Beruflich Dokumente
Kultur Dokumente
Objective
Description and pointers within the worksheets of the file.
If the security policy of your organisation forbids the use of macros, it will not be possible to use
Intro
Domain 01 Org to 14 ISM Questionnaires relative to MEHARI security domains (01 to 14)
Services
Themes
ISO 27002
Risk%event
You can use the forum www.mehari.info to post questions, remarks or comments
Date
October 2010
April 2011
Edition 2-1
Edition 2-2
Edition of a few formulas in ISO scoring and IP grids
Methods space
Club de la Scurit de l'Information Franais
11, rue de Mogador, 75009 PARIS
T : +33 1 53 25 08 80 / F : +33 1 53 25 08 88
http://www.clusif.asso.fr/
Classification tables:
T1, T2, T3 & Classif
Mask
Questionnaires:
from 01Org to 14 ISM
+ Themes & ISO 27002
scoring
Mask
Risk analysis:
Events,
Risks per asset or event
Risk treatment:
ActionPlans,
Obj_PA,
Obj_Projects
Mask
Mask
Translation managed by
Jean-Louis Roule
Jean-Philippe Jouas
Threats
Vulnerabilities
T2
Expo
Security
services
T1
T3
Classif
Impact
Themes
Potentiality or likelihood
Intrinsic seriousness
ISO 27002
Current seriousness
Risk%asset
Scenarios selection
Reduce
Treat
risks
Risk%event
Action_plans
Obj_PA
Retain
Obj_Projects
Planned seriousness
Avoid
Transfer
MEHARI is an Open Information security risk management methodology provided as a spreadsheet containing a knowledg
with attached document like:
- manuel de rfrence de la base de connaissances Excel,
Redistribution and use of this knowledge base and associated documentation ("MEHARI"), with or without modification, are
provided that the following conditions are met:
1. Redistributions in any form must reproduce applicable copyright statements and notices, this list of conditions, and the f
in the documentation and/or other materials provided with the distribution, and
2. Redistributions must contain a verbatim copy of this document.
3. No persons may sell this Methodology, charge for the distribution of this Methodology, or any medium of which this Meth
without explicit consent from the copyright holder.
4. No persons may modify or change this Methodology for republication without explicit consent from the copyright holder.
5. All persons may utilize the Methodology or any portion of it to create or enhance commercial or free software, and copy
software under any terms, provided that they strictly meet all of the above conditions.
The CLUSIF may revise this license from time to time.
Each revision is distinguished by a version number.
You may use Mehari under terms of this license or under the terms of any subsequent revision of the license.
MEHARI IS PROVIDED BY THE CLUSIF AND ITS CONTRIBUTORS AS IS AND ANY EXPRESSED OR IMPLIED WARR
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PART
PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE CLUSIF, ITS CONTRIBUTORS, OR THE AUTHOR(S) OR OWNER(S) OF MEHARI BE LIABL
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTE
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF MEHARI EVEN IF ADVISED OF THE PO
SUCH DAMAGE.
The names of the authors and copyright holders must not be used in advertising or otherwise to promote the sale, use or o
Mehari without specific, written prior permission from CLUSIF. Title to copyright in MEHARI shall at all times remain with c
CLASSIFICATION OF DATA
FONCTION
(description)
Common services
Asset type
Application
data (data
bases)
Application
data
individually
sensible
(transient,
Messages)
Shared Office
data
Personal
Office data
Personal
docu
ments
D01 D01 D01 D06 D06 D06 D02 D02 D02 D03 D03 D03 D04 D04
Listings
or prints
C
D05
Electronic
mail
Snail mail
Fax
Archived
docu
ments
Digitalized
archives
web data
on-line
(external or
internal)
D07 D07 D07 D08 D08 D08 D09 D09 D10 D10 D10 D11 D11 D11
Business Process
Domain 1 :
Domain 2 :
Domain 3 :
Domain 4 :
Domain 5
Domain 6 :
Domain 7 :
/
Domain N
Transverse Processes
Overall Management & policy
Classification
In order to add or suppress a business domain or process, use the line "add" or "suppress" functions.
The classification level is a value from 1 to 4, the maximum in each column is automatically copied out in the "classification" line
and reproduced into the "intrinsic impact table" (tab: Classif) for each type of data and criteria (A, I or C).
Le 01/04/2017
Page 5 / 654
CLASSIFICATION OF SERVICES
FUNCTION
(description)
Asset type
Common
Services,
working
environmen
t
Local Area
Network
Services
R01
R01
R02
R02
S01
S01
S01
S02
S02
S03
S04
S04
S05
S05
G01
G02
G02
Shared Office
Application Services
Services
Users'
disposal of
Equipments
IT Services
(Systems,
peripherals,
etc.)
Extended
Network
Services
Web editing
Service
Telecom
Services
Business Process
Domain 1 :
Domain 2 :
Domain 3 :
Domain 4 :
Domain 5
Domain 6 :
Domain 7 :
/
Domain N
Transverse Processes
Overall Management & policy
Classification
In order to add or suppress a business domain or process, use the line "add" or "suppress" functions.
The classification level is a value from 1 to 4, the maximum in each column is automatically calculated in the "classification" line
and reproduced into the "intrinsic impact table" (tab: Classif) for each type of service and criteria (A, I or C).
Le 01/04/2017
Page 6 / 654
Le 01/04/2017
Page 7 / 654
T3
Table T3
Business processes, domains
of application or activity,
Common services
Asset type
personal
information
protection
financial
communication
digital accounting
control
intellectual
property
C01
C02
C03
C04
Business Process
Domain 1 :
Domain 2 :
Domain 3 :
Domain 4 :
Domain 5
Domain 6 :
Domain 7 :
/
Domain N
Transverse Processes
Overall Management & policy
Classification
Page 8
T3
C05
C06
Page 9
Service assets
General Services
G01 User workspace and environment
G02 Telecommunication Services (voice, fax, audio & videoconferencing, etc.)
IT and Networking Services
R01 Extended Network Service
R02 Local Area Network Service
S01 Services provided by applications
S02 Shared Office Services (servers, document management, shared printers, etc.)
S03 Users' disposal of Equipments (workstations, local printers, peripherals, specific interfaces,
etc.)
Nota : Applies to a massive loss of these services, not for one or few users.
S04 Common Services, working environment: messaging, archiving, print, editing, etc.
S05 Web editing Service (internal or public)
Nota : Grey cells represent those asset security criteria for which, in general, no classification is needed and no
scenario exists in the knowledge base.
Lgende :
A
Availability
I
Integrity
C
Confidentiality
E
Efficiency (of the management process, regarding compliance to law and regulations). For
this criteria, the decision grid L will be used for impact reduction.
341702815.xls ! Classif
10
Dcembre 2006
Asset
selection
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
341702815.xls ! Classif
11
Dcembre 2006
01A
1 variant
Question
Max
Min
Typ
ISO 27002
01A01
01A01-01
Do all areas concerned with security have a dedicated manager (computer and telecom security, general security in the workplace
(documents, fax, telephone), general physical security of the sites and premises) or a designated point of contact (HR for
awareness and training, work contracts, user account and access rights management, responsibility for disciplining malicious acts
or internal negligence)?
01A01-02
For each security manager, is there a clear definition of the job function detailing, in particular, its objectives, responsibilities and
interfaces with other areas concerned with security?
01A01-03
E2
01A01-04
Is there a committee or structure bringing together all security managers, from all disciplines, in order to coordinate the various
security related actions and able to make transversal decisions and does it meet regularly?
R1
01A01-05
E2
01A02
E1
E2
01A02-01
Is there a document describing the security policy related to information systems and in particular the organization, management
and piloting of security (roles and responsibilities) as well as the fundamental principles underlying information security
management?
E1
5.1.1
01A02-02
Is this Security Policy revised, on a regular basis or when major changes are done, to ensure the upholding of its relevancy and
efficiency?
E2
5.1.2
01A02-03
Have the structure and organization of the management of information systems security been defined in detail: CISO, local
responsibilities and contacts, roles and responsibilities towards operational managers and is this organizational structure in
operation?
E2
6.1.2
01A02-04
Has this structure the capacity to alert senior management without delay in the case of a serious incident?
E2
6.1.2
01A02-05
Have the mode of managing security and the decision processes been defined in detail : methodology used (for audit of exposure,
risk analysis etc.), associated tools, actors (organization, support, training, expertise, advice etc.)?
E2
6.1.2
01A02-06
Have the respective roles of security managers, operational managers and managers of functional domains (information owners)
been clearly defined with regard to final decision making and arbitration?
E2
6.1.3
01A02-07
Has a mode of information systems security piloting been defined: dashboards (contents and frequency), management structure,
orientation and reporting?
E2
6.1.3
01A02-08
Is an annual information systems security plan established which brings together all action plans, means to put in place, planning,
budget?
01A02-09
Is the Company's Management involved in the organization of the information security, particularly in the development and the
approbation of the security policy, responsibilities definition, resource allocation, and the efficiency control of the actions taken?
E2
6.1.1
01A02-10
Is a contact maintained with the concerned authorities regarding information security and crisis situation (Police, Reporting
Services, Legal Administration, Firemen, Public Services, etc.) ?
E2
6.1.6
01A02-11
Does the organization improve knowledge about best security practices and maintain contacts with interest groups, associations,
conferences, etc?
E2
6.1.7
01A02-12
Are the responsibilities and procedures established to provide quick and efficient solutions to the security incidents?
E2
13.2.1; 13.1.1
01A02-13
Is there a procedure for regularly updating organizational documents related to information systems security in line with changing
organization structures?
R1
6.1.8
01A03
E2
341702815.xls ! 01 Org
page 12
1 variant
Question
Max
Min
Typ
01A03-01
Is there an incident reporting system which relays incidents to Information Systems Security correspondents including an incident
summary for the CISO?
01A03-02
Does this reporting system include all incidents (operation, development, maintenance, usage of the information system) physical,
logical or organizational?
01A03-03
Does this reporting system include malevolent actions and failed attempts to breach security?
01A03-04
Is this reporting system applied in all locations and organizations including subsidiaries?
01A03-05
Are the form and description of incidents recorded in a database enabling continuous improvement as well as easy selective
access in order to be able to follow up the resolution of individual incidents?
01A03-06
Is the collection of forensic proofs performed each time a legal action is considered?
01A03-07
Is the implementation and updating of the incident management system followed-up using a dashboard and a regular review which
are transformed into action plans?
R1
E2
01A04
E1
13.1.1
E1
13.1.1
E3
13.1.1
E2
13.1.1; 13.2.1
E2
13.2.2
E2
13.2.3
01A04-01
Has the security function communicated to internal auditors (or the structure responsible for internal audits) a reference guide
related to the information system security, describing in particular, the obligations of each category of personnel, the mandatory
directives and the recommendations?
01A04-02
Is the procedure, allowing derogation from internal directives, written into the audit reference documentation and is the procedure
auditable?
E2
01A04-03
Is there a coordination structure or a procedure enabling information security managers to define the annual audit program or to
participate in its definition?
E3
01A04-04
Is the CISO informed of the audit results which concern information systems security?
01A04-05
Is the CISO informed of summary audit results not specifically related to information systems security and does (s)he have access
to corresponding detailed audit reports?
01A04-06
Has the annual audit program been presented to and approved by the management?
01A04-07
Is the organization of annual information system audits subject to a regularly reviewed and followed-up dashboard?
R1
E1
01A05
ISO 27002
E2
E2
E2
01A05-01
Is there a crisis plan in all buildings which details, as a function of various symptoms, the names and contact details of all persons
to notify in order that they may effect an initial diagnosis and, as a function of this diagnosis, the members of the crisis team to
convoke and the most urgent actions to carry out?
01A05-02
Is there an alert procedure, distributed to the entire organization, which enables directly or indirectly (via surveillance personnel) to
contact the various persons likely to initiate a crisis plan?
01A05-03
Does the crisis plan describe in detail the major crisis situations linked to information systems and does it address issues specific
to them?
E2
01A05-04
Does the crisis plan include the implementation of corresponding logistical means (equipped war room, communications etc.)?
E2
01A05-05
Are there tools or procedures which enable the updating of the crisis plan and is this updating audited?
R1
E1
01B
01B01
01B01-01
Are the responsibilities and obligations of staff with regard to the usage, preservation, archiving and non disclosure of information
detailed in a memo or document available to management?
E1
01B01-02
Does this document specify the personnel's duties and responsibilities regarding the use and protection of the authentication
means (passwords, keys, tokens, badges, etc.) at its disposal?
E2
341702815.xls ! 01 Org
11.3.1
page 13
1 variant
Question
Max
Min
Typ
ISO 27002
01B01-03
Do the personnel's duties and responsibilities specify how to react when the workstation is left vacant (logout, logoff, screen
savers, lock-out, etc.) ?
E2
01B01-04
Are the obligations and responsibilities of personnel related to the usage and protection of assets and resources belonging to the
company detailed in a memo or document available to management?
E2
01B01-05
Does this document detail what is tolerated and the limits that cannot be disregarded (personal use of company possessions for
example)?
E2
01B01-06
Does this document detail the course of action in case of excess or abuse?
E2
01B01-07
Is there a formal disciplinary process to cover a breach to security rules or infringement of procedure?
E3
01B01-08
Are the obligations and responsibilities of management in the domain of protection of information and of company resources
detailed in a document distributed to all staff managers?
E2
01B01-09
Are the Management's duties and responsibilities at the time of an employee's termination or change of functions (internal or
contract) defined and specified by a procedure or a document disclosed to all the managers ?
E2
8.3.1
01B01-10
Does the previous procedure (or the equivalent document) cover the questioning and deletion of access rights to all relevant parts
of the information system?
E2
8.3.3
01B01-11
Are all documents or charters concerning staff obligations and responsibilities authenticated?
E3
01B01-12
Are the Managers ensuring and held accountable for their colleagues' compliance to the policies and standards in force?
R1
01B01-13
Is there a regular review of such documents or charters relating to staff obligations and responsibilities?
R1
01B02
11.3.2
15.1.5
8.2.3
15.2.1
01B02-01
Is there document defining the general rules for site protection from external threats, the required conditions for access to each site
from outside and the protection of sensitive premises?
E2
11.4.2
01B02-02
Is there a document defining the general rules to apply in order to protect the internal network from external threats, the conditions
required to access the internal network from the outside and vice versa and the separation required between internal subnetworks?
E2
11.4.2; 11.4.5
01B02-03
Is there a document defining the general rules applied to the access protection of computing resources (storage and networking
elements, systems, applications, data, media, etc.) and the conditions required for the granting, the management and control of
access rights?
E2
10.8.1; 10.7.3
01B02-04
Are these rules established according to the concerned assets' classification level?
E2
10.7.3; 10.8.1;
7.2.2
01B02-05
Is there a document defining the rules applied to the usage of computing (networks, servers etc.) and communications resources?
E2
10.8.1; 11.4.1;
10.7.3
01B02-06
Is there a document defining the general rules applied to software development and security considerations in project
management?
E2
10.7.3
01B02-07
Is there a document defining the general day-to-day rules applicable to the management of the working environment (documents,
workstations, telephone, fax, off-site work)?
E2
10.8.1; 11.3.3;
10.7.3
01B02-08
Is there a document defining additional security procedures to apply regarding mobile computing and teleworking?
E2
10.8.1; 11.7.1
01B02-09
Is there a document setting out the requirements, responsibilities and procedures to apply to protect archives that are important for
the company?
E1
15.1.3
01B02-10
Do the overall regulatory, contractual, and legal requirements explicitly identified, and does their application by the organization
appear in an updated document?
E2
15.1.1
01B02-11
Are the resources and solutions available to managers and users in line with above documents?
E2
01B02-12
Are the rules concerning information and resource protection easily accessible to all staff (for example via intranet)?
E2
341702815.xls ! 01 Org
page 14
1 variant
Question
Is there a procedure to control or audit the relevance and authenticity of the rules, pertaining to information protection and
information system resources, distributed to all staff?
Max
Min
Typ
ISO 27002
R1
Classification of resources
01B03-01
Is there a hierarchy or system enabling the classification of information assets reflecting their protection as a function of the context
of the organization and taking into account availability, integrity and confidentiality?
01B03-02
Does this categorization scheme define the marking of different types of assets according to its classification?
01B03-03
Have information sources (documents, data, files, databases etc.) been classified as a function of the impact that a security breach
might have on the organization?
01B03-04
Has the classification been effected for each of the criteria availability, integrity and confidentiality?
01B03-05
Have sensitive resources been classified (information systems, telecom equipment, sites etc.) as a function of the impact that a
security breach affecting these assets might have on the organization?
E2
01B03-06
Has this classification been effected for each of the criteria availability, integrity, confidentiality?
E2
01B03-07
Have sensitive programs and transactions been classified as a function of the impact a security breach on these assets might have
on the organization?
E2
01B03-08
Has this classification been effected for the criteria availability, integrity and confidentiality?
E2
01B03-09
Are these classifications easily available when needed to the staff concerned?
E2
01B03-10
Is there a procedure for regular review of the classifications and is this procedure controlled?
E3
7.2.1
01B04
E1
E2
7.2.2
E2
7.2.1
E2
Asset management
01B04-01
Are the types of assets - that need to be identified and inventoried - defined?
Assets can be information (databases, files, contracts, agreements, documentation, guides, procedures, plans, archives, etc.),
software (applications, firmware, middleware, tools and utilities, etc.), equipment (computers, network equipment, media, etc.),
services and supporting utilities (energy, heating, air conditioning, etc.), people or know-how, intangible assets such as reputation
or image.
E2
7.1.1
01B04-02
Is an inventory of the types of assets - as identified and defined herein - kept up-to-date?
E2
7.1.1
01B04-03
E2
7.1.2
01B04-04
Is an acceptable set of usage rules defined and documented for each asset?
This implies, particularly, defining the private use an employee can make of the company's assets.
E2
7.1.3
01B04-05
Are the rules regarding the return to the company or organization of assets entrusted to employees at the time of termination or
change of functions clearly defined and set forth by Management ?
E2
8.3.2
01B04-06
Are there rules regarding outside taking of asset (prior authorization, authorized individuals, log for returning or taking asset
outside, deletion of unnecessary data, etc.)?
E2
9.2.7
01B05
01B05-01
Have the assets that may be used as elements of evidence been identified and itemized?
E2
01B05-02
Has it been identified, for each of these assets, the proclamations that it would allow to check and the associated checking
process?
E2
01B05-03
Has it been analyzed, for each verification process, reasons that could foil or weaken the capacity to provide conviction?
E2
01B05-04
E2
01B05-05
R2
341702815.xls ! 01 Org
page 15
1 variant
Question
Max
Min
Typ
C1
ISO 27002
01C
01C01
01C01-01
Has a note been distributed to all personnel (including temporary staff) detailing staff obligations and responsibilities such that they
cannot deny having received it?
E2
6.1.5; 8.1.3
01C01-02
Is there, within work contracts or within internal regulations, a clause which clearly states the obligation to adhere to the security
rules in force?
E2
6.1.5; 8.1.3
01C01-03
Has a note been distributed to all personnel informing them of all legal, regulatory or contractual obligations?
E2
6.1.5
01C01-04
Are the security obligations and responsibilities embodied in contracts (in either of general or specific clauses) of all staff acting for
the organization and who for this reason may have or require access to information or sensitive resources?
E3
6.1.5
01C01-05
Are contractor companies, who may have access to sensitive information or systems, obliged to ensure that all staff sign a
personal commitment that they will abide by the specified security clauses?
E3
6.1.5
01C01-06
Is Management responsible to ensure that the personnel, contractors and third parties respect the company's security policies and
procedures?
E2
8.2.1
01C01-07
Is there a control procedure validating and authenticating all rules distributed to staff?
R1
01C02
01C02-01
E2
01C02-02
E3
01C02-03
E2
01C02-04
Are backup solutions ready for the unavailability of strategic partners or providers?
E3
01C02-05
Are these backup solutions regarding internal staff or providers ) able to guarantee the normal functioning of the organization
without major disruption?
E3
01C02-06
01C02-07
01C02-08
Is there a relevant control and update procedure for the preceding measures?
01C03
E3
E3
3
R1
01C03-01
Is there a preliminary information procedure for the personnel (internal or contractual) regarding its duties and responsibilities, and
security requirements before any assignment or hiring?
E2
8.1.1
01C03-02
Is screening information collected at time of recruitment of staff likely to be involved in sensitive tasks?
E2
8.1.2
01C03-03
Have external contractors, working on site on sensitive tasks, been checked for security clearance approval by an official
organization?
E2
8.1.2
01C03-04
Is additional (clearance) information collected when staff are affected to sensitive tasks?
NB: an open interview may be used in order to avoid placing people in a situation of conflict of interest
E2
8.1.2
E1
8.2.2
01C04
01C04-01
Is there a program to raise awareness of staff to risks of accident, error or malevolence in the processing of information?
01C04-02
E2
8.2.2
01C04-03
Is there a program to train staff in the rules and general measures of information protection?
E2
8.2.2
01C04-04
Do these rules and general measures cover all relevant domains (documents, computer equipment, premises, systems and
application access, telephone, fax, behavior in meetings and out of office etc.)?
E2
8.2.2
341702815.xls ! 01 Org
page 16
1 variant
Question
Max
Min
Typ
ISO 27002
01C04-05
Are these rules and general measures easily accessible to staff in case of need (intranet for example) and has communication
been done on this matter?
E2
8.2.2
01C04-06
Do these regulations specify reporting processes for the incidents and faults observed, and how to react?
E2
13.1.2
01C04-07
Do people with responsibility for security issues receive regular relevant training?
E2
01C04-08
Is there a dashboard detailing the effective implementation of actions related to security awareness and training?
R1
01C04-09
Is there a follow up carried out of the level of satisfaction and compliance of staff related to actions of raising awareness and
training in information systems security?
R1
01C05
01C05-01
Have the risks associated with access by third-party personnel (providers) to the information system (in full or in part) or on the
premises containing information been assessed, and thus the necessary security measures been defined?
E2
6.2.1
01C05-02
Have the risks associated with client or public's access to the information system (in full or in part) or on the premises containing
information) been assessed, and thus the necessary security measures been defined?
E2
6.2.2
01C05-03
Have the risks associated to information or software transfers to a third party been assessed and have the procedures and
responsibilities for each party been formalized by contract?
E2
10.8.2
01C05-04
Have the overall security clauses been defined, that should be included in each Agreement signed with a third party involving an
access to the information system or to the premises containing information?
The information system, including any data support or means of processing, carrying or communicating information.
E2
6.2.3
01C05-05
Are all accesses by a third party to the information system or on the premises containing sensitive information authorized uniquely
after a formal Agreement restating these clauses?
E3
6.2.3; 15.1.5
01C06
People Registration
01C06-01
Are there formal registration and revocation procedures for the individuals?
E2
11.2.1
01C06-02
E2
11.2.1
01C06-03
Is a unique identifier (ID) assigned to each user (employee, external, etc.) who could have access to the information system?
E2
11.2.1
01C06-04
Are the rights granted to the users as they register (shared services, messaging, etc.) approved by the owners of the concerned
assets?
E2
11.2.1
01C06-05
Are all users kept informed, at time of registration, of all the vested rights and of his/her duties regarding any adjudication of rights
(vested at the time of registration or he/she could be granted afterwards)?
E2
11.2.1
01C06-06
Are these procedures controlled and are possible defects documented and corrected in real time?
The responsiveness of the managerial chain must forbid exception procedures that may result from delays with (de)registration
processes.
R1
11.2.1
E1
Insurance
01D
01D01
01D01-01
Are information systems covered by an insurance policy which accounts for material damage (fire damage, miscellaneous risks
and accidents, damage to machines, all computing risks, "all risks except", named risks etc.)?
01D01-02
Does the insurance policy cover all computer and telecommunications systems, cabling and computer rooms?
E2
01D01-03
Does the insurance policy cover all usual causes of disaster: accident (fire, water damage, lightning etc.), human error, sabotage,
vandalism (including by company personnel or third party engaged in operations, maintenance or upkeep)?
E2
341702815.xls ! 01 Org
page 17
1 variant
Question
Max
Min
Typ
01D01-04
Does the insurance policy cover (real) costs of information system re-initialization incurred by a disaster (installation, restart and
system test, data and media reconstruction)?
E2
01D01-05
Does the insurance policy cover all additional operational costs (continuing expenses and fees, avoid or limit halting of work
activity)?
E2
01D01-06
Does the insurance policy cover costs incurred by the company in order to re-establish its image with clients or partners?
01D01-07
Does the insurance policy cover the global losses incurred by the disaster?
01D01-08
Is the coverage of computer and information system (exclusions, guarantees) decided jointly with Information Technology
management and updated regularly?
01D01-09
Does the level of guarantee and deductible cover the survival of the company in the case of a disaster?
E2
01D01-10
Does the level of guarantee and deductible allow the company to survive a disaster without major consequences?
E2
01D02
E2
3
E2
E2
01D02-01
Are the information systems covered by an insurance policy which covers non material damage (malevolence, non authorized
usage, accidental loss of data or programs, denial of service)?
01D02-02
Does this policy cover all computer systems (internal systems, intranet, extranet, web sites etc.)?
E2
01D02-03
Does the contract cover the usual causes of this type of damages: accident (breakage, bugs etc.), human error (data entry errors,
programming errors etc.), malicious entry (frauds, intrusions, service denial, including company personnel or third party responsible
for its operation or maintenance)?
E2
01D02-04
Does this contract cover all (real) costs of investigation and research of the causes and consequences of the disaster?
E2
01D02-05
Does the insurance contract cover (real) costs of re-initialization of information systems affected by the disaster (restart costs and
cost of tests following restart, costs of data reconstruction)?
E2
01D02-06
Does this contract cover all additional operating costs (cover of costs and expenses liabilities, costs incurred to limit operational
shutdown)?
E2
01D02-07
Does the insurance policy cover additional costs incurred by the organization to re-establish its image with clients or partners?
01D02-08
Does the policy cover overall loss of turnover incurred due to the disaster?
01D02-09
Is the choice of computer and information system cover (exclusions, guarantees) decided jointly with Information Technology
management and reviewed regularly?
01D02-10
Does the level of guarantee and deductible cover the survival of the company in the case of a disaster?
E2
01D02-11
Does the level of guarantee and deductible allow the company to survive a disaster without major consequences?
E2
01D03
ISO 27002
E1
E2
3
E2
E2
01D03-01
Is the organization covered by personal liability insurance including the consequences of computer disasters (Professional Liability,
Product Personal Liability)?
E1
01D03-02
Does the contract cover the usual causes of this type of damages: accident (breakage, bugs etc.), human error (data entry errors,
programming errors etc.), malicious entry (frauds, intrusions, service denial, including company personnel or third party responsible
for its operation or maintenance)?
E2
01D03-03
Does the insurance policy cover additional costs incurred by the organization to re-establish its image with clients or partners?
E2
01D03-04
Is the choice of computer and information system cover (exclusions, guarantees) decided jointly with Information Technology
management and reviewed regularly?
E2
01D03-05
Does the level of guarantee and deductible cover the survival of the company in the case of a disaster?
341702815.xls ! 01 Org
E2
page 18
1 variant
Question
Does the level of guarantee and deductible allow the company to survive a disaster without major consequences?
Max
Min
Typ
E2
01D04-01
01D04-02
Does the contract cover all possible causes of loss of key personnel such as airplane or automobile accidents, illness, individual or
group resignation?
E2
01D04-03
Does the insurance policy cover additional running costs incurred by loss of key personnel?
E2
01D04-04
Does the insurance policy cover additional costs incurred by the organization to re-establish its image with clients or partners?
E2
01D04-05
Does the insurance policy cover operational losses incurred by the disaster?
E2
01D04-06
Is the choice of computer and information system cover (exclusions, deductibles) decided jointly with Information Technology
management and updated regularly?
E2
01D04-07
Does the level of guarantee and deductibles cover the survival of the company in the case of a disaster?
E2
01D04-08
Does the level of guarantee and deductibles allow the company to survive a disaster without major consequences?
E2
01D05
ISO 27002
E2
01D05-01
E1
01D05-02
Is the level of guarantee for IT related assets the result of a specific study made in conjunction with the IT department (on the
basis of a risk analysis carried out recently -within less than three years)?
E1
01D05-03
Is there a regular check (at least once per year) of the insurance contracts by the insurance manager, in consultation with the
relevant sector managers, with an adjustment of the cover with the broker or insurance agent if required?
E2
01D05-04
Is there a regular check (at least once per year) of the insurance contracts by the insurance manager, in consultation with the
relevant sector managers, with an adjustment of the cover with the broker or insurance agent if required?
E2
01D05-05
Do the relevant sector managers participate in the study of the coverage limits (exclusions, deductible, ceiling, etc) defined in the
contracts?
E2
01D05-06
Has there been an analysis of the transfer of risks depending to the various types of partners ?
E.g. service and product providers, hosting services, clients
E2
01E
Business continuity
01E01
01E01-01
Has an analysis been carried out of the criticality of applications in order to underscore the requirements of service continuity?
An in-depth analysis supposes that a list of incidents or failure scenarios and all the foreseeable consequences is established
E1
14.1.2
01E01-02
Has this analysis allowed the minimum service requirements to be defined for each application and system and have these
minimum service requirements been accepted by the users (information owners)?
E1
14.1.2
01E01-03
Are there processes, regularly implemented, for risk analysis linked to information, possibly leading to a disruption of the company
activities and thus a definition of the security requirements, responsibilities, procedures to apply and implement to allow the
development of a business continuity plan?
E2
14.1.1
E1
14.1.3
E2
14.1.3
E2
14.1.3
01E02
01E02-01
Have Business Continuity Plans (BCP) been designed, from a criticality analysis, for each critical activity?
01E02-02
Do these plans foresee all measures to undertake to ensure business continuity between the alert and the eventual
implementation of alternative solutions set forth by the technical Disaster Recovery plans?
01E02-03
Do these plans cover all organizational aspects related to the "manual" continuity solution (personnel, logistics, coaching, etc.)?
341702815.xls ! 01 Org
page 19
1 variant
Question
Max
Min
Typ
ISO 27002
01E02-04
Have instructions and training been given to implied personnel for the operation of the continuity plans?
01E02-05
Do the business continuity plans include procedures for returning to normal activity?
01E02-06
01E02-07
Does implementation of these plans result in an acceptable level (impact limited to 2) of all critical malfunctions?
This question is intended to insure that the effectiveness of this service is not overstated.
01E02-08
Is there a manager responsible for the creation, monitoring, and testing of these plans?
C1
14.1.5
01E02-09
C1
14.1.5
01E02-10
Are the test results analyzed by management and the relevant stakeholders?
C1
14.1.5
01E02-11
01E03
14.1.3
E2
14.1.3
E2
2
E2
E2
14.1.5
C1
R1
E1
01E03-01
Are there recovery solutions to reduce the impact if the work environment is not available (workplace unavailable, power outage,
telephone outage, etc)?
01E03-02
Are these solutions described in detail in the Workplace Recovery Plans (WRP), including trigger rules, actions to take, priorities,
people to mobilize and their contact details?
01E03-03
R1
01E03-04
Is the case of failure or non-availability of a crisis solution envisaged, and for each case is there a secondary backup plan?
R2
01E03-05
Are the recovery solutions usable for an unlimited period of time, and if not, has a second solution been identified to replace the
initial solution after a predetermined time period?
E2
01E03-06
C1
341702815.xls ! 01 Org
E1
page 20
Comments
341702815.xls ! 01 Org
page 21
Comments
341702815.xls ! 01 Org
page 22
Comments
341702815.xls ! 01 Org
page 23
Comments
341702815.xls ! 01 Org
page 24
Comments
341702815.xls ! 01 Org
page 25
Comments
341702815.xls ! 01 Org
page 26
Comments
341702815.xls ! 01 Org
page 27
Comments
341702815.xls ! 01 Org
page 28
Comments
341702815.xls ! 01 Org
page 29
341702815.xls ! 01 Org
page 30
341702815.xls ! 01 Org
page 31
341702815.xls ! 01 Org
page 32
341702815.xls ! 01 Org
page 33
341702815.xls ! 01 Org
page 34
341702815.xls ! 01 Org
page 35
341702815.xls ! 01 Org
page 36
341702815.xls ! 01 Org
page 37
341702815.xls ! 01 Org
page 38
341702815.xls ! 01 Org
page 39
341702815.xls ! 01 Org
page 40
341702815.xls ! 01 Org
page 41
341702815.xls ! 01 Org
page 42
341702815.xls ! 01 Org
page 43
341702815.xls ! 01 Org
page 44
341702815.xls ! 01 Org
page 45
341702815.xls ! 01 Org
page 46
341702815.xls ! 01 Org
page 47
02A
1 variant
Question
Max
Min
Typ
ISO 27002
02A01
02A01-01
Are permanent or semi permanent (for a specific length of time) access rights to each site or building (or to a number of floors)
based on typical profiles (staff on permanent or limited contracts, temporary staff, students, service providers etc.) and to
functional roles in the organization?
Access rights should be granted to activity profiles and not to named individuals.
E1
02A01-02
Is there a list, kept up-to-date, of these profiles and the people responsible for granting access rights for each of them?
E2
02A01-03
Are the rights and the validity conditions attributed to profiles reviewed by the site or general security manager?
E2
02A01-04
Do the profiles also allow definition of working time limits (daily hours and periods in the working calendar, weekends, holidays
etc.)?
E2
02A01-05
Are these rights and profiles as defined above protected against any possibility of alteration or falsification during their storage or
when transferred between decision makers and the personnel in charge of implementing the rights?
R1
02A01-06
Is there a regular audit, at least once a year of all rights attributed to the various categories of personnel and a review of the
pertinence of those access rights?
C1
02A02
02A02-01
Does the procedure of granting permanent or semi permanent access authorization require the formal acceptance of line
management or of the unit managing the external contractor (at a sufficiently senior level)?
An access authorization is granted to a person, it may provide access rights based on the job profile he or she is linked to. It is
usually materialized by a badge carried by the employee.
E1
02A02-02
Is the procedure for granting (or modification or retraction) of access authorization documented and strictly controlled?
A strict control requires a formal recognition of the signature (electronic or otherwise) of the requestor, that the implementation of
the profile attributed to users is highly secure and that each operation is recorded (mentioning the date of issue of the badge and
its length of validity) that there be a reinforced access control over the modification of such records and that any modification of
records be logged and audited.
E2
02A02-03
E2
02A02-04
E2
02A02-05
Are these access authorization badges or cards personalized i.e. with the name and picture of the owner?
E2
02A02-06
Can the list of valid access authorizations and corresponding profile be reviewed at any time?
02A02-07
Is there a rapid and systematic process for revoking access authorizations (revocation of the badge to the automatic access
control equipments) and return of the corresponding badge or card at the time of departure of internal or external personnel,
change of site attachment (when the authorization is site dependent) or at the end of mission?
02A02-08
Is there a procedure enabling the subsequent detection of irregularities in the management of access authorizations (badge or
card not returned, usage of a lost badge, false badge etc.)?
02A03
02A03-01
E2
2
E2
C1
341702815.xls ! 02 Sit
E1
9.1.1
page 48
1 variant
W
Max
02A03-02
Is there an operational system (automatic or by security guard) for controlling pedestrian and vehicular access to the site?
E2
02A03-03
Does this system guarantee that all people entering are checked?
An efficient control assumes a double or revolving door, or a security guard who allows only one person to pass at a time (for
pedestrians) and for vehicles entering the site, controls all people present in the vehicle.
E3
02A03-04
Does such a system, if dependent on a badge, guarantee that the same badge cannot be used by a second person (by, for
example, memorizing all entries and not allowing a further entry without an intervening exit)?
02A03-05
In the case where presentation of a badge or card is required to gain access to a site, is there the possibility to immediately
validate the authenticity and validity of the card or badge?
E2
02A03-06
Are the automatic access control systems under 24 hr surveillance enabling the detection of a failure, a system deactivation or
the usage of emergency exits in real time?
R1
02A03-07
Is there a procedure or automatic alert enabling the immediate intervention of security personnel in the case of failure of the
access control system (or the usage of an emergency exit)?
R2
02A03-08
Is there a control procedure enabling the detection of irregularities in the access control procedure (audit of procedures and
parameters of access control systems, audit of exceptions and of interventions etc.)?
C1
02A04
Question
Min
Typ
E3
9.1.1
02A04-01
Is there an operational intrusion detection system to the site, linked to a 24 hr monitoring center?
02A04-02
Does this system detect all boundary incursion, all forced attempts to open locked exits (windows and doors), all opening of
emergency exits and all exits kept open abnormally?
E2
02A04-03
Is this system backed up by a video and audio control system which allows the surveillance team to make a first analysis or
dismiss uncertainty from a distance?
E3
02A04-04
Is the surveillance team dedicated to its task, having only security responsibilities and are any alarms immediately detected and
treated as the highest priority?
E3
02A04-05
In the case of an intrusion detection alarm, does the surveillance team have the possibility of sending out an intervention team
without delay to verify the cause of the alarm and to take appropriate action?
E2
02A04-06
Sites Security
E3
02A04-07
Is there an advisory document clearly stating exactly what action to take in the case of each alarm envisaged?
02A04-08
Is the intrusion detection system itself under surveillance (alarm in the case of inhibition, auto-surveillance by camera etc.)?
R1
02A04-09
Are intrusion control points and procedures for reaction to intrusions audited regularly?
C1
02A05
ISO 27002
9.1.1
E2
9.1.1
E2
Access to the loading and unloading areas (goods receipt and consignment) or to areas open to public
02A05-01
Are there specific access control mechanisms from outside through delivery and loading zones in place?
E2
9.1.6
02A05-02
Are the delivery and loading zones established in such a way that the delivery men cannot have access to inner parts of the
building or the site?
E2
9.1.6
02A05-03
Are there specific measures allowing to isolate the moves of external public and the access from the rest of the building?
E2
9.1.6
E3
9.1.4
02B
02B01
02B01-01
341702815.xls ! 02 Sit
page 49
1 variant
Question
Max
Min
Typ
ISO 27002
02B01-02
Has a thorough and systematic analysis of all the conceivable industrial risks for the site been conducted?
Potential risks are: high risk site nearby (Seveso like), dangerous internal installations, gas station, transport of dangerous
materials...
E3
9.1.4
02B01-03
Was each situation considered highly improbable or were appropriate measures taken?
E3
9.1.4
11.1.1
02C
02C01
02C01-01
Has it been established a management policy for access rights to office area, built from an analysis of the security requirements
based on the business stakes?
E1
02C01-02
Have office areas been partitioned into protected security zones corresponding to homogeneous security constraints and spaces
of confidence within which information can be freely exchanged?
E2
02C01-03
Has it been ensured that the access control rules to assets are coherent with this partitioning into protected zones?
Assets considered may be data, documents and equipments installed within these zones or accessible from them.
E2
02C01-04
Have specific procedures been defined for each kind of external person, including providers, induced to intervene in the offices
(consultants, maintenance or cleaning staff, etc.): specific budge, accompanying person, previous authorization mentioning the
identity of the beneficiary, etc)?
02C01-05
Is there a systematic updating process for the partitioning rules of the office zones?
C1
02C02
E2
02C02-01
Is an automatic authentication and access control system used for protected areas?
E2
02C02-02
Are there a procedure and calling means that people who do not have authorization can use to access the protected areas?
E3
02C02-03
In the case of a person without authorization entering these areas, does the procedure, guarantee that the person will be
accompanied?
E3
02C02-04
Is there a procedure or automatic alert enabling the immediate intervention of security personnel in the case of failure or
invalidation of the access control system?
R1
02C02-05
Is the access control system for protected office areas equipped with a no pass-back mechanism?
E3
02C02-06
Is authentication based on tamper-proof means associated with the user (for example a badge, smart card, or biometric
recognition system)?
E2
02C02-07
Does the mechanism use strong authentication of the user, with two identifying factors?
E3
02C02-08
Does the mechanism provide a temporary means of access, to allow for lost, stolen or forgotten badges?
02C02-09
Does the temporary means of access grant only access to a strictly limited area?
E3
02C02-10
Does the access control system guarantee exhaustive checking of the people entering the premises (turnstile preventing more
than one person from entering at a time, a process to prevent a badge being used by more than one person, etc)?
E3
02C02-11
In addition to controlling access by the normal routes, is access by other routes (such as windows accessible from outside,
emergency exits, or through false floors or ceilings) monitored?
E1
02C02-12
Are the systems that provide automatic access control to protected areas operational and monitored permanently (24x24) so that
any outage or deactivation is flagged in real time?
02C02-13
Are the emergency exits monitored permanently (24x24) so that their use can be checked in real time?
E2
02C02-14
Is there an audit process to detect, after the event, any anomalies in the access control system (audit of the procedures and
configuration of the access control system, audit of exception procedures and intervention, etc)?
C1
02C02-15
C1
341702815.xls ! 02 Sit
E3
R1
page 50
1 variant
Question
Max
Min
Typ
02C03-01
Does the procedure of granting access rights to a protected office area require the formal authorization of the manager of the
protected area?
E1
02C03-02
Is the authenticity of requests for attribution of access rights verifiable and verified (signature control ) ?
E2
02C03-03
Are the authorizations accorded to named individuals and registered (with a mention of the day of the authorization and the
duration of its validity)?
E2
02C03-04
E3
02C03-05
Is there a systematic process of removal of access rights to a protected office area at the time of departure ?
E2
02C03-06
Is there a systematic process of removal of access rights to a protected office area at the time of transfer or role change of staff?
E3
02C03-07
Is there a regular audit, at least once a year, of all access rights currently attributed to each protected office area?
This audit should also analyze the relevance of the authorizations granted.
C1
02C03-08
E2
02C03-09
E3
02C03-10
Is there a procedure enabling the subsequent detection of irregularities in the management or the use of access rights (badge or
card not returned, usage of a lost badge, false badge etc.)?
R1
02C04
02C04-01
Is there an operational system, linked to a 24 hr monitoring center, detecting the forcing of exits to the protected office zones?
This system must monitor forced openings of exits (doors and windows), the usage of an emergency exit or their being kept
open, etc.
E2
02C04-02
Is there an operational system detecting the presence of persons outside normal working hours, linked to a 24 hr monitoring
center?
This system should control the presence of persons (volumetric detection, etc.). It may also be a video surveillance system linked
to a 24 hr monitoring center.
E2
02C04-03
Is this system backed up by a video and audio control system which allows the security team to make a first analysis or remotely
dismiss uncertainty?
E2
02C04-04
In the case of an intrusion detection alarm, does the surveillance team have the possibility of sending out an intervention team
without delay to verify the cause of the alarm and to take appropriate action?
E2
02C04-05
Has the security team sufficient resources to cover the eventuality of multiple alarms set off intentionally?
E2
02C04-06
Is the location of electronic systems for detection and processing of alarms protected 24 hrs a day by an access control system
and by an intrusion detection system?
R1
02C04-07
Is the intrusion detection system itself monitored (alarm in the case of shutdown, video auto-surveillance etc.)?
