Tag: Data Center – SOC – NOC

Sample Word – Firewall Technology Selection Considerations

Criteria that could be used to evaluate and compare firewall technologies:  Extent to which a firewall must support and enforce a usage (e.g., Internet) policy Adherence to an existing agency standard that details the specific firewall that should be acquired Existence of a certification or warranty by the vendor to perform in an acceptable manner… Continue reading Sample Word – Firewall Technology Selection Considerations

Sample Word – Handy Cisco Command Reference for Network Analyst’s

 Free Word document download Cisco Command Reference   Access Control  Access Control prevents unauthorized access to—and unauthorized use of—resources.  Access controls are safeguards used to control user access to files, ports, or other system resources.  It is normally a fundamental part of an overall defense in depth strategy.  Access controls are often inherent in the… Continue reading Sample Word – Handy Cisco Command Reference for Network Analyst’s

Corporate IT Domain Knowledge

How to build or enhance your Corporate IT Domain Knowledge Objectives:   Build an understanding of 1. Business processes and workflows and dependencies 2. Build Domain Oriented Software Development Environment 3. Systems & Software (licensing, licensing recovery and cost to organization) 4. Asset management, know what you have where assets are and classify the value to each line of… Continue reading Corporate IT Domain Knowledge

Sample Word – Data Classification and Encryption guidelines

What is Confidential Information?  1) Any information not known to outsiders that has value to corporate or whose premature disclosure would help competitors or be harmful to the corporate.  2) Can include physical, electronic, or oral information.  3) Must be classified and protected according to guidelines set in Global Information Classification Policy.  Free – Document download Sample… Continue reading Sample Word – Data Classification and Encryption guidelines

Simple Excel – Backup Schedule Spreadsheet

Job Start and end time are approximate due to changes in file size Day of the Week Job Type Jobs Run Job Start and end Times Job Name Monday Differential (Data) Tuesday Differential (Data) Wednesday Differential (Data) Thursday Differential (Data) Friday Differential (Data) Saturday Clean Tape Drives Saturday Full Backup (Data) Sunday Full Backup (Data)… Continue reading Simple Excel – Backup Schedule Spreadsheet

Sample Partial – Backup Tape Rotation Strategy

The following is based on the use of 10 tape for a backup rotation. This increases your daily file recovery length to ten days and increases your maximum recovery length to ten days. Mon Tues Wed Thurs Fri Tape 1 Tape 2 Tape 3 Tape 4 Tape5 Mon Tues Wed Thurs Fri Tape 6 Tape… Continue reading Sample Partial – Backup Tape Rotation Strategy

Sample Partial – Disaster Recovery Plan

A disaster recovery plan consists of information and procedures required to make a rapid recovery from an occurrence which would disable Corporate Services for more than 24 hours such as a tornado, earthquake, fire, or act of sabotage or terrorism. Successful recovery of operations is dependent upon a complete set of specific written instructions for… Continue reading Sample Partial – Disaster Recovery Plan

Web Administration Sample Titles and Roles

Overview Sample Web server (Content Providers) and administrative Roles and Responsibilities Due to the nature of the Web Administrators and Content Providers roles, they sometimes need guidance to assure there is no confusion as to who is ultimately responsible for each task associated with the creation and/or maintenance of web sites.  Therefore to clarify the… Continue reading Web Administration Sample Titles and Roles

Sample Visio – Simple Application upstream / downstream flow and interactions

This Sample drawing demonstrates how IT Applications should be documented. Systems, Databases flows and dependencies are important for Testing, Development, Support, reliability and auditing. Free – Visio Document download Application and flows www.bestitdocuments.com

Sample Visio – Simple ITIL Security Operations Workflows

Simple sample Security Operations Workflows and interactions. In order to create a good IT operations runbook. This is the level of details that should be flowed out and documented step for step. Free – Visio Document download Visio Work Flows

