Templates

Download Free IT Risk Assessment Report and Template Toolkit

This templates including Risk Register and IT Control for selected risk criteria such as:
Risk Assessment Matrix:
- Vulnerability
- Threat
- Risk
- Risk Sumary
- Risk Likelihood
- Rating
- Risk
- Impact
- Rating
- Overall Risk Rating
- Analysis ofRelevant Controls and Other Factors
- Recommendations

So basically what is the simplest approach for ITGC? do we should check every changes and modification in our application and infrastructure? or do we should only focus to significant one? The simplest approach is by using minimum requirement by the government/regulation. So here is some scope of ITGC based on Sarbanes Oxley Section 404

Program Development Program Change
Acquire or develop application software The organization's system development life cycle (SDLC) includes security, availability and processing integrity requirements of the organization.

Acquire or develop application software An adequate SDLC methodology has been established to serve as a basis for controlling development and maintenance activities, and the SDLC methodology is consistent with business and end-user strategies and objectives.

Logical Access
Ensure systems security An information security policy exists and has been approved by an appropriate level of executive management.

Below sample service level agreement (SLA) for supporting security event feeds from network devices. This sample SLA is arranged between the network support team (NetEng) and the team to whom security monitoring is assigned (InfoSec).

The purpose of this document is to clarify support responsibilities and expectations. Specifically, it outlines:
- Services provided by NetEng to support network security event recording for monitoring and incident response

- General levels of response, availability, and maintenance associated with these services

Incident Management is a sub process in ITIL that need to be implemented in every company for better IT operation. However there are a lot of concept or design that we can used to make incident management process become more simple and integrated. Above is an example of how incident management process flow would be performed

Attached sample of Recovery Request form and Testing Acceptance form for backup and recovery activity. This templates is taken from Enterprise Systems Backup and Recovery a Corporate Insurance Policy. De Guise, Preston 2009

Any tips and suggestion? hope this document will be useful for your Information System Auditing Resources.

Once in a year our CEO always asks every department to create their strategic planning for the year ahead. IT of course, should make this document every year. So how and what is simple step by step method to create a good strategic plan.

Ok, I got this guidance from techrepublic, however I made some modification, excel based, so you can used it as guidance to create a good IT strategic plan. Basically IT strategic plan is capturing the current IT status and future IT projection with clear roadmap and KPI. So what I did is I made a simple outline as template and guidance for that IT strategic plan.

Enjoy

Cobit for SOX compliance control template is simple excel tools that help you gain understanding about Sarbanes Oxley section 404 requirement versus Cobit (Control Objective of Information and Related Technologies)
Download

Establishing policies that protect your network from internal and external abuse is a critical component of your overall security plan. This Network Security Policy Quick Guide includes nine articles that demonstrate why implementing security policies will help cover your organization's legal bases. Plus, we included two customizable policy templates: Information Security Policy and Password Policy. Cover your assets with well-defined policies

Download Page

Auditing the activities on your network can be an eye-opening experience if corporate policies and procedures are not strictly enforced and monitored. The Network Auditing Quick Guide will give you sound advice on auditing your network for internal and external threats as well as documenting any suspicious activity that is discovered. This guide contains 13 articles and two customizable templates for employee termination and separation

Download Page