The following 170 items are listed by Content Data.
Policies & Procedures
IT Equipment and Information Control Policy
This policy sample establishes guidelines and procedures common to effective company equipment and system information pr...
Subscriber Content
Methodologies & Models
Access Controls Capability Maturity Model (CMM)
This capability maturity model can be used to measure the maturity of an organization’s access controls process and to a...
Subscriber Content
Methodologies & Models
Identity Access Management Capability Maturity Model (CMM)
This capability maturity model can be used to measure the maturity of an organization’s identity access management proce...
Subscriber Content
Policies & Procedures
Systems Audit Logging and Monitoring Policy
This sample policy is designed to help organizations define and comply with system audit logging and monitoring requirem...
Subscriber Content
Benchmarking Tools
Transaction Authority Risk Key Performance Indicators (KPIs)
This tool contains performance measures and questions an organization can use to enforce and ensure the validity of tran...
Subscriber Content
Audit Programs
Application Security Review and Testing Audit Work Program
This tool includes two sample audit programs that provide steps organizations can take to facilitate an application secu...
Subscriber Content
Policies & Procedures
Separation of Duties Policy
In this sample policy, we outline the standards for applying separation of duties to protect a company’s information ass...
Subscriber Content
Policies & Procedures
Telecommunication Usage Policy
This sample policy defines guidelines and procedures organizations should follow when using telecommunications systems.
Subscriber Content
Audit Programs
Enterprise Resource Planning Security Audit Work Program
In this work program sample, we list general best-practice steps for the enterprise resource planning security process.
Subscriber Content
Checklists & Questionnaires
Sarbanes-Oxley Testing Documentation Questionnaire
This tool includes questions to consider when documenting Sarbanes-Oxley (SOX) testing procedures, results and recommend...
Subscriber Content
Policies & Procedures
Network Access Control Devices Policy
The purpose of this sample policy is to ensure that all company network devices and firewalls are properly identified an...
Subscriber Content
Policies & Procedures
Encryption Key Policy
This tool contains two sample policies that establish guidelines for use of encryption to secure company information ass...
Subscriber Content