IT Security

Download Free ISO 27001 Data Security Protection Policy Statement Templates

Data must not be disclosed to a third party without the express consent of the data subject or owner. In practice this means that documents, information, or the means to access them, should not be given to others or to external individuals or agencies, including the police, unless in exceptional circumstances

Download Free IT Service Level Agreement Risk Analysis Template

1. RISK: SERVICE FAILURES.
a. Service level requirements (with associated liquidated damages in the event of a failure to meet such service level requirements and the right to terminate if the liquidated damages exceed certain amounts)
b. Critical milestone requirements for the data center migrations/project implementations

Information System Security Assessment Framework (ISSAF) 0.2 has detailed methodology and how to about Wirelesss Security Assessment. This document can be downloaded at
http://www.oissg.org/downloads/issaf-0.2/index.php
Below the summary of the Wireless LAN Security Assessment

Information Gathering
Wireless access points and clients send beacons and broadcasts respectively. Beacons are sent by APs at predefined intervals. They are invitations and driving directions that enable the client to find the AP and configure the appropriate settings to communicate. A beacon announces the SSID and the channel that the network is using. WLAN scanners allow users to identify WLANs through the use of a wireless network interface card (NIC) running in monitor mode and software that will probe for APs. Linux has Kismet which is not graphical and not as user friendly as NetStumbler, but it provides superior functionality. Kismet is a WLAN sniffer, where NetStumbler is a scanner.

Scanning
- Detect and Identify the wireless network
- Test for channels and ESSID
- Test the beacon broadcast frame and recording of broadcast information
- Test for rogue access points from outside the facility
- IP address collection of access points and clients
- MAC address collection of access points and clients
- Detect and Identify the wireless network
- Audit & Review – Questionnaire

Download free ISO 17799/27001 System Development and Maintenance Audit Checklists. The scope of this checklists are:

- Security requirements analysis and specification
- Input data validation
- Control of internal processing
- Message authentication
- Output data validation
- Policy on use of cryptographic controls
- Encryption

Download free Information Security Policy based on ISO 27001/17799 which covers:
Basic Structure
Purpose, Scope, Roles, Enforcement, Administrative Considerations, Definitions.

major policy subjects
Acceptable Use of IT Resources, Account Management, Remote Access, Information Protection, Firewall Management, Special Access Account Management, Network Connection, Wireless Networks, Router