download

Download Free North American Reliability Corp. (NERC) Critical Infrastructure Protection (CIP) Security Audit Checklist. This Audit Checklist cover minimum NERC-CIP IT Security Requirements such as:

Electronic Security (CIP-002, 003, 005, 007, 009)
Under these standards, utilities must:
- Maintain an inventory of all electronics that either are part of the critical assets list or are necessary to the operation of critical assets.
- Protect access to these critical cyber-assets on a need-to-know basis.
- Create an electronic security perimeter that prevents unauthorized users from accessing any critical cyber-asset, whether they are outside or inside the corporate network.
- Ensure that all electronic cyber-assets are secure via user account management, equipment, password management, and secure networking policies.
- Implement and test a critical cyber-asset recovery plan.

Download Free Business Continuity and Emergency Respon Plan Alignment Checklist

- How frequently do the program owners meet to discuss program issues and concerns?
- Have the program owners jointly met with local Emergency Response authorities to build a consensus on how events of various magnitudes can be managed best for both immediate and long-term impacts?
- Does the Emergency Response coordinator have sufficient influence to alter Business Continuity strategies if warranted, and vice versa?

Download Free SAS70 Outsourcing Project Implementation Contracts Evaluation Checklist

Purpose
This section describes in simple terms the purpose of the evaluation, how it relates to the customer, and the benefits the organization will receive from the evaluation process. It is essential that you use common terminology relevant to the organization to ensure that this material is understood.

Methodology
This section describes the methodology that will be used to conduct the evaluation. This is a good place to emphasize the IEM as a standard methodology to conduct technical INFOSEC evaluations, developed and approved by the National Security Agency. This section includes the phases, processes, and steps to be used during the evaluation.

Scope
This section is a detailed demonstration of the level of effort, boundaries, and limitations of the evaluation. Appropriate assumptions are a critical part of the scoping process. The scope section provides a detailed listing of known assumptions affecting the evaluation. Assumptions are critical in demonstrating an understanding of the customer environment and detailing how that environment will affect the evaluation. The types of assumptions may include number of physical locations, number and type of systems, number and type of networks, relevant POC information, information about scheduling of the technical scans and conducting the 10 baseline IEM activities, and any associated constraints that can be listed as assumptions.

Roles and responsibilities of customer staff

Download Free Access Control Supervision and Review

- Determine if the organization supervises and reviews the activities of users with respect to the enforcement and usage of information system access controls.

- Examine access control policy, procedures addressing supervision and review of access control enforcement and usage, security plan or other relevant documents; reviewing for the measures to be employed to supervise and review user activities with respect to the enforcement and usage of information system access controls.

Download Free ISO 27001/ISO17799 Wireless LAN Security Summary

1. Develop an agency security policy that addresses the use of wireless technology, including 802.11.
A security policy is the foundation on which other countermeasures—the operational and technical ones—are rationalized and implemented. A documented security policy allows an organization to define acceptable architecture, implementation, and uses for 802.11 wireless technologies.

2. Ensure that users on the network are fully trained in computer security awareness and the risks associated with wireless technology (e.g., 802.11).
A security awareness program helps users to establish good security practices to prevent inadvertent or malicious intrusions into an organization’s information systems.