Sample – EPHI (HIPAA) – Administrative Technical Controls

Thank you for your visit. If you like what you have found on our site please backlink our site and blog. Standards Sections Description Security Management Process  § 164.308(a)(1) Risk Analysis Risk Management Sanction Policy Information System Activity Review Assigned Security Responsibility § 164.308(a)(2) Workforce Security § 164.308(a)(3) Authorization and/or Supervision Workforce Clearance Procedure Termination… Continue reading Sample – EPHI (HIPAA) – Administrative Technical Controls

Anatomy of a Web Application

Without any protection, holes and backdoors exist at every layer waiting to be exploited Each layer of the application has its own unique vulnerabilities. A vulnerability fixed at one layer may still be exploited at another layer. An exploit at any layer of the application effects the integrity and behavior for the entire application, www.bestitdocuments.com

Sample – EPHI (HIPAA) – Physical Technical Controls

Thank you for your visit. If you like what you have found on our site please backlink our site and blog. Standards Sections Description Facility Access Controls § 164.310(a)(1) Contingency Operations Facility Security Plan Access Control and Validation Procedures Maintenance Records Workstation Use § 164.310(b) Workstation Security § 164.310(c) Device and Media Controls § 164.310(d)(1)… Continue reading Sample – EPHI (HIPAA) – Physical Technical Controls

Sample – EPHI (HIPAA) – Technical Security Controls

Thank you for your visit. If you like what you have found on our site please backlink our site and blog. Standards Sections Description Access Control § 164.312(a)(1) Unique User Identification Emergency Access Procedure Automatic Logoff Encryption and Decryption Audit Controls § 164.312(b) Integrity § 164.312(c)(1) Mechanism to Authenticate Electronic Protected Health Information Person or… Continue reading Sample – EPHI (HIPAA) – Technical Security Controls

Sample – Infrastructure: Operations Support Policy

Overview This policy defines the basic elements required for the Corporate Information Systems Operations Support.   Purpose To obtain reasonable assurance that computer operations activities provide scheduled, monitored, and secured processing as well as the timely identification of problems.  Scope The scope of this policy includes all personnel, including external vendors, who have access to or… Continue reading Sample – Infrastructure: Operations Support Policy

HIPAA – Identitiy and Access Management SOC Dashboard Considerations

What a Security Operations Center IAM dashboard should present. Number of Requestable Products Average Request Processing Time New Rule Violations Employees by functional area Pending Requests Entitlement Assignments with / without requests Employees by status Pending Attestation Instances Number of Internal and External Employees Top 10 Departments (Members) www.bestitdocuments.com

HIPAA – Identitiy and Access Management Considerations

Safeguard Standard Implementation Specification Technical Access Control Unique User Identification Automatic Log-off Audit Controls Person or entity Authentication Strong Authentication Physical Facility for access controls Physical Access Administration Security Management Process Risk Management Activity Review Workforce Security Termination Procedure Information Access Management Isolation Healthcare Clearing House Security Incident Procedures Login Monitoring “HIAA” – Health Insurers… Continue reading HIPAA – Identitiy and Access Management Considerations

What is Data Retention Compliance?

The ability to stipulate specific life cycle for different types of corporate IT documents. 1) Data usability and accessibility, the document must be in a useful form, e.g. viewable / reusable. The retrieval must meet the business process requirements. 2) Data security, the document must be held so as to prevent uncontrolled access. 3) Data integrity, the… Continue reading What is Data Retention Compliance?

Security Operations – Security Guidance

Secure by Design Design for defense-in-depth Plan for security management Design system architecture for security Build network threat models Secure by Default Minimize the network attack surface Deny access by default Use security features in Windows Server 200x, Unix, MVS and Risc OS’s Secure in Deployment Software maintenance Security policy Educate users on security Customers…Understand… Continue reading Security Operations – Security Guidance

Mitigating Emerging Threats from Employee Computing

Comprehensive solution to manage employee use of corporate computing resources… Personal Surfing Instant Messaging P2P Spyware Unauthorized Applications Employee Hacking Virus Outbreak…. 70% of Porn is downloaded between 9am and 5pm All Internet Content Carries a Risk! Web, Email, IM and P2P – Strongest solution to emerging hybrid / blended threats (e.g. MyDoom, ‘Phishing’) Content… Continue reading Mitigating Emerging Threats from Employee Computing