Security Manual Template - Version 2018

  • ID: 4649498
  • Report
  • 228 pages
  • Janco Associates, Inc
1 of 5
California Defines Standard for Privacy Compliance

Policy and Procedure Manual Compliance Management Made Easy -- Califorina Consumer Privacy Act - 2018 / GDPR / ISO / HIPAA / SOX / CobiT / FIPS Compliant

Comes in eReader, MS Word, and PDF formats. Includes 24 Electronic Forms that are ready to use and User Bill of Rights for Sensitive Data and Privacy

This revised edition of the Security Manual Template include definitions for the NEW compliance mandates for user information and business processes to meet the requirements for the California Consumer Privacy Act (CaCPA). Included with this release is a complete list of all the soon to be required mandates. The researcher said, "We have reviewed the full text of the latest act and developed a list of user rights, business responsibilities, and processing requirement"

CIOs and CSO's who have had a chance to review the latest version of the Security Manual Template have told the researcher that the CaCPA mandate definition is a must have tool.  This is a great auditing tool can be put to work right away.  Also, an added feature in the Premium Edition is a full 5-page job description for a Data Protection Officer (DPO).

Security Manual Template - Standard Edition

  • Business and IT Impact Questionnaire
  • Threat and Vulnerability Assessment Toolkit
  • Security Management Checklist
  • Full Detail Policies for
    • Blog and Personal Website Policy
    • Mobile Device Policy
    • Physical and Virtural File Server Policy
    • Sensitive Information Policy
    • Travel and Off-Site Meeting Policy
  • HIPAA Audit Program
  • GDPR Compliance Checklist to meet EU Requirements
  • California Consumer Privacy Act requirements definition
  • Consumer Bill of Rights
  • Sarbanes Oxley Section 404 Checklist
  • Security Audit Program- fully editable -- Comes in MS EXCEL and PDF formats -- Meets GDPR, ISO 28000, 27001, 27002, Sarbanes-Oxley, PCI-DSS, HIPAA FIPS 199, and NIS SP 800-53 requirements -- Over 400 unique tasks divided into 11 areas of audit focus which are the divided into 38 separate task groupings
  • Electronic forms that can be Emailed, completed via a computer or tablet, and stored electronically including: Blog Policy Compliance, BYOD Access and Use, Company Asset Employee Control Log, Email - Employee Acknowledgment, Employee Termination Checklist, FIPS 199 Assessment Electronic Form, Internet Access Request, Internet Use Approval, Internet & Electronic Communication - Employee Acknowledgment, Mobile Device Access and Use Agreement, Employee Security Acknowledgement Release, Preliminary Security Audit Checklist, Risk Assessment, Security Access Application, Security Audit Report, Security Violation Reporting, Sensitive Information Policy Compliance Agreement, Server Registration, and Threat and Vulnerability Assessment
  • eReader version of the Security Manual Template


Note: Product cover images may vary from those shown
2 of 5

Security - Introduction 
Best Practices 
Best Practices When Implementing Security Policies and Procedures 
Best Practices Network Security Management 
Best Practices to Meet Compliance Requirements 
Best Practices to Manage Compliance Violations 
Best Practices Data Destruction and Retention 
Best Practices Ransomware Protection 
Web Site Security Flaws 
ISO 27000 Compliance Process 
Security General Policy 

Minimum and Mandated Security Standard Requirements
ISO Security Domains
ISO 27000
Gramm-Leach-Bliley (Financial Services Modernization Act of 1999
FTC Information Safeguards
Federal Information Processing Standard – FIPS 199
NIST SP 800-53
Sarbanes-Oxley Act
California SB 1386 Personal Information Privacy
California Consumer Privacy Act - 2018
Massachusetts 201 CMR 1700 Data Protection Requirements
What Google and Other 3rd Parties Know
Internet Security Myths

