IT Security Basic Package for ISO-17799 / BS-7799 Only $499.00
| Product | Price | Instant Download | Click for Information | Order NOW! | Policies | Training |
| IT Security Basic Package | $499 |
 |
 |
[Add to Cart] | þ | þ |
| Sample Policy |
|
 |
Audit | Implementation | ||
| Sample Audit Question |
|
|
þ | þ |
The Toolkit includes 5 easy to use tools, everything required to start your IT Security Project, including:
1) Comprehensive Power Point® INTRODUCTION to the standards, covers the history of IT security, the 10 clauses and 127 controls of BS-7799 / ISO-17799.
2) IT security AUDIT question checklist (over 1500 questions), graphs and reports.
3) e-Wareness (Power Point®) training on IT Security IMPLEMENTATION, follow the 1200 page presentation covering each paragraph of the standards in detail. Including:
· BS7799 Part 1 (standard)
· BS7799 Part 2 (standard)
· Goal of paragraph
· Key points of paragraph
· Implementation tips
· Implementation flow chartIncludes both standards (BS-7799 and ISO-17799) !
4) For each paragraph of the standard there is a detailed IMPLEMENTATION TASK WORKSHEET (139 in total, each with 3-10 pages in length), guiding you through collecting data and a logical step-by-step approach to implementation.
5) Also for each paragraph of the standard there is a SAMPLE POLICY STATEMENT (139 in total) written in word, easy to modify for your organizations unique requirements.
Start securing your IT infrastructure with the "IT Security Basic Package" Order NOW!
The "IT Security Basic Package" is only $499.00 and can be ordered and immediately downloaded
or by phone (866) 207-3189 Ex 562.
Have Questions? We are on-line to answer them, click below!
(866) 207-3189 Ex 652
List of Sample Policies
| Policy covers BS-7799 & ISO-17799 Paragraph # | POLICY TITLE |
|---|---|
| 3** | SECURITY POLICY |
| 3.1* | Information Security Policy |
| 3.1.1 | Information security policy document |
| 3.1.2 | Review and evaluation |
| 4** | ORGANIZATIONAL SECURITY |
| 4.1* | Information Security Infrastructure |
| 4.1.1 | Management information security forum |
| 4.1.2 | Information security co-ordination |
| 4.1.3 | Allocation of information security responsibilities |
| 4.1.4 | Authorization process for information processing facilities |
| 4.1.5 | Specialist information security advice |
| 4.1.6 | Co-operation between organizations |
| 4.1.7 | Independent review of information security |
| 4.2* | Security of Third Party Access |
| 4.2.1 | Identification of risks from third party access |
| 4.2.2 | Security requirements in third party contracts |
| 4.3* | Outsourcing |
| 4.3.1 | Security requirements in outsourcing contracts |
| 5** | ASSET CLASSIFICATION AND CONTROL |
| 5.1* | Accountability for assets |
| 5.1.1 | Inventory of assets |
| 5.2* | Information classification |
| 5.2.1 | Classification guidelines |
| 5.2.2 | Information labeling and handling |
| 6** | PERSONNEL SECURITY |
| 6.1* | Including security in job responsibilities |
| 6.1.1 | Including security in job responsibilities |
| 6.1.2 | Personnel screening and policy |
| 6.1.3 | Confidentiality agreements |
| 6.1.4 | Terms and conditions of employment |
| 6.2* | User Training |
| 6.2.1 | Information security education and training |
| 6.3* | Responding to security incidents and malfunctions |
| 6.3.1 | Reporting security incidents |
| 6.3.2 | Reporting security weaknesses |
| 6.3.3 | Reporting software malfunctions |
| 6.3.4 | Learning from incidents |
| 6.3.5 | Disciplinary process |
| 7** | PHYSICAL AND ENVIRONMENTAL SECURITY |
| 7.1* | Secure Areas |
| 7.1.1 | Physical security perimeter |
| 7.1.2 | Physical entry controls |
| 7.1.3 | Securing offices, rooms and facilities |
| 7.1.4 | Working in secure areas |
| 7.1.5 | Isolated delivery and loading areas |
| 7.2* | Equipment Security |
| 7.2.1 | Equipment siting and protection |
| 7.2.2 | Power supplies |
| 7.2.3 | Cabling security |
| 7.2.4 | Equipment maintenance |
| 7.2.5 | Security of equipment off-premises |
| 7.2.6 | Secure disposal or re-use of equipment |
| 7.3* | General Controls |
| 7.3.1 | Clear desk and clear screen policy |
| 7.3.2 | Removal of property |
| 8** | COMMUNICATIONS AND OPERATIONS MANAGEMENT |
| 8.1* | Operational procedures and Responsibilities |
| 8.1.1 | Documented operating procedures |
| 8.1.2 | Operational change control |
| 8.1.3 | Incident management procedures |
| 8.1.4 | Segregation of duties |
| 8.1.5 | Separation of development and operational facilities |
| 8.1.6 | External facilities management |
| 8.2* | System Planning and Acceptance |
| 8.2.1 | Capacity planning |
| 8.2.2 | System acceptance |
| 8.3* | Protection Against Malicious Software |
