The following 61 items are listed by Content Data.
Policies & Procedures
Data Center Security Policy
This sample policy establishes operational standards for the physical security of a company’s data center.
Subscriber Content
Policies & Procedures
Security Awareness Policy
This sample policy is designed to help organizations notify information system users about security policies, guidelines...
Subscriber Content
Policies & Procedures
Personnel Security Policy
The purpose of this sample policy is to reduce the risks of human error, theft, fraud or misuse of facilities.
Subscriber Content
Policies & Procedures
Physical and Environmental Security Policy
This sample policy is designed to help organizations prevent unauthorized access, damage and interference to business pr...
Subscriber Content
Memos
Security Access Badges Memo
This sample memo serves as a report of an internal audit function’s high-level assessment of the security access badges ...
Subscriber Content
Policies & Procedures
Password Security Policy
This tool contains four sample policies that establish a company’s guidelines regarding secure and consistent system pas...
Subscriber Content
Methodologies & Models
Access Controls Capability Maturity Model (CMM)
This capability maturity model can be used to measure the maturity of an organization’s access controls process and to a...
Subscriber Content
Methodologies & Models
Identity Access Management Capability Maturity Model (CMM)
This capability maturity model can be used to measure the maturity of an organization’s business continuity management p...
Subscriber Content
Policies & Procedures
Separation of Duties Policy
In this sample policy, we outline the standards for applying separation of duties to protect a company’s information ass...
Subscriber Content
Audit Programs
Security Management Audit Work Program
This tool contains two sample work programs that provide general steps organizations can take when conducting a security...
Subscriber Content
Policies & Procedures
IT Personnel Security Policy
The objective of this policy is to define the security standards that must be applied in regard to personnel.
Subscriber Content
Policies & Procedures
Physical Security Standard Policy
The purpose of this policy is to create and maintain a physically secure environment that protects company property and ...
Subscriber Content
Audit Programs
Enterprise Resource Planning Security Audit Work Program
In this work program sample, we list general best-practice steps for the enterprise resource planning security process.
Subscriber Content
Policies & Procedures
Access Management Policy
This tool contains three sample policies that define procedures for ensuring that access to all systems and applications...
Subscriber Content
Audit Programs
Vulnerability Assessment Audit Work Program
This audit program sample offers best-practice general steps for a vulnerability assessment audit, including key objecti...
Subscriber Content
Audit Programs
Time and Labor System Post-Implementation Audit Work Program
This work program sample can be used by organizations to measure the infrastructure for an implemented time and labor sy...
Subscriber Content
Audit Programs
Treasury Security Review Audit Work Program
In this work program sample, we provide general best-practice steps for the treasury security review audit process.
Subscriber Content
Audit Programs
Intranet Audit Work Program
This work program sample highlights general steps an organization should follow when performing an intranet audit.
Subscriber Content
Audit Programs
Security Audit Work Program
Organizations can use this audit work program sample to assess the effectiveness of risk management processes and the ri...
Subscriber Content
Benchmarking Reports
Executive Perspectives on Top Risks in 2021 and 2030
This report contains results from our ninth annual risk survey of directors and executives worldwide to obtain their vie...
Subscriber Content
Benchmarking Reports
2020 Finance Trends Survey Report: Four Ways Finance Leaders Strengthen Cybersecurity
This report contains several leading practices for CFOs to consider, based on key points from Protiviti’s 2020 Global Fi...
Subscriber Content
Memos
Security Access Badges Memo
The purpose of this sample memo is to outline the utilization of security access badges by a company to restrict access ...
Subscriber Content
Policies & Procedures
Data Access and User Authentication Policy
The purpose of this access management policy is to ensure that access to all company systems and applications is properl...
Subscriber Content
Audit Programs
Systems and Data Audit Work Program
This sample work program can be used by auditors to identify and mitigate risks associated with an organization’s critic...
Subscriber Content
Policies & Procedures
System Software Development Policy
This template can be used to record a company’s system software development policy and requirements and the responsibili...
Subscriber Content
Audit Programs
Big Data Audit Work Program: Data Security Management
This work program template highlights general steps an organization should follow with respect to effective data securit...
Subscriber Content
Checklists & Questionnaires
Identity Management Tool Questionnaire
The questions provided in this tool can help organizations manage their security and privacy concerns specific to identi...
Subscriber Content
Audit Programs
Social Engineering Audit Work Program
This sample work program provides general steps organizations should follow when performing a social engineering audit.
Subscriber Content
Audit Programs
VoIP Audit Work Program
This sample audit program provides general steps organizations can use to perform an audit of an organization's voice ov...
Subscriber Content
Guides
Data Governance Guide
This tool can be used as a guide for understanding and reviewing the essential components of an organization’s data gove...
Subscriber Content
Policies & Procedures
Facility Access Controls Policy
This sample policy provides an overview of procedures organizations should perform during the facility access controls p...
Subscriber Content
Articles
Identity and Access Management in Financial Services: Staying Ahead of the Curve
Here, Protiviti’s Carol Beaumier and Matthew Kotraba discuss security and privacy trends in financial services and sugge...
