Policy Example SunSpot Credit Union Computer Incident Response Team—Access & Authorization Policy 1.0 Policy Statement This policy applies to SunSpot Credit Union employees, temporary workers, contractors, and consultants who use or access SunSpot Credit Union information systems and computers. 2.0 Purpose/Objectives Definitions for this policy are as follows: SunSpot Credit Union: (SCU). Incident Response Team:… Read More »
The IT security policy framework is the foundation of an organizations information security program. The framework consists of a library of documents, but is just not a collection of documents. The framework and its documents are used to build an organizations processes, determine appropriate technologies to use, and lay the foundation for policy enforcement. The framework is a… Read More »
Security+ General Information The CompTIA Security+ Certification is often a first step towards more advanced security certifications. About The CompTIA Security+ certification is a vendor-neutral, internationally recognized credential used by organizations and security professionals around the globe to validate foundation level security skills and knowledge. Candidates are encouraged to use this document to help prepare for CompTIA security+… Read More »
Ethics Related to the Collection of Information The following are ethics that must be addressed when information systems are designed, and how they relate to the Confidentiality, Integrity, Availability (CIA) security concept. The first concern related to ethics is; who benefits from the information collected? The applicable area of the CIA security triad is confidentiality. Information collected for… Read More »
Information System Incident Response Effective information system Incident response requires proper planning and good management. Since organizations are diverse and vary in size, organizations must design their incident response plans based on a detailed assessment of their information system and business requirements. Constructing a proficient Incident Response Team (IRT) is a critical component of any effective Incident Response Plan.… Read More »
Guidelines for Media and Data Sanitizing When information systems are taken offline and retired, great care must be taken to ensure media that stored the data in the system remains protected through the retirement process. If media used is going to be removed and discarded, or re-purposed, organizations must ensure data that was stored on the media is… Read More »
Consumer Privacy Bill of Rights Introduction The Consumer Privacy Bill of Rights (CPBR) was proposed as a draft bill by President Obama on 27 February 2015. The CPBR is intended as a law that will govern the collection and dissemination of consumer data. The Obama administration re-introduced the CPBR as an enhancement to the Data Security and… Read More »
Health Information Privacy Complaint According to the Health Information Privacy Complaint Form OMB No. 0990-0269, Complaint Consent Form, The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has the authority to collect and receive material and information about a complainant, including personnel and medical records may be relevant to an investigation of a person’s… Read More »