Standard

Prepare for Disaster Recovery Plan for your company? here is some recommended list for free Disaster Recovery Plan template that would suitable for your need at no cost.

1. Disaster recovery Plan
Publisher: TechRepublic
TechRepublic provide free 23 pages template of DRP, this template could be replaced with your own scenario by replacing client1, client2 at the document. Complete enough for a small and medium company

2. Disaster Recovery Plan
Publisher: IBM
IBM provide free template for your Disaster Recovery Plan. Altough the design of DRP is based on IBM iseries but most of the template could be used in any type of application. The objective of a disaster recovery plan is to ensure that you can respond to a disaster or other emergency that affects information systems and minimize the effect on the operation of the business.

3. Business Resumption Plan
Publisher: Disaster Recovery Journal
DRJ provide a complete series of DRP document from
Development Guide, Recovery Team, Plan Development Checklist, to Business Recovery Plan DRJ also act as complete referrence for A-Z Disaster Recovery Matter

4. Contingency Planning Guide for Information Technology Systems
Publisher: National Institute of Standards and Technology
NIST also provide various document and template for information security matter

Payment Card Industry - Data Security Standards (PCI-DSS) is a set of standard for any company that stores, processes, or transmits cardholder data from VISA, Master Cards to American Express. Here's a six control objectives of PCI DSS, much more simpler than 34 control objectives at COBIT.

1. Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

2. Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks

Public Key Infrastructure is widely used in every business part right now. However PKI still facing a lot of challenges. Here is the challenges and solution for Public Key Infrastructure management.

Challenges

1. Not all applications are already PKI-enabled or PKI-aware. Given that PKI is an underlying infrastructure, non integration with various applications makes it more difficult to deploy.

2. PKI is based on the authentication, or trust, of the digital credential. The amount of effort for authentication can be significant for higher levels of trust.

3. Generally, consulting or specific skill sets are required for most major PKI implementations (whether they are outsourced or done in-house). Not all applications or PKIs are seamless and user-friendly due to poor integration with other applications.

4. The return on investment (ROI) for a PKI alone is zero given that it is an infrastructure and not a direct end-user application. The ROI must be based on the applications built on top of PKI. This is dependent on the points made previously.

Implementation security solution for HIPAA is a very challenging scenario. Listed below five basic considerations before implementing security solution for HIPAA.

1. Costs, which must be kept low on a per-user basis. IT is considered a support function and not necessarily a method of generating more revenue in the healthcare space.

2. Deployment method and costs. Given that there are many parties involved in a typical healthcare transaction (patient, doctor, nurse, administrator, HMO, hospital) having an easy-to-deploy system is essential. Frequent upgrades or replacements would become significantly expensive because most healthcare workers are so frequently mobile.

3. Compatibility with legacy systems. For example, many hospitals still use Novell as their primary network operating system and management tool. Yet in the corporate world, Novell is considered a very small segment of the market. As a result, solutions must take into account that backward compatibility must be maintained.

Tired with Sarbanes Oxley? There is still another regulatory compliance thing that should be prepared: USA Patriot Act, eDiscovery or HIPAA. So what's the differences? Any experience? With this compliances matter? This short explanation from SOX IT Compliances, Christian B. Lahti and Roderick Peterson 2007 maybe could help you.

USA Patriot Act of 2001

This act mainly eased restrictions and increased the ability of law enforcement agencies to search telephone and e-mail communications and medical, financial, and other records. The act also expanded the authority of law enforcement agencies to intercept wire, oral, and electronic communications relating to computer fraud and abuse offenses. Simply put, not only can law enforcement agencies intercept the stated information, they can also require that it be provided.

eDiscovery of 2006