Disaster Recovery & Business Continuity and Security Templates Audit Bundle
This bundle is fully compliant with Sarbanes-Oxley, HIPAA, PCI-DSS and the ISO 27000 Series (ISO 27001 and ISO 27002). It has been updated to reflect all of the recent legislation and other mandated requirements.
The Disaster Planning and Business Continuity Template has been selected by over 2,000 enterprises world-wide as the foundation of their DRP and BCP programs.
The Security Manual Template has just been updated to address issues such as SmartPhone and other PDAs
The Security Audit Program contains over 400 unique tasks divided into 11 areas of audit focus which are then divided into 38 separate task groupings. The audit program is one that either an external or an internal auditor can use to validate the compliance of the Information Technology and the enterprise to ISO 27000 (Formerly ISO 17799),Sarbanes-Oxley, HIPAA, and PCI-DSS.
The Disaster Recovery / Business Continuity Audit program identifies control objectives that are meet by the audit program. There are 36 specific items that the audit covers in the 11 page audit program.
The ISO 27000 series is a set of individual standards and documents defined as follows:
-
ISO 27001 - The specification for an Information Security Management System (ISMS) replaced the BS7799-2 standard.
-
ISO 27002 – The ISO 27002 standard is a renaming of the ISO 17799 standard, which is a code of practice for information security. It outlines controls and control mechanisms, which may be implemented subject to the guidance provided within ISO 27001.
-
ISO 27003 – This is a PROPOSED Standard, which has yet to be completely defined. This will be the official number of a new standard intended to offer guidance for the implementation of an ISMS (Information Security Management System). The purpose of this proposed development is to provide help and guidance in implementing ISMS. This will be a quality control standard when it is released. ISO 27003 will focus on utilizing the Plan-Do-Act-Check (PDCA) method, when establishing, implementing, reviewing, and improving the ISMS.
-
ISO 27004 - This is the designated number for a PROPOSED standard covering information security, system management, measurement, and metrics.
-
ISO 27005 – This is the name of a PROPOSED standard emerging standard covering information security risk management. As with the other standards within the ISO 27000 series, no firm dates have been established for its release. However, it will define the ISMS risk management process, including identification of assets, threats and vulnerabilities. This is the ISO number assigned for an emerging standard for information security risk management.
-
ISO 27006 - This standard offers guidelines for the accreditation of organizations that offer certification and registration with respect to ISMS.
Disaster Recovery / Business Continuity Security Audit News
CIOs and Lawyers Must Communicate
IT chiefs and lawyers must learn to speak the same language if they are
to work together to help organisations avoid risk. And although responsibility for IT risk management, the careful
balancing act of businesses benefit against liability,must not begin and end
with the IT department, it is important to run any policies past the
techies.
It is vital the IT crowd is consulted, agrees with and has ownership of any policies that directly affect them, and technical teams must make the effort to try and communicate with legal eagles in a language other than IT speak. It is better to have a legal team which will tell the IT department what we need to be doing. But lawyers being lawyers, it is very difficult to work with them to understand what we want and if they could talk to us in an IT language life would be much easier.
If you express risk in the different languages make sure things are transparent and everyone does understand who is responsible for what.
- more infoFactors to Consider in a Disaster Recovery & Business Continuity Plan
The Janco Disaster Recovery Plan & Business Continuity Template takes into consideration all of the items related to various layers of operations that most enterprises need to consider if they want to continue after a disaster occurs. These include:
-
Strategy - Items related to the strategies used by the business to complete day-to-day activities while enabling continuous operations. Examples include financial, manufacturing and disaster recovery strategies.
-
Organization - Items related to the structure, skills, communications and responsibilities of your employees. Examples include human resources, training, and internal and external communications.
-
Applications and data - Items related to the software necessary which enable business operations, as well as the method used to develop that software. Examples include customer relationship management (CRM) applications, enterprise resource planning (ERP) applications, databases and transaction processors.
-
Processes - Items related to the critical business processes necessary to run the business, as well as the IT processes used to ensure smooth operations. Examples include accounts receivable, accounts payable, change management and problem management.
-
Technology - Items related to the systems, network and industry-specific technology necessary to enable your applications and data. Examples include host systems, workstations and Internet Protocol (IP) networks.
-
Facilities- Items related to the buildings, factories and offices necessary to house your organization and your production or service technologies. Examples include data centers, office buildings and physical security operations.
Where CIOs spend their time
In a survey of CIOs, it was found that they spend most of their time:
- Aligning IT with enterprise goals
- Cultivating the IT and enterprise relationship
- Improving IT operations and system performance
- Leading change efforts
- Implementing new systems and architecture
- Driving business innovation
- Redesigning business processes
- Controlling IT costs
- Developing the business strategy
- Looking for a competitive advantage
- Managing IT crises
- Managing security
- Selecting and negotiating with vendors
- Developing customer market strategies and technologies
- Studying and understanding market trends and customer needs
Some improvement in the job market
A technology job board is seeing a steady uptick in technology jobs for the financial industry. After the economys meltdown in 2008 and 2009, its taken some time to see recovery in this segment. If you have technology experience in the industry, there are jobs to be had.
Programming skills are way up in terms of demand, especially the C languages with C# being the skill most sought after right now, along with skills in C and C++. In New York City and the metropolitan area, financial technology positions garner 20 percent higher salaries than the general technology population.
There is good news on the technology jobs front if you have prior banking or financial industry experience. Salaries are higher than the average tech job, especially on Wall Street.
- more infoNew Policy Templates Can be Customized
Documenting
a clear set of IT policies is a resource-intensive process for IT managers, due
to the research and writing time involved. And once policies are created, the
next step is to communicate and gain acceptance for those policies throughout
the organization. Wouldn't it be nice to start with boiler-plate templates that
require only minor customization?
Janco Associates
is offering you CIO IT Infrastructure Policy Bundle. This updated,
time-saving package will provide you with a stocked library of over 200 pages of
policy templates. Plus, you get the tools, techniques and advice you need to
successfully apply these policies in your
company.