Compliance

Download Free FERC-NERC ISO 27002 Policy Map. This document explain how specific policy topic ISO 17799/27001 map to the cyber security requirements of the Mandatory Reliability Standards for Critical Infrastructure Protection from Federal Energy Regulatory Commission (FERC).

Download free SAS 70 (Statement on Auditing Standards no 70) for Data Center Physical Security Checklist. This checklist could be used to assess whether your Data Center already have enough security level against threat. This checklist cover access control

This SAS 70 (Statement on Auditing Standards no 70) Compliance Procedure could be used to help you and your company complying against Statement of Auditing Standards. This step by step procedure covering SAS 70 Type I or Type II Field work. For example covering Initial discussion between service auditor and service organization for the purposes of understanding the scope, timing and final deliverables of the audit.

Different business applications have different security requirements. These are determined by identifying all the information that the business systems are carrying and through the individual risk assessments carried out for each critical business system; these risk assessments point at who should, and should not, be allowed access to the system.

Some information required for particular business applications may be processed by people who do not need access to the application itself (the ‘need-to-know’ principle in action). An example might be in an office workflow system, where the person who inputs a supplier delivery note to a purchase and payments application does not need access to the actual accounting or payment functions of the system. Such a person would need different access rights from those required by a person who triggers actual vendor payments.

A Communication Decency Act (CDA) bans the making of “indecent” or “patently offensive” material available to minors through computer networks. An act imposes a fine of up to $250,000 and imprisonment for up to two years. A CDA does specifically exempt from liability any person who provides access or connection to or form a facility, system, or network that is not under the control of the person violating the act. Also, the CDA specifically states that an employer shall not be held liable for the actions of an employee unless the employee’s conduct is within the scope of his or her employment.