TAN/ASC Network Information Security Program Template
Question 1: Is your organization required to maintain a comprehensive network information security program in compliance with Section 501(b) of the Gramm-Leach-Bliley Act?
Question 2: Do you feel overburdened by all the regulations that have been released in the past few years?
Question 3: Does your staff have the time and
experience to create and maintain a comprehensive information security program
as new regulations are released?
Automation Services’ Network Information Security Program (NISP) Template provides
cost-effective development of a comprehensive information security program which you can easily tailor to the complexity of your operations.
With the quarterly policy subscription service, TAN/ASC provides recommended program updates and expansions based on new regulatory requirements.
Program Template Includes
- Cover inserts for 3-ring view binder
- Table of contents for 15-tab divider system
- 79 policy pages organized as table of contents, policy overview, policy
sections, response to industry standards and index to appendices
- 20 appendices subsection headers with appendices samples included for
Organizational chart
Employee confidentiality agreement
Network
user guideline form
Hardware & software inventories
Network
administrator’s checklist
Technology service provider list
Policy
responses to FDIC IT-RMP Examination Officer’s Questionnaire
Incident response procedures
Suspicious activity reporting guidelines
Checklist for customer notices
|
Optional Services
The TAN/ASC Security Services Team is available to assist you with
development, implementation, testing and audit of your network
information security program. Services commonly provided include:
| - |
Business Continuity Planning &
Testing |
| - |
IT Security Audits |
| - |
Network Documentation |
| - |
Penetration Testing |
| - |
Risk Assessments |
| - |
Security Policy Customization |
| - |
Vulnerability Assessments |
|
|
Template Benefits
- Comprehensive information security policies based on guidelines released
by the FFIEC, FDIC, FRB, NCUA, OCC, OTC and NIST
- Response to industry standards provides a cross reference to over 60
laws and regulatory guidelines so examiners can quickly find the applicable
policies
- Each policy section clearly identifies roles and responsibilities for
Board
of Directors
Technology Steering Committee
Network
Administrator
Business Continuity Coordinator
Information Security Officer
Internal Auditor
- Policy sections are organized according to latest FFIEC IT examination
work programs
Risk
Assessment
Information Security Policies
Network
Documentation
Business Continuity Planning
Internal Audit
- Detailed security policies are included for
| - |
network users |
| - |
physical
security |
| - |
system access
controls |
| - |
border security
configuration |
| - |
website and
banking system security |
| - |
network health
& security maintenance |
|
| - |
network change
management |
| - |
vulnerability &
security monitoring |
| - |
technology
service provider oversight |
| - |
proper disposal
of information |
| - |
problem
resolution & incident response |
|
- Documents are customizable using Microsoft Word
- Scalable pricing based upon financial institution asset size
|
Template Disclaimer
A financial institution may use a policy template, but it
nevertheless remains responsible to determine the suitability of
generic policies in meeting regulatory guidelines and mitigating
security risks for their institution as is determined through
risk assessment. A policy template cannot replace a
comprehensive risk assessment but it can provide a framework
upon which an institution may delete and expand policies as
required for minimizing information security risks.
|
|
Update Subscription Benefits
- Timely policy updates and expansions per new guidelines released by the
FFIEC, FDIC, FRB, NCUA, OCC, OTC and NIST (During 2005, 12 new regulatory
guidelines resulted in updates or expansions of 50 policies)
- Subscription members are notified of available policy updates at least
quarterly; thereby allowing the technology steering committee to plan
implementation prior to guideline effective dates
- Policy updates and expansions can easily be downloaded from the
subscription website and inserted into existing policies
|
Subscription service now includes 1 hour of
telephone or email template support annually |
|
Before Purchasing
- Have you considered the staff hours required for creation and
maintenance of a Network Information Security Program which is this
comprehensive?
- When will your staff have the
time to do the necessary research
to create and maintain comprehensive policies without a template?
- Where can you find another template which cross references to
specific guidelines the examiners will use during your examination?
- With TAN/ASC’s
low pricing, can you really afford not to use this
Network Information Security Program template and subscription service?
|
Click for Pricing |
Please see our Frequently-Asked Questions
page for more information, or contact us for
a custom price quote or to place your order.
Technology and Networking/ASC
2751 Thomas Drive
Cape Girardeau, MO 63701
Voice: 573-335-5157 800-455-ASC1 (2721)
Fax: 573-335-1508
|
