The more information you have about the requirements of proper compliance, the more protected your business is from the threat of litigation and the resulting loss of revenue. To help you take an informed approach to security and compliance, we’ve gathered 15 essential tools and templates from our IT Downloads.
Click through for 15 tools and templates to aid in your compliance and security efforts, from the IT Business Edge IT Downloads.
Password Security, Protection and Management
With the many ways we use the Internet, it’s easy to consider some passwords less important than others. However, all passwords are important because wrongdoers can piece together the information you store online and use it for their benefit. They can even use information you share on social media networks. And commercial websites give customers the ability to store billing and shipping addresses along with credit card information. This paper offers recommendations for protecting your information by selecting strong passwords and storing and managing them safely.
Guide to the Secure Hash Standard
This standard specifies secure hash algorithms, SHA-1, SHA-224, SHA-256, SHA-384, SHA512, SHA-512/224 and SHA-512/256. All of the algorithms are iterative, one-way hash functions that can process a message to produce a condensed representation called a message digest. These algorithms enable the determination of a message’s integrity: Any change to the message will, with a very high probability, result in a different message digest. This property is useful in the generation and verification of digital signatures and message authentication codes, and in the generation of random numbers or bits.
Software License Compliance Policy
The city and county of San Francisco Committee on Information Technology (COIT) uses this policy to ensure that software use complies with all applicable laws. The policy establishes procedures aimed at preventing unlawful acquisition, reproduction, distribution or transmission of commercial computer software. These procedures include taking inventories of software installed on computers and developing and maintaining systems designed to keep track of software licenses.
Personal Mobile Device Remote White Waiver
There is no way to keep consumer technology from invading the enterprise. Compliance with a personal mobile device policy is the most important factor in mitigating the risk that this invasion brings. Info-Tech’s “Personal Mobile Device Remote Wipe Waiver” will help IT:
- Develop a codified agreement between IT and the end user that can be referred to should an issue arise.
- Clarify IT’s right to remote wipe personal mobile devices should the need arise.
Use this waiver to increase end-user compliance and maximize the potential for success.
Network Security Policy Template
This Network Security Policy Template, provided by Toolkit Cafe, provides companies with guidance for implementing network security to ensure the appropriate protection of corporate networks.
This template is part of a comprehensive IT Governance and Compliance Toolkit. This Toolkit is a collection of Microsoft Word forms, templates and instructional documents that help you assess and establish the crucial policies that you need to operate a secure and compliant IT organization.
Database Encryption Readiness Assessment
Data and communications encryption are often the responsibility of data center managers. Legislative compliance and growing demands from consumer privacy are forcing enterprises in all industries to encrypt their data. This Excel tool assesses the enterprise’s need and state of readiness for data encryption by:
- Conducting an extensive questionnaire
- Calculating the tipping points for requirements and readiness
Do not allow the enterprise to suffer the financially devastating effects of a data breach. Determine if data encryption is a fit for the company’s critical information.
Document Security Needs Assessment Tool
Assessing needs for document security can be a daunting challenge for any IT leader. Use this tool to help gain an understanding of your organization’s needs for a document security tool(s). This assessment asks you a series of questions about your:
- Organization and its documents
- Workflow procedures
- Internal vs. external business process orientation.
The foundation for this, or any, solid document security needs assessment is the concept of trust — how much confidence organizations must have in the authenticity of their documents and supporting workflows.
“E-Governance Is Good Governance” Excerpt
In “E-Governance Is Good Governance,” from “Internet Management for Nonprofits,” authors Dottie Schindlinger and Leanne Bergey define e-governance and examine how Web-based technologies like board portals can improve leadership and management.
While focusing on improving these qualities in the boards of non-profit organizations, these technologies have applicability in for-profit business as tools for facilitating document sharing, communication and collaboration. Sarbanes-Oxley and other legislation have goaded many companies to adopt e-governance principles in order to comply with transparency rules.
This excerpt was reprinted with permission of John Wiley & Sons, Inc. Ted Hart, “Internet Management for Nonprofits: Strategies, Tools, and Trade Secrets,” 2010.
IT Computer Equipment Security Policy
This IT Computer Equipment Security Policy helps companies establish rules for safeguarding computer equipment.
This template is part of a comprehensive IT Governance and Compliance Toolkit. This Toolkit is a collection of Microsoft Word forms, templates and instructional documents that help you assess and establish the crucial policies that you need to operate a secure and compliant IT organization.
System Integrity Best Practices
The two key components of system integrity are software authenticity and the assurance of user identity. US-CERT recommends that organizations routinely evaluate how to integrate these following best practices into their current environments to achieve these objectives.
These guidelines include:
- Enabling strong logging
- Limiting remote access
- Validating software and more
Wireless Access Point Policy
Wireless LANs are complicated enough to manage, never mind dealing with the possibility of rogue access points sapping bandwidth from legitimate users. Download Info-Tech’s wireless access point policy to help out lock down practices and procedures for installing APs across the organization.
Computer Forensics Overview
If you manage or administer information systems and networks, you should understand computer forensics. Forensics is the process of using scientific knowledge for collecting, analyzing and presenting evidence to the courts. (The word forensics means “to bring to the court.”) Forensics deals primarily with the recovery and analysis of latent evidence.
This paper will discuss the need for computer forensics to be practiced in an effective and legal way, outline basic technical issues, and point to references for further reading. It promotes the idea that the competent practice of computer forensics and awareness of applicable laws is essential for today’s networked organizations.
Sample Internet Usage Policy
The Internet lets you roam to almost any piece of information or data. However, that’s not always best in the business environment. Therefore, businesses often like to have a policy in place that addresses the use of the Internet.
This IT Download, provided by Toolkit Cafe, gives companies a set of guidelines in which to take, change and ultimately craft a policy that meets their own needs.
Sample Email and Virus Security Policy
Virus protection is one of the primary battles IT departments wage each day. Viruses actually hide themselves, often as macros, within other files, such as spreadsheets or Word documents. When an infected file is opened from a computer connected to the network, the virus can spread throughout the network and may damage it. So it’s important to have a solid policy detailing proper e-mail and virus security policies.
Ten Ways to Improve the Security of a New Computer
Our computers help us stay connected to the modern world. We use them for banking and bill paying, shopping, connecting with our friends and family through email and social networking sites, surfing the Internet and so much more. We rely so heavily on our computers to provide these services that we sometimes overlook their security. Because our computers have such critical roles in our lives and we trust them with so much personal information, it’s important to improve their security so we can continue to rely on them and keep our information safe.


















