Business Practical Security

By J. Brantley Briegel CISSP CISM CHSP

A complete and proven Information Security Program manual used by numerous organizations to apply practical security controls. The Business Practical Security manual has been customized and implemented in industries such as financial, legal, medical, government, engineering, manufacturing, education, religion, nonprofit, advertising, broadcasting, and more.

The manual contains template policies, standards, guidelines, and risk management tools. The publication is not a read Front-to-Back book. It contains actual documents which have been successfully implemented and still in use today by numerous organizations.

The manual is organized to facilitate an Information Security Program to achieve regulatory compliance such as Sarbanes-Oxley, HIPAA, GLBA, and PCI/DSS. Adherence to ISO/27000 and the National Institute of Standards Technology (NIST) has been applied.

The publication interacts with business continuity and disaster recovery planning through a business impact assessment tool.

• Language: English
• Publisher: iUniverse
• Release date: Feb 7, 2020
• ISBN: 9781532085819

J. Brantley Briegel CISSP CISM CHSP

J. Brantley Briegel has worked in the field of information security and technology for over twenty-five years. He is a Security Architect and has built successful security consulting practices within professional organizations. He has implemented formal information security programs in numerous organizations. Through this published Business Practical Security program Brantley and his associates have: - defined appropriate directives for executive approval - performed security training for executive management, employees, & security administrators - conducted ongoing security testing & assessments - performed the defined security administrative processes The integrated documents in this publication has evolved and been refined over two and a half decades of Real-World application. If you are developing, accessing, or auditing your organization’s security posture, you have found the right resource.

Book preview

Copyright © 2020 J. Brantley Briegel, CISSP, CISM, CHSP.

All rights reserved. No part of this book may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying, recording, taping or by any information storage retrieval system without the written permission of the author except in the case of brief quotations embodied in critical articles and reviews.

iUniverse

1663 Liberty Drive

Bloomington, IN 47403

www.iuniverse.com

1-800-Authors (1-800-288-4677)

Because of the dynamic nature of the Internet, any web addresses or links contained in this book may have changed since publication and may no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect the views of the publisher, and the publisher hereby disclaims any responsibility for them.

Any people depicted in stock imagery provided by Getty Images are models,

and such images are being used for illustrative purposes only.

Certain stock imagery © Getty Images.

ISBN: 978-1-5320-8580-2 (sc)

ISBN: 978-1-5320-8581-9 (e)

iUniverse rev. date:   02/07/2020

Contents

Introduction

About the Author

Acknowledgements

Manual Organization

Category 1 – Administrative Security Posture

Tab 1.   Executive Security Policy

Tab 2.   Security Policy, Process, Standard, & Procedure Requirements

Tab 3.   Process Security Assessment

Tab 4.   Information Identification & Classification Form

Tab 5.   Information Flow Risk Assessment Form (Process Security Assessment)

Tab 6.   Information Flow Risk Assessment Form

Tab 7.   Risk Acceptance

Tab 8.   Risk Acceptance Form

Tab 9.   Security Posture Assessment

Category 2 – Security Awareness Training

Tab 10.   General User Information Security Policy Acknowledgment

Tab 11.   Technology & Information Security Policy Acknowledgment

Category 3 – Security Testing & Auditing

Tab 12.   Security Processes, Exercises, Testing & Technical Solutions

Tab 13.   Security Exercises Scheduling Form

Category 4 – Physical Security

Tab 14.   Baseline Security Standard for Physical Security

Tab 15.   Baseline Security Standard for Computer Rooms

Tab 16.   Computer Room Access Form

Tab 17.   System Security Functionality for Automated Platforms

Tab 18.   Windows Security Baseline Standards

Tab 19.   Baseline Security Standard for Unix

Tab 20.   Baseline Security Standard for AS400

Tab 21.   Baseline Security Standard for CISCO PIX

Tab 22.   Baseline Security Standard for Wireless Access Points

Tab 23.   Baseline Security Standard for IIS Web Server

Tab 24.   Novell Security Baseline Standards

Tab 25.   Check Point FireWall – 1

Tab 26.   Applications Security Baseline Standards

Category 6 – Business Continuity/Incident Response

Tab 27.   Business Impact Assessment Form

Tab 28.   Incident Response Procedure

Tab 29.   Evidence Log Form

Category 7 – HIPAA Documentation

Tab 30.   Information Security Master Guideline

Tab 31.   Privacy Sanctions Policy

Tab 32.   HIPAA - Information Flow Risk Assessment

Tab 33.   Notice of Privacy Practices

Tab 34.   HIPAA Document Retention

Tab 35.   Business Associate Contract Language

Tab 36.   Business Associate Agreement (External)

Tab 37.   Business Association Agreement (Internal)

Tab 38.   Privacy Complaint Form

Tab 39.   Authorized Use and Disclosures of PHI

Tab 40.   HIPAA Tracking and Logging

Tab 41.   PHI Review & Correction Request

Tab 42.   HIPAA Implementation Check List

Tab 43.   HIPAA Organizational Structure Guideline

Tab 44.   Responding to Secretary of HHS Regarding HIPPA

Tab 45.   Privacy Code Authorization Form

Glossary

87842.pngabbreviated%20Bull%20Logo.jpg

‘A Proven Program and Business Model for Security’

J. Brantley Briegel, CISSP, CISM, CHSP

Acknowledgements

Thanks to all the talented associates I’ve worked with in the Information Technology and Risk Management field. These include associates I worked with during fulltime positions at the Federal Reserve Bank of Kansas City, H&R Block, Inc. Liberty Hospital, and Collective Brands.

Special thanks to Michelle Sperle MBA, CISSP and Rob Harvey CISSP, PCI ISA, PCIP who have been instrumental in my career. Their support was invaluable to produce this proven security business model and risk management manual. Together we provided security consulting and technical security services throughout the United States.

My mother Barbra Briegel who’s significant efforts of proofing, editing, and marketing was key to the establishment of Business Practical Security, Inc. (BPSI). Her contributions were essential to launch the publication arm of BPSI. Thank you.

I express much gratitude to iUniverse, and specifically Leo Collins for fantastic publishing services bringing Business Practical Security publications to fruition.

J. Brantley Briegel,

Business Practical Security, Inc.

abbreviated%20Bull%20Logo.jpg