Vulnerability Analysis and Threat Assessment 
Evaluate Risk 

Risk Analysis - IT Applications and Functions 
Roles and Responsibilities 
Program Requirements 
Relationship to Effective Security Design 
Selection of Safeguards 
Requests for Waiver 
Program Basic Elements 
Staff Member Roles 
Basic Policies 
Security - Responsibilities 
Determining Sensitive Internet and Information Technology Systems Positions 
Personnel Practices 
Hiring Procedures 
Termination Types 
Termination Actions 
Education and Training 
Contractor Personnel 

Physical Security 
Information Processing Area Classification 
Classification Categories 
Access Control 
Levels of Access Authority 
Access Control Requirements by Category 
Implementation Requirements 
Protection of Supporting Utilities 

Facility Design, Construction, and Operational Considerations 
Building Location 
External Characteristics 
Location of Information Processing Areas 
Construction Standards 
Water Damage Protection 
Air Conditioning 
Entrances and Exits 
Interior Furnishings 
Air Conditioning 
Remote Internet and Information Technology Workstations 
Lost Equipment 
Training, Drills, Maintenance, and Testing 

Media and Documentation 
Data Storage and Media Protection 

Data and Software Security 
Resources to Be Protected 
Access Control 
Internet / Intranet / Terminal Access / Wireless Access
Wireless Security Standards 
Logging and Audit Trail Requirements 
Satisfactory Compliance 
Violation Reporting and Follow-Up 

Internet and Information Technology Contingency Planning 
Information Technology 
Contingency Planning
Contingency Plan Activation and Recovery 
Disaster Recovery / Business Continuity and Security Basics 

Insurance Requirements 
Filing a Proof of Loss 
Risk Analysis Program 
Purchased Equipment and Systems 
Leased Equipment and Systems 
Business Interruption 
Staff Member Dishonesty 
Errors and Omissions 

Security Information and Event Management (SIEM) 
Best Practices for SIEM 
KPI Metrics for SIEM 

Identity Protection 
Identifying Relevant Red Flags 
Preventing and Mitigating Identity Theft 
Updating the Program 
Methods for Administering the Program 

Ransomware - HIPAA Guidance 
Required response 

Outsourced Services 
Outside Service Providers – Including Cloud 

Waiver Procedures 
Purpose and Scope 

Incident Reporting Procedure 
Purpose & Scope 

Access Control Guidelines 
Purpose & Scope 
Definitions of Access Control Zones 
Badge Issuance 

Internet, Email, and Electronic Communication 
Internet and Electronic Communication Policy 

Attached Policies 

  • Blog and Personal Website Policy
  • Mobile Device Policy
  • Physical and Virtual File Server Security Policy
  • Sensitive Information Policy - Credit Card, Social Security, Employee, and Customer Data
  • Travel and Off-Site Meeting Policy

Practical Tips for Prevention of Security Breaches and PCI Audit Failure 
Risk Assessment Process 
Security Violation Reporting 
Security Audit Report Form 
Preliminary Audit Security Checklist 
New Employee Security Acknowledgement and Release 
Internet & Electronic Communication - Employee Acknowledgment 
Email - Employee Acknowledgment 
Internet Use Approval 
Internet Access Request 
Security Access Application Form 
Blog Policy Compliance Agreement 
BYOD Access and Use Agreement Form 
Mobile Device Access and Use Agreement 
Company Asset Employee Control Log
Employee Termination Process 
Security Management Compliance Checklist 
Massachusetts 201 CMR 17 Compliance Checklist 
User/Customer Sensitive Information and Privacy Bill of Rights 
General Data Protection Regulation (GDPR) - Checklist 
Why Data is Captured 
User Consent 
Third Party Data 
Legacy data 
HIPAA Audit Program Guide 
Ensuring HIPAA Compliance 
Planning the Audit 
HIPAA Audit Scope 
ISO 27000 Security Process Audit Checklist 
Security Policy Management Objectives 
Corporate Security Management Objectives 
Organizational Asset Management Objectives 
Human Resource Security Management Objectives 
Physical and Environmental Security Management Objectives 
Communications and Operations Management Objectives 
Information Access Control Management Objectives 
Systems Development and Maintenance Objectives 
Information Security Incident Management Objectives 
DRP and Business Continuity Management Objectives 
Compliance Management Objectives 
Firewall Security Requirements 
Firewall Security Policy Checklist 
BYOD and Mobile Content Best of Breed Security Checklist 
Business and IT Impact Questionnaire 
Threat and Vulnerability Assessment Tool 
Sarbanes-Oxley Section 404 Check List Excel Spreadsheet 

