Tess SECURITY SOLUTION LEADER  

Developed Templates for Policies. Guidelines, Checklists,  and Processes

Why not pay for customization rather than development?

-You will need Acrobat Reader to review these papers-

Background

Policies-Guidelines-Checklists

Processes

Very few Users and Managers read and comply with formal security policies, Tess has developed a methodology to integrate security policy into the User and Manager daily job performance.  These are know as security processes, which give specific instruction to each player to ensure compliance.  With these processes the culture of an organization can be changed and security becomes part of the  daily job performance.  

This methodology was developed by Mr. Kobus in 1997 and has helped organizations not only change their security culture but ensure a return on security investment (ROSI).   

 

  1. Security Management Policy PDF 

  2. Security Audit Policy PDF

  3. Cryptography Policy PDF

  4. Communications Policy PDF

  5. Certification and Accreditation Policy PDF

  6. Identification and Authentication Policy PDF

  7. User Data Protection Policy PDF

  8. Information Data Ownership Policy PDF

  9. Resource Utilization Policy PDF

  10. Data Classification Policy PDF

  11. Physical Security PDF

Security Guidelines

  1. Data Classification Matrix PDF
  2. C & A Security Requirements PDF
  3. Password PDF
  4. Software Licensing
  5. Audit/Logs
  6. E-Mail
  7. Copyright-Protection
  8. Approved Component
  9. Preventative Virus
  10. Shared Use ID
  11. Separation of Duties
  12. Securing Personal Computers
  13. Physical Security
  14. Modem & Analog Services
  15. Security Incident
  16. Information Handling Disposal
  17. Facsimile
  18. Information Security Awareness Handbook

Security Checklists

  1. Application Development PDF
  2. Workstations PDF
  3. Internet
  4. Servers
  5. LAN/WAN

 

Certification and Accreditation in the Development Life Cycle has three process documents, baseline security requirements checklist designed in SEI-CMM format, and two policies ( C&A and ownership) that explains and assigns responsibilities and accountability to the Data Owner, the Development Program Manager, User, and Information Security Officer.

  1. Determination of Sensitivity PDF
  2. Business Impact Analysis (BIA) PDF
  3. Certification and Accreditation  PDF

Identification and Authentication Process Document contains a formalized access control management system process.  The process details responsibility and accountability of assigning a User a log-on and Data Owner approval.

Computer Access Request Process PDF