW COMPLIANCE IMPACTS BACKUP STRATEGY THE INTERSECTION OF COMPLIANCE AND DIGITAL DATA Organizations of all sizes and shapes must comply with government and industry regulations.
More informationCRYPTTECH. Cost-effective log management for security and forensic analysis, ensuring compliance with mandates and storage regulations
Cost-effective log management for security and forensic analysis, ensuring compliance with mandates and storage regulations Integration with Numerous Type of Devices Flexible Architectural Configuration
More information[DATA SYSTEM]: Privacy and Security October 2013
Data Storage, Privacy, and Security [DATA SYSTEM]: Privacy and Security October 2013 Following is a description of the technical and physical safeguards [data system operator] uses to protect the privacy
More informationIs Your Compliance Strategy Putting Your Business at Risk?
Is Your Compliance Strategy Putting Your Business at Risk? January 20, 2015 2015 NASDAQ-LISTED: EGHT Today s Speakers Michael McAlpen Exec. Dir. of Security & Compliance, 8x8, Inc. David Leach Business
More informationInformation Technology General Control Review
Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor
More informationDonor Credit Card Security Policy
Donor Credit Card Security Policy INTRODUCTION This document explains the Community Foundation of Northeast Alabama s credit card security requirements for donors as required by the Payment Card Industry
More informationSection 3.9 PCI DSS Information Security Policy Issued: November 2017 Replaces: June 2016
Section 3.9 PCI DSS Information Security Policy Issued: vember 2017 Replaces: June 2016 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect
More informationData Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory
Audience: NDCBF IT Security Team Last Reviewed/Updated: March 2018 Contact: Henry Draughon hdraughon@processdeliveysystems.com Overview... 2 Sensitive Data Inventory and Classification... 3 Applicable
More informationRecommendations for Implementing an Information Security Framework for Life Science Organizations
Recommendations for Implementing an Information Security Framework for Life Science Organizations Introduction Doug Shaw CISA, CRISC Director of CSV & IT Compliance Azzur Consulting Agenda Why is information
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationPayment Card Industry (PCI) Data Security Standard. Summary of Changes from PCI DSS Version to 2.0
Payment Card Industry (PCI) Data Security Standard Summary of s from PCI DSS Version 1.2.1 to 2.0 October 2010 General General Throughout Removed specific references to the Glossary as references are generally
More informationUniversity of Sunderland Business Assurance PCI Security Policy
University of Sunderland Business Assurance PCI Security Policy Document Classification: Public Policy Reference Central Register IG008 Policy Reference Faculty / Service IG 008 Policy Owner Interim Director
More informationArt of Performing Risk Assessments
Clinical Practice Compliance Conference Art of Performing Risk Assessments October 2016 Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP) Member FBI InfraGard AGENDA Cyber Risk = Disruptive Business Risk Breaches:
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationQuickBooks Online Security White Paper July 2017
QuickBooks Online Security White Paper July 2017 Page 1 of 6 Introduction At Intuit QuickBooks Online (QBO), we consider the security of your information as well as your customers and employees data a
More informationWORKSHARE SECURITY OVERVIEW
WORKSHARE SECURITY OVERVIEW April 2016 COMPANY INFORMATION Workshare Security Overview Workshare Ltd. (UK) 20 Fashion Street London E1 6PX UK Workshare Website: www.workshare.com Workshare Inc. (USA) 625
More informationEffective Strategies for Managing Cybersecurity Risks
October 6, 2015 Effective Strategies for Managing Cybersecurity Risks Larry Hessney, CISA, PCI QSA, CIA 1 Everybody s Doing It! 2 Top 10 Cybersecurity Risks Storing, Processing or Transmitting Sensitive
More informationApplying ISO and NIST to Address Compliance Mandates The Four Laws of Information Security
Applying ISO 27000 and NIST to Address Compliance Mandates The Four Laws of Information Security Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP) ecfirst, chief executive Member, FBI InfraGard Challenges PHI Is
More informationHIPAA Security and Privacy Policies & Procedures
Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400
More informationPerforming a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH
Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH 1 Speaker Bio Katie McIntosh, CISM, CRISC, CISA, CIA, CRMA, is the Cyber Security Specialist for Central Hudson Gas &
More informationVMware, SQL Server and Encrypting Private Data Townsend Security
VMware, SQL Server and Encrypting Private Data Townsend Security 724 Columbia Street NW, Suite 400 Olympia, WA 98501 360.359.4400 Today s Agenda! What s new from Microsoft?! Compliance, standards, and
More informationAuthAnvil for Retail IT. Exploring how AuthAnvil helps to reach compliance objectives
AuthAnvil for Retail IT Exploring how AuthAnvil helps to reach compliance objectives AuthAnvil for Retail IT Exploring how AuthAnvil helps to reach compliance objectives As companies extend their online
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationIT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)
Page 1 of 6 IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT) I. Understanding the need for privacy in the IT environment A. Evolving
More informationPosition Description IT Auditor
Position Title IT Auditor Position Number Portfolio Performance and IT Audit Location Victoria Supervisor s Title IT Audit Director Travel Required Yes FOR OAG HR USE ONLY: Approved Classification or Leadership
More informationHIPAA Compliance Checklist
HIPAA Compliance Checklist Hospitals, clinics, and any other health care providers that manage private health information today must adhere to strict policies for ensuring that data is secure at all times.
