Brochure
More information from http://www.researchandmarkets.com/reports/3009116/
Security Audit Program - ISO 28000, 27001, & ISO 27002 / HIPAA / SOX PCI-DSS
Compliant
Description: - Comes in MS EXCEL and PDF formats
- Meets ISO 28000, 27001, 27002, Sarbanes-Oxley, PCI-DSS and HIPAA requirements
- Over 400 unique tasks divided into 11 areas of audit focus which are the divided into 39 separate task groupings including BYOD
- It meets Massachusetts, New York, and California requirements.
Over 3,000 enterprises from around the world have chosen at least one of the author's products. The Security Audit program is a must have tool that not only assists in meeting compliance requirements but also is a great way to validate that your enterprise is ready for your next external audit.
Many organizations have to respond to the queries of internal or external auditors and demonstrate that access to their unstructured data is being properly controlled. Questions such as the following from auditors are not uncommon:
- How do you know who can access this folder with financial/customer/sensitive data in it? - Who authorized a user to have access permission to a file and how?
- If a key file was deleted, how would you know it happened, or who did it? - Who were the last people to access a critical folder, and what did they do? - How do you make sure that the right people have access to your data?
After years of regulation and embarrassing data breaches, the highest levels of management now comfortably discuss IT controls and audit results. However, their quality expectations are rising. Where IT once performed audits annually, many now support quarterly, monthly, and ad hoc exercises. Each audit expands the scope of the technologies assessed, measured, and proven compliant. Broader scope means more complexity and more work. With the Security Audit Program you can increase timeliness and accuracy of audit data while reducing IT audit effort, disruption, and cost.
Security Audit ProgramThis Security Audit program contains over 400 unique tasks divided into 11 areas of audit focus which are the divided into 38 separate task groupings. The audit program is one that either an external auditor, internal auditor can use to validate the compliance of the Information Technology and the enterprise to ISO 28000 (Supply Chain Security Management System), ISO 27000 Series (ISO 27001 & ISO 27002), Sarbanes-Oxley, HIPAA, and PCI-DSS.
The 11 areas of audit focus and objectives are: - Corporate Security Management
- Systems Development and Maintenance - Information Access Control Management - Compliance Management
- Human Resource Security Management - Information Security Incident Management - Communications and Operations Management - Organizational Asset Management
- Physical and Environmental Security Management - Security Policy Management
- Disaster Recovery Plan and Business Continuity
Included with this program are Microsoft (2003 and 2007 format) Excel workbooks and an indexed PDF document that contain the following:
- Read me - General instructions on the use of the Excel worksheets
- Audit Program Summary - Lists the 11 areas of audit focus and the 38 task groupings that are included within the audit. The point summary on this work sheet is calculated automatically by Excel.
point value of each task. The only thing that the user needs to do is check the yes or no on each item and re -assign a relative point value for each task.
- Audit Program Graphic - Lists the 11 areas of audit focus and a bar graph which shows the weights that are assigned to each area. The point summary on this work sheet is calculated automatically by Excel and the graph is automatically updated.
- Sample Audit Program - This is copy of the Audit Program Detail with data entered into the individual tasks.
- Sample Audit Program Summary - This is a copy of the Audit Program Summary with the links changed to point to the Sample Audit Program.
- Sample Audit Program Graphic - This is a copy of the Audit Program Graphic with links changed to point to the Sample Audit Program plus a chart has been added to show the positive and negative points of the audit.
Contents: Introduction
Security Audit Program Summary Security Audit Program
Security Policy Management Objectives - Information Security Policy
Corporate Security Management Objectives - Internal Security Organization
- External Use of the Enterprise Information Organizational Asset Management Objectives - Responsibility for the Enterprise Assets - Information Classification System
Human Resource Security Management Objectives - Security Prior to Employment
- Security During Employment - Security at Termination
Physical and Environmental Security Management Objectives - Secure Areas
- Enterprise Equipment - BYOD
Communication and Operations Management Objectives - Procedures and Responsibilities
- Third Party Service Delivery - System Planning Activities - Malicious and Mobile Code - Back-up Procedures - Computer Networks - Media
- Exchange of Information - Electronic Commerce
- Information Processing Facilities
Information Access Control Management Objectives - Access to Information
- User Access Rights - Access Practices
- Access to Network Services - Access to Operating Systems - Access to Applications - Mobile and Remote Facilities
Systems Development and Maintenance Objectives - Information System Application Security
- Application Processing Information - Cryptographic Controls
- System Files
- Development and Support Processes
Information Security Incident Management Objectives - Security Events and Weaknesses
Compliance Management Objectives - Mandated Security Requirements - Security Compliance Reviews Security Audit Summary
Security Audit Program Completed Sample
Security Audit Program Summary Completed Sample
Ordering: Order Online - http://www.researchandmarkets.com/reports/3009116/
Order by Fax - using the form below
Order by Post - print the order form below and send to Research and Markets,
Page 1 of 2
Fax Order Form
To place an order via fax simply print this form, fill in the information below and fax the completed form to 646-607-1907 (from USA) or +353-1-481-1716 (from Rest of World). If you have any questions please visit
http://www.researchandmarkets.com/contact/
Order Information
Please verify that the product information is correct and select the format(s) you require.
Product Formats
Please select the product formats and quantity you require:
Contact Information
Please enter all the information below in BLOCK CAPITALS
Product Name: Security Audit Program - ISO 28000, 27001, & ISO 27002 / HIPAA / SOX PCI-DSS Compliant
Web Address: http://www.researchandmarkets.com/reports/3009116/
Office Code: SC
Quantity
Electronic (PDF)
-Single User: USD 299
Electronic (PDF)
-Enterprisewide: USD 499
Title: Mr Mrs Dr Miss Ms Prof
First Name: Last Name:
Email Address: * Job Title: Organisation: Address: City:
Postal / Zip Code: Country:
Phone Number: Fax Number:
Page 2 of 2
Payment Information
Please indicate the payment method you would like to use by selecting the appropriate box.
Please fax this form to:
(646) 607-1907 or (646) 964-6609 - From USA
+353-1-481-1716 or +353-1-653-1571 - From Rest of World
Pay by credit card: You will receive an email with a link to a secure webpage to enter yourcredit card details.
Pay by check: Please post the check, accompanied by this form, to: Research and Markets,
Guinness Center, Taylors Lane, Dublin 8, Ireland.
Pay by wire transfer: Please transfer funds to:
Account number 833 130 83
Sort code 98-53-30
Swift code ULSBIE2D
IBAN number IE78ULSB98533083313083 Bank Address Ulster Bank,
27-35 Main Street, Blackrock, Co. Dublin, Ireland. If you have a Marketing Code please enter it below:
Marketing Code:
