The Data Protection Act (DPA) is the main piece of legislation that governs the protection of personal data in the UK. It doesn’t cover privacy of information per se; its purpose is to ensure that the information stored on individuals is correct. It provides a framework whereby people can verify the information. Between 1984 and 1998, the Act only covered data stored on a computer. Now offline records are also included in its scope.

There are eight guiding principles in the Act. The one that concerns penetration testers is the second.

Second Guiding Principle of the DPA
Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

Internet/Electronic Banking Due Diligence Checklist. Below the comprehensive plan for due diligence, things that need to be done before launching an internet/electronic based banking

- Review the implications of PC banking on the institution's strategic plan;

- Evaluate customer expectations and demands;

- Determine resource requirements;

- Assess the risks and required controls, particularly those related to system security;

Minimum Security Controls for Financial Institution Password Management. Here is the requirements:

1. Password Length
Experts recommend a minimum of six characters for passwords.

2. Password Composition
Passwords may be alphabetic, alphanumeric, or other. Many experts recommend alphanumeric passwords and avoiding common words like 'password' and the names of professional sports teams. Note, however, that complicated passwords may cause users to write them down, especially if the employee needs several passwords to access different systems or applications, and thus compromise the password’s confidentiality.

3. Password Expiration
Users should change passwords on a regular basis. The more sensitive the system being protected by the password, the more often the password should be changed. Highly sensitive systems should require password changes at least every 90 days.

Download Free Antivirus Guidelines and Procedures

Does your company have a proper, good and the latest advance Antivirus and Security Technology? well honestly i must said it's useless if your company doesn't have a proper Guidelines and Procedures how to use that technology effectively. Please kindly find attached the free Antivirus Guidelines and Procedures that can you used at no cost

Basically the SAS (Statement Auditing Standards) 94 Requires the auditor to:
- Consider how a client’s IT processes affect internal control, evidential matter, and the assessment of control risk;
- Understand how transactions are initiated, entered and processed through the IS, and
- Understand how recurring and nonrecurring journal entries are initiated, entered, and processed through the IS

The Component of a SAS 94 audit are:
- Physical and environmental review
- Systems administration review
- Application software review
- Network security review
- Business continuity review
- Data integrity review

Implementing good internal control is one of the key successful Disaster Recovery Plan Management. So, what is the 3 Types of Control for Disaster Recovery Plan Management, that could be used? here is the lists:

Integrity Controls
- Policy
- Methodology
- Staffing
- Education
- Division of Responsibility
- Audit
- Error and Change Control
- Reporting and Resolution
- Test
- Quality Assurance

Download Free Apollo 13 - an ITSM case Experience and ITIL v3 Templates

This document describes at a high level the content of ITIL V3 and describes how Apollo 13 - An ITSM Case experience simulation can be used to experience ITIL V3 concepts in action.

The new ITIL V3 Core publications comprise of 5 publications. Each provides the guidance necessary for an integrated approach as required by the ISO/IEC 20000 standard specification:
The ITIL V3 Core publications are:
- Service Strategy
- Service Design
- Service Transition
- Service Operation
- Continual Service Improvement