The goal of Enterprise Risk Management is to identify, evaluate and manage key risks impacting an organization’s ability to achieve it’s objectives and strategies. This document provides a template to inventory and assess critical risk areas (business functions) and the associated risks embedded within each area.
When using this template, for each area, please rate:
* Current process control effectiveness on a High / Medium / Low scale
* Past performance history on a Good / Fair / Poor scale
* Personnel adequacy on a Good / Fair / Poor scale
Then, please rank the top ten functions/risk areas, based on the threat of embedded risks on achieving the company's objectives and strategies for the upcoming year. Consider the following when ranking the top ten risk areas:
IT general controls typically impact multiple applications in the technology environment and prevent certain events from impacting the integrity of processing or data. Computer operations, physical and logical security, program changes, systems development and business continuity are examples of processes where general IT controls reside. These IT controls are “pervasive” because they can have an impact on the organization’s achievement of financial reporting objectives germane to many of it processes.
The purpose of the Server Security Policy is to establish standards for the base configuration of internal server equipment that Blanco Wireless owns and/or operates. Effective implementation of this policy will minimize unauthorized access to Blanco's proprietary information and technology:
This policy applies to all production servers at Blanco Wireless, including web, application, and database servers.
The following directives are required of all servers at Blanco, and should be detailed in every configuration or "hardening" guide used by administrators:
1. Nature and role of private security officers
a. Security awareness
i. Private security officers and the criminal justice system
ii. Information sharing
iii. Crime and loss prevention
b. Legal aspects of private security
i. Evidence and evidence handling
ii. Use of force and force continuum
iii. Court testimony
iv. Incident scene preservation
v. Equal Employment Opportunity and diversity
vi. State and local laws
c. Security officer conduct
iii. Professional image
1. “Respect for the individual.”
This respect should be for each and every individual, including the ones who are believed to be violating your security policies and procedures.
2. “Excellent service to the customer.”
This applies to both internal and external customers and at every level of the security organization.
3. “Excellence as a way of life.”
Every action should always be done to the best of one’s ability.