Download Free SAS 70 IT Control Objectives Toolkit. This Statement Auditing Standards (SAS) no 70 contain samples of Program Change Control, Access Control and Computer Operation Control Objectives as described below:

Program Change Control
- Ensure that production environment changes are approved by management prior to implementation in accordance with documented policies and procedures.
- Ensure that necessary modifications to the existing production environment are implemented within the timeframes required by documented policies and procedures.
- Ensure that modifications to the production environment are tested prior to implementation and function consistent with documented policies and procedures.

Requirements content
- Are all the inputs to the system specified including their source, accuracy, range of values, and frequency?
- Are all the outputs from the system specified including their destination, accuracy, range of values, frequency, and format?
- Are all the report formats specified?
- Are all the external hardware and software interfaces specified?
- Are all the communication interfaces specified including handshaking, error checking, and communication protocols?
- Is the expected response time, from the user’s point of view, specified for all necessary operations?
- Are other timing considerations specified, such as processing time, data transfer, and system throughput?
- Are all the tasks the user wants to perform specified?
- Does each task specify the data used in the task and data resulting from the task?
- Is the level of security specified?

Download Free Payment Card Industry Data Security Standard (PCI DSS Visa) Incident Report Template

I. Executive Summary
a. Include overview of the incident
b. Include Risk Level (High, Medium, Low)
c. Determine if compromise has been contained

II. Background

III. Initial Analysis

Download Free Smadav 2010 Rev. 8.0

Smadav Free and Smadav Prof is one of Indonesian Anti Virus software that have good reputation to remove the local (Indonesian) made antivirus. The latest version is 12 Januari 2010. For more information visit the official Smadav Antivirus website located at http://www.smadav.net/

Click here to download the file
smadav80.zip size 421KB

The NSA Certified Information Security Assessment Methodology (NSA IAM) is an information security assessment methodology that baselines assessment activities. It breaks information security assessments into three phases: pre-assessment, on-site activities, and post-assessment. Each of these phases contains mandatory activities to ensure information security assessment consistency. It is important to note, however, that NSA IAM assessments consist of only documentation review, interviews, and observation. There is no testing done during an NSA IAM assessment. The NSA released the INFOSEC Evaluation Methodology to baseline testing activities.

I. Pre-assessment Phase
The purpose of the pre-assessment phase is to define customer requirements, set the assessment scope and determine assessment boundaries, gain an understanding of the criticality of the customer's information, and create the assessment plan. The NSA IAM measures both organizational information criticality and system information criticality. Organizational information consists of the information required to perform major business functions. System information then is identified by analyzing the information that is processed by the systems that support the major business functions.

On-Site Activities Phase