Business Practical Security
()
About this ebook
The manual contains template policies, standards, guidelines, and risk management tools. The publication is not a read Front-to-Back book. It contains actual documents which have been successfully implemented and still in use today by numerous organizations.
The manual is organized to facilitate an Information Security Program to achieve regulatory compliance such as Sarbanes-Oxley, HIPAA, GLBA, and PCI/DSS. Adherence to ISO/27000 and the National Institute of Standards Technology (NIST) has been applied.
The publication interacts with business continuity and disaster recovery planning through a business impact assessment tool.
J. Brantley Briegel CISSP CISM CHSP
J. Brantley Briegel has worked in the field of information security and technology for over twenty-five years. He is a Security Architect and has built successful security consulting practices within professional organizations. He has implemented formal information security programs in numerous organizations. Through this published Business Practical Security program Brantley and his associates have: - defined appropriate directives for executive approval - performed security training for executive management, employees, & security administrators - conducted ongoing security testing & assessments - performed the defined security administrative processes The integrated documents in this publication has evolved and been refined over two and a half decades of Real-World application. If you are developing, accessing, or auditing your organization’s security posture, you have found the right resource.
Related to Business Practical Security
Related ebooks
Nine Steps to Success: An ISO27001:2013 Implementation Overview Rating: 1 out of 5 stars1/5Information Security for Small and Midsized Businesses Rating: 0 out of 5 stars0 ratingsInformation Security Governance: A Practical Development and Implementation Approach Rating: 0 out of 5 stars0 ratingsInformation Protection Playbook Rating: 0 out of 5 stars0 ratingsAssessing Information Security: Strategies, Tactics, Logic and Framework Rating: 5 out of 5 stars5/5Building a Practical Information Security Program Rating: 5 out of 5 stars5/5Information Security Breaches: Avoidance and Treatment based on ISO27001 Rating: 0 out of 5 stars0 ratingsData Breach Preparation and Response: Breaches are Certain, Impact is Not Rating: 0 out of 5 stars0 ratingsInfosec Management Fundamentals Rating: 5 out of 5 stars5/5Cyber Intelligence-Driven Risk: How to Build and Use Cyber Intelligence for Business Risk Decisions Rating: 0 out of 5 stars0 ratingsThe Case for ISO27001:2013 Rating: 1 out of 5 stars1/5Security Operations: CISSP, #7 Rating: 0 out of 5 stars0 ratingsCyber Security: Essential principles to secure your organisation Rating: 0 out of 5 stars0 ratingsHow Cyber Security Can Protect Your Business: A guide for all stakeholders Rating: 0 out of 5 stars0 ratingsSecurity and Risk Management: CISSP, #1 Rating: 4 out of 5 stars4/5The Manager's Handbook for Business Security Rating: 0 out of 5 stars0 ratingsThe Chief Information Security Officer: Insights, tools and survival skills Rating: 1 out of 5 stars1/5Building an Effective Cybersecurity Program, 2nd Edition Rating: 0 out of 5 stars0 ratingsCyber Essentials: A Pocket Guide Rating: 5 out of 5 stars5/5Secure Your Business: Insights to Governance, Risk, Compliance & Information Security Rating: 0 out of 5 stars0 ratingsThe Cybersecurity Maturity Model Certification (CMMC) – A pocket guide Rating: 0 out of 5 stars0 ratingsCertified Cybersecurity Compliance Professional Rating: 5 out of 5 stars5/5Corporate Security Management: Challenges, Risks, and Strategies Rating: 5 out of 5 stars5/5We Need To Talk: 52 Weeks To Better Cyber-Security Rating: 0 out of 5 stars0 ratingsAuthorizing Official Handbook: for Risk Management Framework (RMF) Rating: 0 out of 5 stars0 ratingsApplication security in the ISO27001:2013 Environment Rating: 4 out of 5 stars4/5Risk Management and Information Systems Control Rating: 5 out of 5 stars5/5Modern Cybersecurity Practices: Exploring And Implementing Agile Cybersecurity Frameworks and Strategies for Your Organization Rating: 0 out of 5 stars0 ratings
Business For You
Emotional Intelligence: Exploring the Most Powerful Intelligence Ever Discovered Rating: 5 out of 5 stars5/5The Everything Guide To Being A Paralegal: Winning Secrets to a Successful Career! Rating: 5 out of 5 stars5/5Tools Of Titans: The Tactics, Routines, and Habits of Billionaires, Icons, and World-Class Performers Rating: 4 out of 5 stars4/5Your Next Five Moves: Master the Art of Business Strategy Rating: 5 out of 5 stars5/5The Intelligent Investor, Rev. Ed: The Definitive Book on Value Investing Rating: 4 out of 5 stars4/5The Richest Man in Babylon: The most inspiring book on wealth ever written Rating: 5 out of 5 stars5/5Becoming Bulletproof: Protect Yourself, Read People, Influence Situations, and Live Fearlessly Rating: 4 out of 5 stars4/5Grant Writing For Dummies Rating: 5 out of 5 stars5/5Limited Liability Companies For Dummies Rating: 5 out of 5 stars5/5Crucial Conversations Tools for Talking When Stakes Are High, Second Edition Rating: 4 out of 5 stars4/5Collaborating with the Enemy: How to Work with People You Don’t Agree with or Like or Trust Rating: 4 out of 5 stars4/5The Book of Beautiful Questions: The Powerful Questions That Will Help You Decide, Create, Connect, and Lead Rating: 4 out of 5 stars4/5Company Rules: Or Everything I Know About Business I Learned from the CIA Rating: 4 out of 5 stars4/5Good to Great: Why Some Companies Make the Leap...And Others Don't Rating: 4 out of 5 stars4/5Lying Rating: 4 out of 5 stars4/5The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers Rating: 4 out of 5 stars4/5Money. Wealth. Life Insurance. Rating: 5 out of 5 stars5/5Robert's Rules Of Order Rating: 5 out of 5 stars5/5Crucial Conversations: Tools for Talking When Stakes are High, Third Edition Rating: 4 out of 5 stars4/5Confessions of an Economic Hit Man, 3rd Edition Rating: 5 out of 5 stars5/5Capitalism and Freedom Rating: 4 out of 5 stars4/5How to Get Ideas Rating: 5 out of 5 stars5/5Set for Life: An All-Out Approach to Early Financial Freedom Rating: 4 out of 5 stars4/5Robert's Rules of Order: The Original Manual for Assembly Rules, Business Etiquette, and Conduct Rating: 4 out of 5 stars4/5High Conflict: Why We Get Trapped and How We Get Out Rating: 4 out of 5 stars4/5The Catalyst: How to Change Anyone's Mind Rating: 4 out of 5 stars4/5
Reviews for Business Practical Security
0 ratings0 reviews
Book preview
Business Practical Security - J. Brantley Briegel CISSP CISM CHSP
Copyright © 2020 J. Brantley Briegel, CISSP, CISM, CHSP.