| 8.3.1 | Controls against malicious software |
| 8.4* | Housekeeping |
| 8.4.1 | Information back-up |
| 8.4.2 | Operator logs |
| 8.4.3 | Fault logging |
| 8.5* | Network Management |
| 8.5.1 | Network controls |
| 8.6* | Media Handling and Storage |
| 8.6.1 | Management of removable computer media |
| 8.6.2 | Disposal of media |
| 8.6.3 | Information handling procedures |
| 8.6.4 | Security of system documentation |
| 8.7* | Exchanges of Information and Software |
| 8.7.1 | Information and software exchange agreements |
| 8.7.2 | Security of media in transit |
| 8.7.3 | Electronic commerce security |
| 8.7.4 | Security of electronic mail |
| 8.7.5 | Security of electronic office systems |
| 8.7.6 | Publicly available systems |
| 8.7.7 | Other forms of information exchange |
| 9** | ACCESS CONTROL |
| 9.1* | Business Requirements for Access Control |
| 9.1.1 | Access control policy |
| 9.2* | User Access Management |
| 9.2.1 | User registration |
| 9.2.2 | Privilege management |
| 9.2.3 | User password management |
| 9.2.4 | Review of user access rights |
| 9.3* | User Responsibilities |
| 9.3.1 | Password use |
| 9.3.2 | Unattended user equipment |
| 9.4* | Network Access Control |
| 9.4.1 | Policy of use of network services |
| 9.4.2 | Enforced path |
| 9.4.3 | User authentication for external connections |
| 9.4.4 | Node authentication |
| 9.4.5 | Remote diagnostic port protection |
| 9.4.6 | Segregation in networks |
| 9.4.7 | Network connection control |
| 9.4.8 | Network routing control |
| 9.4.9 | Security of network services |
| 9.5* | Operating System Access Control |
| 9.5.1 | Automatic terminal identification |
| 9.5.2 | Terminal log-on procedures |
| 9.5.3 | User identification and authentication |
| 9.5.4 | Password management system |
| 9.5.5 | Use of system utilities |
| 9.5.6 | Duress alarm to safeguard users |
| 9.5.7 | Terminal time-out |
| 9.5.8 | Limitation of connection time |
| 9.6* | Application Access Control |
| 9.6.1 | Information access restriction |
| 9.6.2 | Sensitive system isolation |
| 9.7* | Monitoring System Access and Use |
| 9.7.1 | Event logging |
| 9.7.2 | Monitoring system use |
| 9.7.3 | Clock synchronization |
| 9.8* | Mobile Computing and Teleworking |
| 9.8.1 | Mobile computing |
| 9.8.2 | Teleworking |
| 10** | SYSTEMS DEVELOPMENT AND MAINTENANCE |
| 10.1* | Security Requirement of Systems |
| 10.1.1 | Security requirements analysis and specification |
| 10.2* | Security in Application Systems |
| 10.2.1 | Input data validation |
| 10.2.2 | Control of internal processing |
| 10.2.3 | Message authentication |
| 10.2.4 | Output data validation |
| 10.3* | Cryptographic Controls |
| 10.3.1 | Policy on the use of cryptographic controls |
| 10.3.2 | Encryption |
| 10.3.3 | Digital signatures |
| 10.3.4 | Non-repudiation services |
| 10.3.5 | Key management |
| 10.4* | Security of System Files |
| 10.4.1 | Control of operational software |
| 10.4.2 | Protection of system test data |
| 10.4.3 | Access control to program source library |
| 10.5* | Security in Development and Support Processes |
| 10.5.1 | Change control procedures |
| 10.5.2 | Technical review of operating systems changes |
| 10.5.3 | Restrictions on changes to software packages |
| 10.5.4 | Covert channels and Trojan code |
| 10.5.5 | Outsourced software development |
| 11** | BUSINESS CONTINUITY MANAGEMENT |
| 11.1* | Aspects of Businesses Continuity Management |
| 11.1.1 | Business continuity management process |
| 11.1.2 | Business continuity and impact analysis |
| 11.1.3 | Writing and implementing continuity plans |
| 11.1.4 | Business continuity planning framework |
| 11.1.5 | Testing, maintaining and re-assessing Business continuity plans |
| 12** | COMPLIANCE |
| 12.1* | Compliance with Legal Requirements |
| 12.1.1 | Identification of applicable legislation |
| 12.1.2 | Intellectual property rights (IPR) |
| 12.1.3 | Safeguarding of organizational records |
| 12.1.4 | Data protection and privacy of personal information |
| 12.1.5 | Prevention of misuse of information processing facilities |
| 12.1.6 | Regulation of cryptographic controls |
| 12.1.7 | Collection of evidence |
| 12.2* | Reviews of Security Policy and Technical Compliance |
| 12.2.1 | Compliance with security policy |
| 12.2.2 | Technical compliance checking |
| 12.3* | System Audit Controls |
| 12.3.1 | System audit controls |
| 12.3.2 | Protection of system audit tools |
| Symbol | Type of Policy Document |
| * | 36 Sample Objectives for BS-7799 / ISO-17799 Paragraph (x.x) no policy required or supplied |
| None | 126 Sample Policy Statements (x.x.x) |
| ** | ISO-17799 / BS-7799 clause title, no policy required or supplied |
ONLY $499.00
Website last updated 10-12-2004
