Documents: Difference between revisions

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search
No edit summary
 
(17 intermediate revisions by 3 users not shown)
Line 1: Line 1:
=='''Sample Templates'''==
Looking for a comprehensive set of enterprise policies to develop on your own? How about a complete set that are customized to your needs delivered in minutes? Take a look at [http://policymachine.com The Policy Machine - a Lazarus Alliance service.]<br>
<br>
[[File:policymachine-170x170.png]]<br>
<br>
'''Work smarter, not harder!'''<br>
<br>
<br>
[[Image:HORSE-document-heirarchy.jpg|thumb|left|200px|Illustration one of one.]]
<br style="clear:both" /><br>
== Adaptive Policy Best Practices ==
== Adaptive Policy Best Practices ==
This section provides sample policy framework templates (for example, policies, standards, and technical standards) that are needed to create, implement, and maintain a best practice, risk management-based information security program.<br>
This section provides sample policy framework templates (for example, policies, standards, and technical standards) that are needed to create, implement, and maintain a best practice, risk management-based information security program.<br>
<br>
<br>
Line 26: Line 26:
:The International Organization for Standardization Security Standard (ISO 17799) is an internationally recognized information Security Management standard consisting of security clauses, controls, and objectives comprising best practices in information security. This section highlights the templates from the Best Practice Policy Framework library (for example, policy and standards controls)that are needed to create, implement, and maintain an Information Security Program that complies with ISO 17799.<br>
:The International Organization for Standardization Security Standard (ISO 17799) is an internationally recognized information Security Management standard consisting of security clauses, controls, and objectives comprising best practices in information security. This section highlights the templates from the Best Practice Policy Framework library (for example, policy and standards controls)that are needed to create, implement, and maintain an Information Security Program that complies with ISO 17799.<br>
<br>
<br>
--[[User:Mdpeters|Mdpeters]] 08:14, 14 July 2006 (EDT)


== Adaptive Technology Best Practices ==
== Adaptive Technology Best Practices ==
Line 36: Line 35:
:[[Operating System Best Practice Configuration Samples:|'''Operating System Best Practice Configuration Samples''']]
:[[Operating System Best Practice Configuration Samples:|'''Operating System Best Practice Configuration Samples''']]
:This section provides configuration samples and recommendations for applying secure best practices to various operating systems.<br>
:This section provides configuration samples and recommendations for applying secure best practices to various operating systems.<br>
<br>
:[[Infrastructure Best Practice Configuration Samples:|'''Infrastructure System Best Practice Configuration Samples''']]
:This section provides configuration samples and recommendations for applying secure best practices to infrastructure elements.<br>
<br>
<br>
:[[Business Application Best Practice Configuration Samples:|'''Business Application Best Practice Configuration Samples''']]
:[[Business Application Best Practice Configuration Samples:|'''Business Application Best Practice Configuration Samples''']]
Line 43: Line 45:
:This section provides sample guidance and recommendations for constructing and applying an Enterprise level Open-Source usage Policy.<br>
:This section provides sample guidance and recommendations for constructing and applying an Enterprise level Open-Source usage Policy.<br>
<br>
<br>
--[[User:Mdpeters|Mdpeters]] 10:54, 16 November 2006 (EST)


==See Also==
==See Also==
[[Business-IT_Alignment | Business to IT Alignment]]
[[Business-IT_Alignment | Business to IT Alignment]]<br>
[[Legal-Technology_White_Papers | Legal Technology White Papers]]<br>


==References==
==References==

Latest revision as of 11:39, 30 May 2015

Looking for a comprehensive set of enterprise policies to develop on your own? How about a complete set that are customized to your needs delivered in minutes? Take a look at The Policy Machine - a Lazarus Alliance service.



Work smarter, not harder!

Adaptive Policy Best Practices

This section provides sample policy framework templates (for example, policies, standards, and technical standards) that are needed to create, implement, and maintain a best practice, risk management-based information security program.

Adaptive Best Practices Policy Samples
This section provides Policy Framework templates (for example, policies, standards, and technical standards) that are needed to create, implement, and maintain a best practice, risk management-based Information Security Program.


Sarbanes-Oxley Policy Samples
Section 404 of the Sarbanes-Oxley Act (SOX) requires companies to document their financial and Information Technology (IT) controls and attest to the effectiveness of the controls on an annual basis. This section highlights the templates from the Best Practice Policy Framework library (for example, policy and standards controls) that are needed to create, implement, and maintain an risk management-based Information Security Program that complies with SOX Section 404.


Gramm-Leach-Bliley Policy Samples
The Gramm-Leach-Bliley Act (GLBA) mandates that financial organizations take specific actions to protect the security (and privacy) of customer information. This section highlights the templates from the Best Practice Policy Framework library (for example, policy and standards controls) that are needed to create, implement, and maintain an Information Security Program that complies with GLBA.


Health Insurance Portability and Accountability Policy Samples
Subpart C Section 164.306 (c) of the Health Insurance Portability and Accountability Act (HIPAA) requires covered entities to comply with specific security standards with respect to all electronic protected health information. This section highlights the templates from the Best Practice Policy Framework library (for example, policy and standards controls) that are needed to create, implement, and maintain an Information Security Program that complies with HIPAA.


Payment Card Industry Policy Samples
In 2004, the original VISA CISP requirements were incorporated into an industry standard known as as the Payment Card Industry (PCI) Data Security Standard. This new consolidated standard is endorsed by VISA.


International Organization for Standardization Security Standard Policy Samples
The International Organization for Standardization Security Standard (ISO 17799) is an internationally recognized information Security Management standard consisting of security clauses, controls, and objectives comprising best practices in information security. This section highlights the templates from the Best Practice Policy Framework library (for example, policy and standards controls)that are needed to create, implement, and maintain an Information Security Program that complies with ISO 17799.


Adaptive Technology Best Practices

This section provides sample policy framework templates (for example, policies, standards, and technical standards) that are needed to create, implement, and maintain a best practice, risk management-based information security program.

Database Application Best Practice Configuration Samples
This section provides configuration samples and recommendations for applying secure best practices to database applications.


Operating System Best Practice Configuration Samples
This section provides configuration samples and recommendations for applying secure best practices to various operating systems.


Infrastructure System Best Practice Configuration Samples
This section provides configuration samples and recommendations for applying secure best practices to infrastructure elements.


Business Application Best Practice Configuration Samples
This section provides configuration samples and recommendations for applying secure best practices to various business applications.


Enterprise Open-Source Policy Guidance
This section provides sample guidance and recommendations for constructing and applying an Enterprise level Open-Source usage Policy.


See Also

Business to IT Alignment
Legal Technology White Papers

References

NISPOM: National Industrial Security Program Operating Manual
DCIDs: Director of Central Intelligence Directives

  • In specific examine section six (6) under security.