More informationISE North America Leadership Summit and Awards
ISE North America Leadership Summit and Awards November 6-7, 2013 Presentation Title: Presenter: Presenter Title: Company Name: Embracing Cyber Security for Top-to-Bottom Results Larry Wilson Chief Information
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationIT Services IT LOGGING POLICY
IT LOGGING POLICY UoW IT Logging Policy -Restricted- 1 Contents 1. Overview... 3 2. Purpose... 3 3. Scope... 3 4. General Requirements... 3 5. Activities to be logged... 4 6. Formatting, Transmission and
More informationUCOP ITS Systemwide CISO Office Systemwide IT Policy. UC Event Logging Standard. Revision History. Date: By: Contact Information: Description:
UCOP ITS Systemwide CISO Office Systemwide IT Policy UC Event Logging Standard Revision History Date: By: Contact Information: Description: 05/02/18 Robert Smith robert.smith@ucop.edu Approved by the CISOs
More informationBest Practices for PCI DSS Version 3.2 Network Security Compliance
Best Practices for PCI DSS Version 3.2 Network Security Compliance www.tufin.com Executive Summary Payment data fraud by cyber criminals is a growing threat not only to financial institutions and retail
More informationCyber Insurance PROPOSAL FORM. ITOO is an Authorised Financial Services Provider. FSP No
PROPOSAL FORM Cyber Insurance Underwritten by The Hollard Insurance Co. Ltd, an authorised Financial Services Provider www.itoo.co.za @itooexpert ITOO is an Authorised Financial Services Provider. FSP.
More informationEmployee Security Awareness Training Program
Employee Security Awareness Training Program Date: September 15, 2015 Version: 2015 1. Scope This Employee Security Awareness Training Program is designed to educate any InComm employee, independent contractor,
More informationJuniper Vendor Security Requirements
Juniper Vendor Security Requirements INTRODUCTION This document describes measures and processes that the Vendor shall, at a minimum, implement and maintain in order to protect Juniper Data against risks
More informationEnforcing PCI Data Security Standard Compliance Marco Misitano, CISSP, CISA, CISM Business Development Manager Security Cisco Italy
Enforcing PCI Data Security Standard Compliance Marco Misitano, CISSP, CISA, CISM Business Development Manager Security Cisco Italy 2008 Cisco Systems, Inc. All rights reserved. 1 1 The PCI Data Security
More informationPayment Card Industry - Data Security Standard (PCI-DSS) v3.2 Systems Security Standard
Payment Card Industry - Data Security Standard (PCI-DSS) v3.2 Systems Security Standard Systems Security Standard ( v3.2) Page 1 of 11 Version and Ownership Version Date Author(s) Comments 0.01 26/9/2016
More informationIT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)
Page 1 of 6 IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT) I. Understanding the need for privacy in the IT environment A. Evolving
More informationOracle Data Cloud ( ODC ) Inbound Security Policies
Oracle Data Cloud ( ODC ) Inbound Security Policies Contents Contents... 1 Overview... 2 Oracle Data Cloud Security Policy... 2 Oracle Information Security Practices - General... 2 Security Standards...