Subscriber Content
Protiviti Booklets
FAQ: Understanding the General Data Protection Regulation
Organizations have many questions about the General Data Protection Regulation (GDPR), and in response, Protiviti has de...
Subscriber Content
Audit Reports
ISO 27001 Information Security Assessment Report
This audit report focuses on a project baselining an organization’s information security practices, with the purpose of ...
Subscriber Content
Articles
GDPR: Dealing With the Mandatory 72-Hour Breach Notification Requirement
This article explores personal data breaches and offers eight recommended actions organizations can use for responding t...
Subscriber Content
Articles
GDPR: Here’s What’s Happened So Far
This article provides a breakdown of some of the most notable GDPR-related developments and lawsuits that have unfolded ...
Subscriber Content
Articles
GDPR and How It Affects Third-Party/Vendor Handling of Personal and Employee Data
In this article, we offer a transcript of a conversation with Jeff Sanchez, managing director with Protiviti’s Security ...
Subscriber Content
Articles
GDPR: Legitimate Interest vs. Consent
This article explores the legal concepts of consent and legitimate interest in the context of GDPR and offers advice on ...
Subscriber Content
Articles
Companies Must Commit to Mastering the Basics to Strengthen Their Cybersecurity Posture
This article examines some of the reasons consumer products and services companies are still making slow progress in the...
Subscriber Content
Audit Programs
Vendor Review Audit Work Program
This sample provides steps for reviewing a company’s vendor management process.
Subscriber Content
Articles
Five Common Identity and Access Management Pitfalls
This paper discusses five common identity and access management (IAM) pitfalls organizations run into today: lack of an ...
Subscriber Content
Articles
Integration Prioritization Model for Identity Access Management
Protiviti recommends a simple identity access management (IAM) prioritization model based on risk, impact and friction. ...
Subscriber Content
Articles
California Adopted a GDPR-like Privacy Law: What Does It Mean for You?
This article explains what challenges, opportunities and to-dos organizations face before and after the California Consu...
Subscriber Content
Articles
Security Advisory: Meltdown and Spectre – Processor Flaws Expose Networks to New Class of Vulnerabilities
In this article, Protiviti’s Andrew Retrum describes two problematic computer hardware vulnerabilities—Meltdown and Spec...
Subscriber Content
Articles
Hunting for Hackers: Internal Audit’s Growing Role in Breach Detection
Information technology assets—and the ways criminals exploit them—keep evolving. Monitoring alone isn’t enough. Organiza...
Subscriber Content
Articles
Obtain Greater Clarity Into Identity and Access Management by Establishing and Tracking Metrics
Identity and access management (IAM) has become a critical area of focus in security discussions within all organization...
Subscriber Content
Articles
Enterprise Role Management: Strategic Deployment of Role-Based Access Control in Today’s IAM Landscape
A well-governed role-based access control (RBAC) environment provides huge value to the business, simplifies user experi...
Subscriber Content
Checklists & Questionnaires
System Privileges for Terminated Employees Checklist
This sample provides action steps to consider for protecting an organization’s critical systems and data and secure syst...
Subscriber Content
Articles
Security Advisory: Hackers Target Remote Email Access
As organizations look for workable ways to accommodate an increasingly mobile work force with remote access to email, ha...
Subscriber Content
Benchmarking Reports
2018 Security Threat Report
Protiviti has compiled and quantified the vulnerability and threat discoveries from more than 500 in-depth security scan...
Subscriber Content
Audit Reports
Application Access Audit Report
This sample audit report presents the results of an application access audit performed within a company’s IT environment...
Subscriber Content
Policies & Procedures
IT System Access and Re-Certification Policy
This sample establishes the standards and procedures for maintaining proper system access security at a company.
Subscriber Content
Policies & Procedures
Oracle eBusiness Suite Policy
This sample policy outlines procedures for controlling access to and use of the Oracle eBusiness suite and database.
Subscriber Content
Benchmarking Tools
External Access Risk Key Performance Indicators (KPIs)
This tool outlines the business risks associated with inappropriate access to systems, data or information and suggests ...
Subscriber Content
Policies & Procedures
Disclosure of Private Data Policy
This sample policy outlines procedures for the disclosure, protection and transfer of a company's private data.
Subscriber Content
Policies & Procedures
User Information Security Policy
This sample policy provides guidelines for securing user information.
Subscriber Content
Memos
Delegated Entity Review Memo
This memo focuses on IT SOX readiness procedures for an application, testing change management, computer operations and ...
Subscriber Content
Memos
Minimum Testing Standards for Systems and Data Memo
This memo outlines minimum IT controls around user access, change control, backup, privacy, licenses and document retent...
Subscriber Content
Audit Programs
Physical Security Audit Work Program
This 45-page work program outlines physical security best practices for data centers and information processing/storage ...
Subscriber Content
Audit Programs
Security Policy Review Audit Work Program
The purpose of this work program is to determine whether the right security policies exist and determine if existing pol...
Subscriber Content
Policies & Procedures
Data Center Operations & Problem Management Policy
The objective of this document is to provide policy and procedure guidance for conducting major activities in a company'...
Subscriber Content