All rights reserved. No part of this book may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying, recording, taping or by any information storage retrieval system without the written permission of the author except in the case of brief quotations embodied in critical articles and reviews.
iUniverse
1663 Liberty Drive
Bloomington, IN 47403
www.iuniverse.com
1-800-Authors (1-800-288-4677)
Because of the dynamic nature of the Internet, any web addresses or links contained in this book may have changed since publication and may no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect the views of the publisher, and the publisher hereby disclaims any responsibility for them.
Any people depicted in stock imagery provided by Getty Images are models,
and such images are being used for illustrative purposes only.
Certain stock imagery © Getty Images.
ISBN: 978-1-5320-8580-2 (sc)
ISBN: 978-1-5320-8581-9 (e)
iUniverse rev. date: 02/07/2020
Contents
Introduction
About the Author
Acknowledgements
Manual Organization
Category 1 – Administrative Security Posture
Tab 1. Executive Security Policy
Tab 2. Security Policy, Process, Standard, & Procedure Requirements
Tab 3. Process Security Assessment
Tab 4. Information Identification & Classification Form
Tab 5. Information Flow Risk Assessment Form (Process Security Assessment)
Tab 6. Information Flow Risk Assessment Form
Tab 7. Risk Acceptance
Tab 8. Risk Acceptance Form
Tab 9. Security Posture Assessment
Category 2 – Security Awareness Training
Tab 10. General User Information Security Policy Acknowledgment
Tab 11. Technology & Information Security Policy Acknowledgment
Category 3 – Security Testing & Auditing
Tab 12. Security Processes, Exercises, Testing & Technical Solutions
Tab 13. Security Exercises Scheduling Form
Category 4 – Physical Security
Tab 14. Baseline Security Standard for Physical Security
Tab 15. Baseline Security Standard for Computer Rooms
Tab 16. Computer Room Access Form
Tab 17. System Security Functionality for Automated Platforms
Tab 18. Windows Security Baseline Standards
Tab 19. Baseline Security Standard for Unix
Tab 20. Baseline Security Standard for AS400
Tab 21. Baseline Security Standard for CISCO PIX
Tab 22. Baseline Security Standard for Wireless Access Points
Tab 23. Baseline Security Standard for IIS Web Server
Tab 24. Novell Security Baseline Standards
Tab 25. Check Point FireWall – 1
Tab 26. Applications Security Baseline Standards
Category 6 – Business Continuity/Incident Response
Tab 27. Business Impact Assessment Form
Tab 28. Incident Response Procedure
Tab 29. Evidence Log Form
Category 7 – HIPAA Documentation
Tab 30. Information Security Master Guideline
Tab 31. Privacy Sanctions Policy
Tab 32. HIPAA - Information Flow Risk Assessment
Tab 33. Notice of Privacy Practices
Tab 34. HIPAA Document Retention
Tab 35. Business Associate Contract Language
Tab 36. Business Associate Agreement (External)
Tab 37. Business Association Agreement (Internal)
Tab 38. Privacy Complaint Form
Tab 39. Authorized Use and Disclosures of PHI
Tab 40. HIPAA Tracking and Logging
Tab 41. PHI Review & Correction Request
Tab 42. HIPAA Implementation Check List
Tab 43. HIPAA Organizational Structure Guideline
Tab 44. Responding to Secretary of HHS Regarding HIPPA
Tab 45. Privacy Code Authorization Form
Glossary
87842.pngabbreviated%20Bull%20Logo.jpg‘A Proven Program and Business Model for Security’
J. Brantley Briegel, CISSP, CISM, CHSP
Acknowledgements
Thanks to all the talented associates I’ve worked with in the Information Technology and Risk Management field. These include associates I worked with during fulltime positions at the Federal Reserve Bank of Kansas City, H&R Block, Inc. Liberty Hospital, and Collective Brands.
Special thanks to Michelle Sperle MBA, CISSP and Rob Harvey CISSP, PCI ISA, PCIP who have been instrumental in my career. Their support was invaluable to produce this proven security business model and risk management manual. Together we provided security consulting and technical security services throughout the United States.
My mother Barbra Briegel who’s significant efforts of proofing, editing, and marketing was key to the establishment of Business Practical Security, Inc. (BPSI). Her contributions were essential to launch the publication arm of BPSI. Thank you.
I express much gratitude to iUniverse, and specifically Leo Collins for fantastic publishing services bringing Business Practical Security publications to fruition.
J. Brantley Briegel,
Business Practical Security, Inc.
abbreviated%20Bull%20Logo.jpg