Best IT Documents.com Blog


PowerPoint – Internet Security Program

Posted in Sample - IT Spreadsheets - PowerPoints (251),Security (1500) by Guest on the October 31st, 2012
Comments Off on PowerPoint – Internet Security Program

What to expect with a – Cloud Computing Vendor

Posted in Data Center - SOC - NOC by Guest on the October 31st, 2012

If your going to consider cloud computing solution, then you better set the bar way high.

http://www.bestitdocuments.com/IT_Security_Methodology_solutions.html

 

 

Comments Off on What to expect with a – Cloud Computing Vendor

PowerPoint – IT Requirements Capture Process

Posted in Projects (400),Sample - IT Spreadsheets - PowerPoints (251) by Guest on the October 29th, 2012

Free PowerPoint document download

Really really nice file.

Sample Enterprise Data Strategy

http://www.bestitdocuments.com/Data_technologies_solutions.html

 

Comments Off on PowerPoint – IT Requirements Capture Process

PowerPoint – Enterprise Data Strategy

Free PowerPoint document download

Really really nice file.

Sample Enterprise Data Strategy

http://www.bestitdocuments.com/Data_technologies_solutions.html

 

Comments Off on PowerPoint – Enterprise Data Strategy

Network – Latency vs. Bandwidth Fundamentals

Posted in Networking (340) by Guest on the October 27th, 2012

Latency is the amount of time it takes for a packet to traverse the network

Latency vs. Bandwidth

Why is it important?

 If it takes a single packet 100 ms to travel from location A to location B, adding bandwidth will not make it any faster.

Application considerations for latency:

  1. Application turns
  2. Acknowledgements
  3. Window size
  4. Data loads
  5. Load Balancing 

Application Turns:

  1. If an application has a high number of turns, the application’s performance will deteriorate rapidly as latency is introduced
  2. Sample capture of application transaction 

Conclusion:

When latency is a factor, the number of acknowledgements required could become a limiting factor to performance. Example: Data sent to London that requires each packet to be acknowledged with a latency of 95 ms is limited to throughput of 11 packets per second. 

Sliding Windows set too low:

If the sliding window is set too low, it can have similar impacts as acknowledgements. Example: Every 3rd or 4th packet acknowledged. 

Small data loads in packets:

The more packets that need to be transmitted the greater the impact of latency.

Sample intranet application transaction response time over varying bandwidths and latencies:

Login Response Time per Bandwidth & Latency

http://www.bestitdocuments.com/Networking.html

 

Comments Off on Network – Latency vs. Bandwidth Fundamentals

Sample Visio – SAS / ITIL Framework

Comments Off on Sample Visio – SAS / ITIL Framework

Sample Word – Security Sendmail Standard

Posted in eMail (66),Policies - Standards (600),Security (1500) by Guest on the October 25th, 2012
Comments Off on Sample Word – Security Sendmail Standard

Sample Word – Enterprise Web Service Recommendations

Posted in Security (1500) by Guest on the October 24th, 2012
Comments Off on Sample Word – Enterprise Web Service Recommendations

Cloud Architecture Risk Program Considerations

Posted in Security (1500) by Guest on the October 24th, 2012

Information Systems Risk Management Program

  • Purpose
  • Policy Statement
  • Responsibilities
  • Information Security Risk Management Program
  • Risk Assessment Process
  • Description of Preventative Measures
  • Description of Detection Measures
  • Incident Response Plan
    • Recovery Procedures
    • Logging and Reporting 
  • Assessment of Risks, Controls, and Response Priorities
    • Incident Response Team plan (Included)

Information Security Program

  • Introduction
  • Policy Statement
  • Information Security Risk Management Program
  • Types of Controls
  • Information Security Officer
  • Security Administrators
  • Logical Access Restrictions – User ID’s and Passwords
    • Minimum Password Requirements
    • Passwords are Authority to Act
    • Confidentiality of Passwords
    • Reporting Compromises of Passwords
    • Requests for System Access
    • Employee Terminations
    • Quarterly Review of Security Access Levels
  • Description of Network and System Security
    • Core Processor
    • Open Systems and Microsoft Windows Server
    • Remote Access and Firewalls
  • Security Monitoring Responsibilities
    • Core System Reports
    • Open Systems and Microsoft Windows Server
    • Remote Access and Firewall
  • Security Parameter Settings
  • Security Program Bulletins, Patches and Upgrades
  • Other Preventative Measures and Controls
    • Data Entry Controls
    • Data Integrity
  • Input and Output Controls
  • Telecommunications Access Controls
  • Transmission Controls