Revision History 

Note: Product cover images may vary from those shown
3 of 5


4 of 5

Many organizations fail to realize the benefits of security information management due to the often exhaustive financial and human resource costs of implementing and maintaining the software. However, the Security Manual Template - the industry standard - provides the infrastructure tools to manage security, make smarter security decisions and respond faster to security incidents and compliance requests within days of implementation. The template provides a framework for evaluating SIM services and shows how they could be applied within your organization.

Address issues like Identify Protection and SIEM (Security Information and Event Management). It is the complete must have tool.

Security incidents are rising at an alarming rate every year. As the complexity of the threats increases, so do the security measures required to protect networks and critical enterprise data. CIOs, Data center operators, network administrators, and other IT professionals need to comprehend the basics of security in order to safely deploy and manage data and networks.

Securing a typical business network and IT infrastructure demands an end-to-end approach with a firm grasp of vulnerabilities and associated protective measures. While such knowledge cannot stop all attempts at network incursion or system attack, it can empower IT professionals to eliminate general problems, greatly reduce potential damages, and quickly detect breaches.

With the ever-increasing number and complexity of attacks, vigilant approaches to security in both large and small enterprises are a must. The Security Manual Template meets that requirement.

Comprehensive, Detailed, and Customizable

The Security Manual is over 240 pages in length. All versions of the Security Manual Template include both the Business IT Impact Questionnaire and the Threat Vulnerability Assessment Tool (they were redesigned to address Sarbanes Oxley compliance).

In addition, the Security Manual Template PREMIUM Edition  contains 16 detail job descriptions that apply specifically to security and Sarbanes Oxley, ISO security domains, ISO 27000 (ISO27001 and ISO27002), PCI-DSS, HIPAA, FIPS 199, and CobiT.

The Security Manual has recommended policies, procedures and written agreements with employees, vendors and other parties who have access to the company's technology assets. To make this process as easy as possible, the researcher provides 18 formatted electronic forms for distribution and documentation. All forms are in easy-to-edit Microsoft Word templates so all you need to do is add your corporate logo, make your own additions and changes and your task of policy and procedure documentation is nearly complete!
Electronic Forms

The ELECTRONIC forms included with the Security Manual template are:

  1. Blog Policy Compliance Agreement
  2. BYOD Access and Use Agreement
  3. Company Asset Employee Control Log
  4. Email Employee Agreement
  5. Employee Termination Procedures and Checklist
  6. FIPS 199 Assessment
  7. Internet Access Request Form
  8. Internet and Electronic Communication Employee Agreement
  9. Internet use Approval
  10. Mobile Device Access and Use Agreement
  11. Mobile Device Security and Compliance Checklist
  12. New Employee Security Acknowledgment and Release
  13. Outsourcing and Cloud Security Compliance Agreement
  14. Outsourcing Security Compliance Agreement
  15. Preliminary Security Audit Checklist
  16. Risk Assessment
  17. Security Access Application
  18. Security Audit Report
  19. Security Violation Procedures
  20. Sensitive Information Policy Compliance Agreement
  21. Server Registration
  22. Social networking Policy Compliance Agreement
  23. Telecommuting Work Agreement
  24. Text Messaging Sensitive Information Agreement
  25. Threat and Vulnerability Assessment Inventory

Data Security and Protection are a priority and this template is a must have tool for every CIO and IT department. Over 3,000 enterprise worldwide have acquired this tool and it is viewed by many as the Industry Standard for Security Management and Security Compliance.

Note: Product cover images may vary from those shown
5 of 5
Note: Product cover images may vary from those shown