Category: IT Documents

Users are expected to be aware of the security policies of the computers and networks which they access and to adhere to these policies. Users are individually accountable for their own actions and for all use of the resources assigned to them. The sharing of accounts, passwords, and other assigned resources is unauthorized.
A weakness in […]

Do not set your password equal to your Username or any variation of your Username. Do not use a password consisting of all the same letter. Avoid passwords that would be easy to guess. Do not use your initials or first, middle, or last name or the name of any family member. Do not use […]

This template defines requirements for encryption algorithms used within the organization. The purpose of this policy is to provide guidance that limits the use of encryption to those algorithms that have received substantial public review and have been proven to work effectively. Additionally, this policy provides direction to ensure that Federal regulations are followed, and […]

 
We have a large repository of existing documents and will work with you to develop any custom documents you need for your situation. Please ask us if you have any open questions! We specialize in getting vendors in the door of large U.S. Companies.
The typical scenario involves some sort of Information Security Questionaire or Information […]

Up until a couple years ago, technology policies and procedures were often poorly written internal documents (if written at all) used when something went wrong. They were almost never reviewed by anyone other than a few select individuals and no one really cared about the contents
Now, technology documentation is part of the Vendor Due Diligence […]

1. Diagram your current network and identify each network device. How critical is each device?
 
2. Assuming you have a DR network, how does it differ from your current network? Can it handle the load that will be put on it if a disaster occurs? Do you have adequate network documentation for the DR network?
3. How […]

Forcing frequent password changes. Yes, users should change their passwords. The older a password is, the more likely it will be compromised. On the other hand, requiring users to change their passwords too frequently has the same effect as assigning passwords to users – they end up writing them down! Three to six months is a reasonable […]

By using email, companies face several threats. These range from legal threats to network congestion issues:
Legal liability
In most cases the employer is responsible for all information transmitted from their systems. As a result, inappropriate emails often result in multi-million dollar penalties. In the US, Chevron settled a case filed by four female employees for $2.2 million. The […]

When we work with a customer to prepare and IT Policy Package, we typically do a free, upfront technical assessment. This allows us to fully understand the customer’s architecture. By the time the assessment is finished, we usually understand the client’s Internet architecture at least as well they do, often even better. This puts us in a unique […]

Have you analyzed your facility, equipment, systems, processes, and procedures, of your organization in order to evaluate the ability of your business to continue operations in case of a disaster? A thorough evaluation of the strengths and weaknesses of your company’s ‘preparedness’ can give you a clear idea of the possible impact in lost opportunity […]