More informationCipherCloud CASB+ Connector for ServiceNow
ServiceNow CASB+ Connector CipherCloud CASB+ Connector for ServiceNow The CipherCloud CASB+ Connector for ServiceNow enables the full suite of CipherCloud CASB+ capabilities, in addition to field-level
More informationControlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:
Page 1 of 6 I. Common Principles and Approaches to Privacy A. A Modern History of Privacy a. Descriptions, definitions and classes b. Historical and social origins B. Types of Information a. Personal information
More informationEasy-to-Use PCI Kit to Enable PCI Compliance Audits
Easy-to-Use PCI Kit to Enable PCI Compliance Audits Version 2.0 and Above Table of Contents Executive Summary... 3 About This Guide... 3 What Is PCI?... 3 ForeScout CounterACT... 3 PCI Requirements Addressed
More informationPutting It All Together:
Putting It All Together: The Interplay of Privacy & Security Regina Verde, MS, MBA, CHC Chief Corporate Compliance & Privacy Officer University of Virginia Health System 2017 ISPRO Conference October 24,
More informationPCI DSS Compliance. White Paper Parallels Remote Application Server
PCI DSS Compliance White Paper Parallels Remote Application Server Table of Contents Introduction... 3 What Is PCI DSS?... 3 Why Businesses Need to Be PCI DSS Compliant... 3 What Is Parallels RAS?... 3
More informationThe Prioritized Approach to Pursue PCI DSS Compliance
PCI DSS PrIorItIzeD APProACh The Prioritized Approach to Pursue PCI DSS Compliance The Payment Card Industry Data Security Standard (PCI DSS) provides a detailed, requirements structure for securing cardholder
More informationAUTHORITY FOR ELECTRICITY REGULATION
SULTANATE OF OMAN AUTHORITY FOR ELECTRICITY REGULATION SCADA AND DCS CYBER SECURITY STANDARD FIRST EDITION AUGUST 2015 i Contents 1. Introduction... 1 2. Definitions... 1 3. Baseline Mandatory Requirements...
More informationVirtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC
Virtualization Security & Audit John Tannahill, CA, CISM, CGEIT, CRISC jtannahi@rogers.com Session Overview Virtualization Concepts Virtualization Technologies Key Risk & Control Areas Audit Programs /
More information10 Things Every Auditor Should Do Before Performing a Security Audit
10 Things Every Auditor Should Do Before Performing a Security Audit 2 Opening Remarks Moderator R. Kinney Poynter Executive Director NASACT Speaker Rick Gamache Senior Consultant BerryDunn Objectives
More information7.16 INFORMATION TECHNOLOGY SECURITY
7.16 INFORMATION TECHNOLOGY SECURITY The superintendent shall be responsible for ensuring the district has the necessary components in place to meet the district s needs and the state s requirements for
More informationHow To Establish A Compliance Program. Richard E. Mackey, Jr. SystemExperts Corporation
How To Establish A Compliance Program Richard E. Mackey, Jr. Vice president SystemExperts Corporation Agenda High level requirements A written program A sample structure Elements of the program Create
More informationOracle Hospitality OPERA Cloud Services Security Guide Release 1.20 E June 2016
Oracle Hospitality OPERA Cloud Services Security Guide Release 1.20 E69079-01 June 2016 Copyright 2016, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided
More information2017 Annual Meeting of Members and Board of Directors Meeting
2017 Annual Meeting of Members and Board of Directors Meeting Dan Domagala; "Cybersecurity: An 8-Point Checklist for Protecting Your Assets" Join this interactive discussion about cybersecurity trends,
More informationGlobalSCAPE EFT Server. HS Module. High Security. Detail Review. Facilitating Enterprise PCI DSS Compliance
GlobalSCAPE EFT Server HS Module High Security Facilitating Enterprise PCI DSS Compliance Detail Review Table of Contents Understanding the PCI DSS 3 The Case for Compliance 3 The Origin of the Standard
More informationInformation Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV
Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/identify/ndcbf _ITSecPlan_IDGV2017.pdf
More informationQualified Integrators and Resellers (QIR) TM. QIR Implementation Statement, v2.0
Qualified Integrators and Resellers (QIR) TM Implementation Statement For each Qualified Installation performed, the QIR Employee must complete this document and confirm whether the Validated Payment Application
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationEXHIBIT A. - HIPAA Security Assessment Template -
Department/Unit: Date: Person(s) Conducting Assessment: Title: 1. Administrative Safeguards: The HIPAA Security Rule defines administrative safeguards as, administrative actions, and policies and procedures,
More informationNEN The Education Network
NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected
