security

ITIL V3 (Information Technology Infrastructure Library) Roles and Responsibilities Templates

ITIL V3 roles within Service Strategy
- IT Steering Group (ISG)
- Financial Manager
- Service Portfolio Manager

ITIL V3 roles within Service Design
- Service Catalogue Manager
- Service Level Manager
- Service Owner
- Service Design Manager
- Applications Analyst/ Architect
- Technical Analyst/ Architect
- Risk Manager
- Capacity Manager
- Availability Manager
- IT Service Continuity Manager
- IT Security Manager
- Compliance Manager
- IT Architect

Wireless and Mobile Network Security Personal Risk and Control Templates

1. Read access to private data
this risk includes unauthorized reading of the consumed, produced or transmitted content. An example is wire tapping or snooping, i.e. a passive reading of data during their transmission over a telecommunications network. Motivated by privacy protection, this category also includes read access to administrative data related to the access profile (such as personal identity, location, use statistics and billing).

2. Modification of private data
an unnoticed change in the private data cited in the preceding section is a risk, because it can lead to taking control of the private data, to changes in usage statistics, accounting, etc. Note that depending on the used technology, modification does not necessarily imply read access. An example is the blind change of encrypted frames on a wireless link that uses the WEP encryption scheme according to the IEEE 802.11 standard.

3. Rogue services

The examination of physical security is focused on the physical security controls that surround the facility and the computer systems used to provide the service. The auditors will look for the following items:
- Identification badges on all personnel
- Restriction of sensitive areas to authorized individuals
- Escorting of visitors
- Logging of visitors

SAS 70 Personnel Management Security Examination Audit
The auditors will examine the ways in which the organization checks up on its own personnel and employees. This is not to say that the organization should not trust its own employees but that it should take pains to determine the trustworthiness of its employees and to not put them into positions where a mistake can cause inappropriate damage to the organization or a customer.

When examining personnel management issues, the auditors will look for:
- Background checks performed during the hiring process
- Non-disclosure agreements with employees and contractors

1. Is the signal energy mechanical or electromagnetic? Sound energy is mechanical and radio frequency/microwave and optical/laser transmissions are electromagnetic.

2. What is the signal carrier frequency and bandwidth? The bandwidth of speech ranges from 20 Hz to 20 KHz but radio frequency transmitter frequencies can vary tremendously depending on the device. The power of the radiated signal is an important factor in estimating vulnerability to unauthorized signal detection that potentially leads to information loss.

3. What are the intervening materials between the signal source and the receive location? Recognize that signals often take multiple indirect routes in arriving at a destination. Understanding the effect of materials as a function of signal frequency will enhance the accuracy of estimates of the vulnerability component of risk.

There are different levels of clearance that individuals are subject to depending on the nature, sensitivity, and duration of access to information, assets and personnel.

Basic Check
These are not formal security clearances. A basic check (BC) provides only a basic level of assurance about the trustworthiness and integrity of individuals whose work may involve access to CONFIDENTIAL assets or information. For individuals who will definitely be working with protectively marked data, a higher clearance is usually sought. The check is carried out by reviewing official identity documents and sometimes references. The goal of a BC is to verify the following:
- Identity
- Signature
- Address
- Employment history
- Education.

Counter-Terrorism Check