Documents

Below some question audit checklist for backup process:

What SLAs are required for this server?
What is the role of this server? The role will have a direct impact on the backup options and requirements for it, and will directly feed into the remaining questions to be considered for servers. Sample server roles might include production, development, test, and quality assurance (QA).
Are there any special backup handling requirements for applications on the server?
Are there any special backup handling requirements for data on the server?
What times can the server be backed up?
What times are backups not allowed to occur?
What types of backups should this server receive? At minimum, most organizations will need to evaluate the necessity of the following:
Daily: What rotation between fulls, differentials, and incrementals are required?

Attached sample of Recovery Request form and Testing Acceptance form for backup and recovery activity. This templates is taken from Enterprise Systems Backup and Recovery a Corporate Insurance Policy. De Guise, Preston 2009

Any tips and suggestion? hope this document will be useful for your Information System Auditing Resources.

Once in a year our CEO always asks every department to create their strategic planning for the year ahead. IT of course, should make this document every year. So how and what is simple step by step method to create a good strategic plan.

Ok, I got this guidance from techrepublic, however I made some modification, excel based, so you can used it as guidance to create a good IT strategic plan. Basically IT strategic plan is capturing the current IT status and future IT projection with clear roadmap and KPI. So what I did is I made a simple outline as template and guidance for that IT strategic plan.

Enjoy

Network Vulnerability Assessment Checklist is a simple checklist for your Vulnerability Assessment Checklist. This checklist contain 100 controls that every security professional / auditor could used during walkthrough process on the network infrastructure.

The strength of this checklist is could get a big picture of the current network security status. However some of the controls is lack of focus. At least you can use this simple checklist as reference for your assessment. And this checklist would be more useful if its combine with others control that unique to your environment.

Any opinion with this? hope it could be useful for you. Enjoy, and don't forget to give us some comments

Reward and Recognize the Information Security initiatives of your staff - however, big or small. Keep them motivated in fostering an Information Security Culture and Awareness in the Organization

Above is one of free security awareness material which can be downloaded at CyberExchange - ISC2, a free resources from ISC2.org

The organization is subject to data retention requirements resulting from a mix of legal, industry, and business mandates. These data retention requirements govern the storage of the organization's information, records, and data. Regulations dictate that different data types be stored for specific periods. They also dictate the media storage format that must be used to store specific data types.

The organization's Data Retention Policy exists to ensure all organization information, records, and data are retained and stored in compliance with legal, industry, and business regulations. It includes a policy you can customize to meet your needs as well as a risk assessment spreadsheet you can use to judge just how much your organization is at risk by not having this policy in place.

Download Page

Establishing policies that protect your network from internal and external abuse is a critical component of your overall security plan. This Network Security Policy Quick Guide includes nine articles that demonstrate why implementing security policies will help cover your organization's legal bases. Plus, we included two customizable policy templates: Information Security Policy and Password Policy. Cover your assets with well-defined policies

Download Page

Auditing the activities on your network can be an eye-opening experience if corporate policies and procedures are not strictly enforced and monitored. The Network Auditing Quick Guide will give you sound advice on auditing your network for internal and external threats as well as documenting any suspicious activity that is discovered. This guide contains 13 articles and two customizable templates for employee termination and separation

Download Page

The next time your organization gets hit with an e-mail virus, don't panic. Stay calm and use this six-part checklist to follow the steps needed to identify the virus, remove it, and make notes that will help you avoid future infections.

Download Page

Creating documentation is time-consuming and boring. It's also essential to maintaining the health and continuity of your Windows network. If your network documentation is weak (or nonexistent), recording the key details will be well worth your time. This checklist will help guide you through the process of documenting your physical network, servers and server apps, and Active Directory configuration. This popular checklist has been reformatted for ease of use, and it also includes a collection of links to a variety of TechRepublic's other network documentation resources.

Download Page