IT Security

How to handle the IT Auditor - A simple checklists

1. Help the auditor gather information.

2. Do not expect to see the audit report.

3. If asked for a response, provide it promptly.

4. Work with internal audit to identify key risks for the organization.

5. If an external audit is expected, talk with system administrators to learn how they are implementing security policies and procedures.

6. Conduct a mock audit before a real one to identify potential findings.

Gramm-Leach-Bliley Act (GLBA) Safeguards Rule Service Provider Due Diligence, here is the checklists:

1. Describe your organization's administrative, technical, and physical safeguards over non-public financial information to which you may have access if you are selected as the University's vendor. Note that these safeguards must be appropriate to the size and complexity of your firm, the nature and scope of your activities, and the sensitivity of customer information at issue. Use as many pages as necessary to respond.

2. Describe your current or planned procedures for detecting and responding to breaches of security re: access to such non-public financial information. Use as many pages as necessary to respond.

3. Has your organization designated an employee or employees to coordinate the information security program?

Each organization have their own style and maturity for IT Capacity Planning Process. Here are the Five Types of Organizational IT Capacity Planning that most of organization used:

Type 1:
Style: Reactive, firefighting

Type 2:
Style: Efficient: professional and sophisticated firefighting

Type 3:
Style: Fewer fires; analysis of problems, start of process improvement

Download Free ITIL/ITSM (Information Technology and Infrastructure Library) and Information Technology Service Managemet Study Guide Handout

SERVICE SUPPORT PROCESSES
The five service support processes focus on support of the IT services provided to the business, customer and user, as defined by service delivery. Operational in nature, the primary goal is to achieve quality in IT services.

INCIDENT MANAGEMENT
Restores normal service operation as quickly as possible and minimizes the adverse impact on business operations.

Download Free ISO 27001 Data Security Protection Policy Statement Templates

Data must not be disclosed to a third party without the express consent of the data subject or owner. In practice this means that documents, information, or the means to access them, should not be given to others or to external individuals or agencies, including the police, unless in exceptional circumstances