The thirteen layers of e-security described in The World Bank publication covers both the hardware and software pertaining to network infrastructures. These 13 layers comprise a matrix, which manages the externalities associated with open architecture environments.

1. Risk Management—A broad based framework for managing assets and relevant risks to those assets.

2. Policy Management- A program should control Bank policy and procedural guidelines vis-à-vis employee computer usage.

3. Cyber-Intelligence- Experienced threat and technical intelligence analysis regarding threats, vulnerabilities, incidents, and countermeasure should provide timely and customized reporting to prevent a security incident before it occurs.

4. Access Controls/Authentication—Establish the legitimacy of a node or user before allowing access to requested information. The first line of defense is access controls; these can be divided in to passwords, tokens, biometrics, and public key infrastructure (PKI).

5. Firewalls—Create a system or combination of systems that enforces a boundary between two or more networks.

Download Free FERC-NERC ISO 27002 Policy Map. This document explain how specific policy topic ISO 17799/27001 map to the cyber security requirements of the Mandatory Reliability Standards for Critical Infrastructure Protection from Federal Energy Regulatory Commission (FERC).

Download Free IT Security Awareness and Training Program Plan Templates. This templates consist of explanation and sample of Background of the Awareness and Training Program such as: OMB A-130, Appendix III, Federal Information Security Management Act (FISMA) or Specific department and/or agency policy (and other relevant information or rationale that may drive an awareness and training program and plan). This template also give complete

Download free HIPAA, PCIDSS and ISO27001 Password Security Policy Templates. This Templates covering basic security policy such as:
- To keep passwords confidential, which includes in no circumstances giving them to a third party, whatever the ostensible reason.

- To avoid keeping any paper or electronic record of passwords (unless this can be securely stored – which means encryption and strong, two-factor access control protection).

Download free SAS 70 (Statement on Auditing Standards no 70) for Data Center Physical Security Checklist. This checklist could be used to assess whether your Data Center already have enough security level against threat. This checklist cover access control