System and Documentation Backups

  • Core System
  • Critical Servers 

Physical Security

  • Servers
  • Computer Hardware
  • Computer Software 

End-User Computing

  • Terminal and Workstation Controls
  • Internet Access and Email Policy
  • Policy Statement Regarding Computer Software
  • Software License Agreements and Copyrights 

Software Documentation

Viruses

  • Internet Viruses 

PC Policy

  • PC Inventory
  • Environmental Control – PC’s and Workstations
  • Protection of Media 

Disposal of Obsolete Equipment

  • Disaster Recovery Contingency Plans (High level description only)
  • Information Security Insurance Policy
  • Information Security Audits
  • User Groups
  • Vendor Selection Process
  • Vendor Contracts
  • Vendor Oversight 

Authorized Security Administrators (Included)

  • Security Access Request (Included)
  • Internet and Email Policy (Included)

 http://www.bestitdocuments.com/IT_Security_Methodology_solutions.html

 

Comments Off on Cloud Architecture Risk Program Considerations

Sample Word – MSP Contractor Requirements

Posted in Security (1500) by Guest on the October 23rd, 2012
Comments Off on Sample Word – MSP Contractor Requirements

Sample MindMap – Security Control Cycle

Posted in Mindmap (100) by Guest on the October 23rd, 2012
Comments Off on Sample MindMap – Security Control Cycle

Sample Visio – ITIL to ISO 200xx Service Processes

Comments Off on Sample Visio – ITIL to ISO 200xx Service Processes

Sample – Email Analysis Management

Posted in Security (1500) by Guest on the October 22nd, 2012

Overall Rating:

Objective:  This project is intended to ensure comprehensive administrative and user policies and procedures for management, use and monitoring of [Clients] email systems. 

Gap

Department

Action

Tracking

Policy and Procedures
  1. RMD / IT
  2. RMD / IT
  3. Develop policies and procedures to guide email systems management.
 

  1. Expand user policies and procedures to ensure appropriate and confidential use.
 
Exchange Server Management
  1. IT /  RMD
  2. Evaluate alternatives to minimize exposure to spoofing activities.
 

  1. Exchange Vulnerability
 

http://www.bestitdocuments.com/Services.html

 

Comments Off on Sample – Email Analysis Management

Sample Word – Consulting Customer Evaluation Form

Posted in Security (1500) by Guest on the October 22nd, 2012
Comments Off on Sample Word – Consulting Customer Evaluation Form

Sample Word – Citrix – VMWare Desktop Optimized – Windows 7 Information Security Standard

Posted in Compliances (1300),O S (375),Policies - Standards (600),Security (1500) by Guest on the October 22nd, 2012
Comments Off on Sample Word – Citrix – VMWare Desktop Optimized – Windows 7 Information Security Standard

Sample – Suggested Technical Design Documentation Format

Posted in Security (1500) by Guest on the October 22nd, 2012

I.    Meaning of Protection 

Describe how the system provides trust and specify the protection mechanisms contained within the system (i.e., discretionary access controls and identification and authentication). 

II. Translating of Protection into the System 

This section shall: 

a. Describe the boundaries of the system; and 

b.Describe the parts of the system that are security relevant and not relevant. 

III. System Design 

This section shall: 

a. Provide a description of the system; 

b.Provide a graphic to describe the systems security services and mechanisms; 

c. Provide a diagram of process, data, and control flows that occur within the system architecture.  

  1. The flow diagram should trace the system operations from initial data input through final output; 

d. Identify the hardware, software, and firmware, why they are considered, the interfaces between them, and the implementation of them. 

V.  Protection of System 

Describe how the security mechanisms protect the system from tampering (i.e., the discretionary access control (DAC) mechanism controls access between named users or groups and name objects with the system). 

VI. Provide a Statement of the System Security Policy (if it exists) 

Describe what is being access by whom and from what.

http://www.bestitdocuments.com/IT_Security_Methodology_solutions.html

 

Comments Off on Sample – Suggested Technical Design Documentation Format

Sample MindMap – ITIL Operational Risk

Posted in Mindmap (100) by Guest on the October 21st, 2012
Comments Off on Sample MindMap – ITIL Operational Risk

Sample – Security Risk Management Procedures

Posted in Policies - Standards (600),Security (1500) by Guest on the October 21st, 2012

Sample – Security Risk Management Procedures

Summary or Purpose:  Explain the purpose of the following procedures or requirements. For Vulnerability Management, the summary would explain that the procedures are provided to guide identification, analysis and remediation of known vulnerabilities. The procedures include processes relating to Risk Management and Information Technology responsibilities.
Supplemental References: Reference related documents.  For the Vulnerability Management policy, references should point to excel tracking sheets, or analysis worksheets.
Process Overview: Outline key processes associated with implementation of the associated policy.
Actions:   Actions are general activities that make up key processes. Actions should specifically define accountability by employee position and establish metrics, if appropriate, such as the frequency the action should be performed, successors or alternates, and documentation associated with the action.
Procedures: Procedures explain how to execute the action, explaining specific requirements and sequential activities.  Procedures will define a logical order or steps by which to carry out the defined action. Procedures may include:

  • Communication techniques: distribution, protocol and frequencies.
  • Interaction with other departments
  • Links to tools or supplemental documentation
Standards: Standards are very detailed expectations.  Standards may be housed in the procedure or defined in a separate document with appropriate reference or links provided.  Standards in comparison to procedure are generally more volatile and are very specific.  Standards will define:

  • Report Content
  • Specific Timelines
  • Definitions
  • Detailed Requirements
  • Technical parameters
  • System Configuration

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

http://www.bestitdocuments.com/IT_Security_Methodology_solutions.html

 

Comments Off on Sample – Security Risk Management Procedures

PowerPoint – Roadmap to Maturity – FISMA and ISO 2700x

 Free – PowerPoint – Fisma (ISO2700xx, ISF, GAISP, OCTAVE, SysTrust, COSO, COCO) document download

Roadmap to Maturity – FISMA and ISO 2700x

 http://www.bestitdocuments.com/IT_Security_Methodology_solutions.html

 

Comments Off on PowerPoint – Roadmap to Maturity – FISMA and ISO 2700x

Sample Visio – FISMA – Risk Management Frameworks

Posted in Security (1500),Visio Samples - Stencils (457) by Guest on the October 21st, 2012

FISMA – Risk Management Frameworks

(ISO2700xx, ISF, GAISP, OCTAVE, SysTrust, COSO, COCO, NIST, CIS, FFIEC, SSE-CMM, SAS70, SSAG)

Free Visio Document Download

 Sample – FISMA – Risk Management Frameworks

 

Sample MindMap FISMA Risk Management Framework

http://www.bestitdocuments.com/IT_Security_Methodology_solutions.html

 

Comments Off on Sample Visio – FISMA – Risk Management Frameworks

Sample Word – External Security Assessment Methodology

Posted in Security (1500) by Guest on the October 21st, 2012
Comments Off on Sample Word – External Security Assessment Methodology

Sample – Vendor Security and Risk Management Review Matrix

Posted in Security (1500) by Guest on the October 21st, 2012

Sample – Vendor Security and Risk Management  Review Matrix 

Vendor: Name of Vendor with address and contact information
Vendor Owner Name the owner or owners of the relationship
Review Date: Report Date Date contract receivedFinal report date
Applicable Vendors, Partners and Affiliates: Name any pass through vendor relationships critical to SLA, to include their services.
Service or Product Summary: Summarize service, function or product.
Risk AnalysisOperational Risk – Operational Risk considers the impact that a vendor or service provider relationship may have on the clients ability to provide high quality and timely services to members, to include data integrity and the confidentiality of company and member information. 

Compliance – Compliance Risk considers the impact that a vendor or service provider relationship may have as it relates to contract risk, regulatory compliance or other legal liability. 

Strategic – Strategic Risk relates to the value of the service or product being considered, and evaluates the relationship in terms of its contribution to business line goals and objectives. Evaluations may consider cost/benefit, risk/reward and its ties enterprise strategies. 

Reputation – Reputation Risk relates to actions or perceived actions on the part of the client that cause member dissatisfaction, departure, or adverse media attention, ultimately diminishing consumer trust and confidence or causing a loss in market share.

Comment on Operational, Compliance, Strategic, and reputation risk exposure caused by the relationship. 
Questions  List outstanding questions for discussions and secondary analysis.
Recommended Risk Mitigation   Based on response, list recommended risk mitigation actions.
Risk Acceptance  Note any outstanding questions or risks that are identified but will not be mitigated.  The contract owner is responsible for making final decisions regarding risk acceptance.  However, if risks are believed to be material, risk management reserves the right to escalate this document to the Director of Risk Management for further action.
Contract owner Signature   

http://www.bestitdocuments.com/IT_Security_Methodology_solutions.html

 

Comments Off on Sample – Vendor Security and Risk Management Review Matrix

Sample – MindMap – Anatomy of an Attack

Posted in Mindmap (100) by Guest on the October 20th, 2012
Comments Off on Sample – MindMap – Anatomy of an Attack

Sample – MindMap – Technology Risk Assessment

Posted in Mindmap (100) by Guest on the October 20th, 2012
Comments Off on Sample – MindMap – Technology Risk Assessment

Sample MindMap – Assigning Responsibility for Compliance Sample

Posted in Mindmap (100) by Guest on the October 20th, 2012
Comments Off on Sample MindMap – Assigning Responsibility for Compliance Sample
Next Page »