More informationThe Prioritized Approach to Pursue PCI DSS Compliance
PCI DSS Prioritized Approach for PCI DSS.0 PCI DSS Prioritized Approach for PCI DSS.0 The Prioritized Approach to Pursue PCI DSS Compliance The Payment Card Industry Data Security Standard (PCI DSS) provides
More informationACM Retreat - Today s Topics:
ACM Retreat - Today s Topics: Phase II Cyber Risk Management Services - What s next? Policy Development External Vulnerability Assessment Phishing Assessment Security Awareness Notification Third Party
More informationSECURITY PRACTICES OVERVIEW
SECURITY PRACTICES OVERVIEW 2018 Helcim Inc. Copyright 2006-2018 Helcim Inc. All Rights Reserved. The Helcim name and logo are trademarks of Helcim Inc. P a g e 1 Our Security at a Glance About Helcim
More informationEstablishing a Credible Cybersecurity Program. September 2016
Establishing a Credible Cybersecurity Program September 2016 Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP) Member FBI InfraGard AFTERNOON PLENARY SESSION AGENDA Cyber Risk = Disruptive Business Risk Breaches:
More informationPROTECTING INFORMATION ASSETS NETWORK SECURITY
PROTECTING INFORMATION ASSETS NETWORK SECURITY PAUL SMITH 20 years of IT experience (desktop, servers, networks, firewalls.) 17 years of engineering in enterprise scaled networks 10+ years in Network Security
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationNORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers
Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.
More informationTips for Passing an Audit or Assessment
Tips for Passing an Audit or Assessment Rob Wayt CISSP-ISSEP, HCISPP, CISM, CISA, CRISC, CEH, QSA, ISO 27001 Lead Auditor Senior Security Engineer Structured Communication Systems Who likes audits? Compliance
More informationSecuring the cloud ISACA Korea. Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA
Securing the cloud ISACA Korea Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA What is cloud computing? Source: Wikipedia 2 What is cloud computing A model for enabling:- convenient on-demand network
More informationthe SWIFT Customer Security
TECH BRIEF Mapping BeyondTrust Solutions to the SWIFT Customer Security Controls Framework Privileged Access Management and Vulnerability Management Table of ContentsTable of Contents... 2 Purpose of This
More informationSecurity Awareness Compliance Requirements. Updated: 11 October, 2017
Security Awareness Compliance Requirements Updated: 11 October, 2017 Executive Summary The purpose of this document is to identify different standards and regulations that require security awareness programs.
More informationVMware, SQL Server and Encrypting Private Data Townsend Security
VMware, SQL Server and Encrypting Private Data Townsend Security 724 Columbia Street NW, Suite 400 Olympia, WA 98501 360.359.4400 Today s Agenda! Compliance, standards, and best practices! Encryption and
More information2.4. Target Audience This document is intended to be read by technical staff involved in the procurement of externally hosted solutions for Diageo.
Diageo Third Party Hosting Standard 1. Purpose This document is for technical staff involved in the provision of externally hosted solutions for Diageo. This document defines the requirements that third
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More informationInformation Technology Standard for PCI systems Syracuse University Information Technology and Services PCI Network Security Standard (Appendix 1)
Appendixes Information Technology Standard for PCI systems Syracuse University Information Technology and Services PCI Network Security Standard (Appendix 1) 1.0 Scope All credit card data and its storage
More informationThe Center for Internet Security
The Center for Internet Security Measurably reducing risk through collaboration, consensus, & practical security management Content of this Presentation: I. Background II. Univ. of CA Schools Rights and
More informationSecurity Management Models And Practices Feb 5, 2008
TEL2813/IS2820 Security Management Security Management Models And Practices Feb 5, 2008 Objectives Overview basic standards and best practices Overview of ISO 17799 Overview of NIST SP documents related
More informationProtecting your data. EY s approach to data privacy and information security
Protecting your data EY s approach to data privacy and information security Digital networks are a key enabler in the globalization of business. They dramatically enhance our ability to communicate, share
More informationORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers
All Affiliate Research Policy Subject: HIPAA File Under: For Researchers ORA HIPAA Issuing Department: Office of Research Administration Original Policy Date Page 1 of 5 Approved by: May 9,2005 Revision
More information