R2
02C04-08
Are the control points for intrusion detection and the procedures for action subsequent to intrusion subject to regular audit?
C1
02C05
ISO 27002
02C05-01
Is there a complementary video surveillance system, complete and coherent, for protected office areas, able to detect movement
and abnormal behavior?
02C05-02
In the case of an alarm, does the surveillance team have the possibility of sending out an intervention team without delay to verify
the cause of the alarm and to take appropriate action?
E2
02C05-03
Has the security team sufficient resources to cover the eventuality of multiple alarms set off intentionally?
E2
341702815.xls ! 02 Sit
E2
page 51
1 variant
Question
Max
Min
Typ
02C05-04
Is the security surveillance team also on duty at times when cleaning of sensitive locations is done?
02C05-05
E3
02C05-06
Is the intrusion detection system itself under surveillance (alarm in the case of shutdown, video auto-surveillance etc.)?
R2
02C05-07
Are procedures for surveillance and intervention in the case of abnormal behavior audited regularly?
C2
02C06
ISO 27002
E2
Control of movement of visitors and occasional service providers required to work in the offices
02C06-01
Is there a general control of movement of visitors and occasional service providers (time stamping at arrival and departure,
signature of the person visited, etc.)?
E1
9.1.2
02C06-02
Are visitors and occasional service providers always accompanied (on the way in, return to reception, intervening movements )?
E1
9.1.2
02C06-03
Are visitor reception zones set aside specifically for that purpose comprising only welcoming areas, meeting rooms or zones
accessible to the public?
E2
9.1.2
02C06-04
Have specific procedures been defined for each type of external service provider given to operate in the offices (IT service
company, maintenance company, cleaning staff, etc.) such as the wearing of a personalized badge, accompaniment by staff, prior
authorization indicating the name of the operative etc?
E2
9.1.2
02C06-05
Do these procedures ensure that the service provided corresponds to the expressed requirement and that the actions of the
service provider are limited only to that requirement?
E2
02C06-06
Are visitors and occasional service providers recorded in such a way as to enable a subsequent verification of the reason of their
visit and has a procedure been put in place which enables the detection of dishonesty or abuse?
E2
02C06-07
Is there a secure way to register the departure of visitors (e.g. keeping their identity card)?
E2
02C06-08
Are the control procedures of visitors and occasional service providers movements regularly audited?
C1
02D
02D01
02D01-01
Are there facilities available for the staff to put away, close to their desk, commonly used documents requiring a high degree of
preservation or protection?
E2
02D01-02
Do these facilities allow to protect important documents from risks of water damage or flooding?
E2
02D01-03
Do these facilities allow to protect important documents from risks of fire (fireproof vaults) ?
E2
02D01-04
Are the premises used for the storage of these documents equipped with reinforced access control and intrusion detection?
E2
02D01-05
Does the shutdown of these security systems (fire, water damage, access control, intrusion detection) trigger an alarm with a
surveillance center able to intervene rapidly?
R1
02D01-06
02D02
C2
02D02-01
Do security procedures and instructions define the rules for protecting documents and information support media situated in
offices (regardless of the type of support media)?
E1
02D02-02
Do the security procedures and instructions detail the rules for protecting laptop microcomputers (storage, securing by cable
etc.)?
E1
02D02-03
Do the security procedures and instructions also detail the rules for protecting Tablet PCs, electronic personal assistant or
telephones which may contain sensitive information?
E2
02D02-03
Do the security procedures and instructions detail the rules relative to the printing of sensible documents?
E2
02D02-04
Do the security procedures and instructions detail the rules for the distribution of sensible documents?
E2
341702815.xls ! 02 Sit
10.7.1
page 52
1 variant
Question
Max
Min
Typ
02D02-05
Do the security procedures and instructions detail the rules relative to the handling of sensible documents while carried outside
the organization?
02D02-06
Do staff have secure storage facilities (secure cupboards ) immediately available on request, in the office or in close proximity to
the office at any time?
02D02-07
Are staff regularly made aware of the necessity to protect documents and other sensitive support media in their offices ?
E2
02D02-08
Do security staff regularly check (effecting regular rounds) the application of document tidying rules and various support media
situated in offices ?
C1
02D02-09
Are these controls also effected during opening hours, in the absence of the regular occupants of the offices?
C2
02D02-10
Is the application of the security rules relative to the printing and distribution of sensitive documents regularly audited?
C2
02D03
E2
02D03-01
E2
02D03-02
Do staff have available a means of secure destruction for sensitive documents (shredders, special paper collection )?
E1
02D03-03
Do the paper destruction facilities available to personnel offer a solid guarantee that documents destroyed cannot be
reconstituted?
For this, the shredder used must cross cut.
E2
02D03-04
Is the capacity of the paper destruction facilities available to personnel compatible with the average volume of documents to
destroy?
E1
02D03-05
E2
02D03-06
02D04
C1
02D04-01
Is the incoming and outgoing mail sorting and dispatching office kept locked when staff are not present?
E1
02D04-02
Is the incoming and outgoing mail sorting and dispatching office protected against risks of fire and water damage (automatic
detection and triggering of an alarm with a surveillance center able to intervene rapidly?
E1
02D04-03
Does the mail delivery round ensure that only the intended recipient department or person has access to its or their mail (locked
post boxes, direct distribution and delivery direct to the intended person etc.)?
E1
02D04-04
Within the office spaces, is any mail, either outgoing or incoming, kept aside so as not to be read by an unintended third party?
E2
02D04-05
Is confidential mail rendered neutral (double envelope with the degree of classification only being indicated on the internal
envelope)?
E2
02D04-06
E2
02D04-07
C1
02D05
ISO 27002
E2
02D05-01
Is there a procedure or instruction stating the modes for sending and receiving confidential faxes?
E1
02D05-02
Is the location of each fax machine kept locked when staff are not present?
E1
02D05-03
Is the incoming and outgoing faxes office protected against risks of fire and water damage (automatic detection and triggering of
an alarm with a surveillance center able to intervene rapidly?
E1
02D05-04
Does the fax delivery round ensure that only the intended recipients department or person has access to its or their faxes (locked
post boxes, direct distribution and delivery direct to the intended person)?
E1
341702815.xls ! 02 Sit
page 53
1 variant
W
Max
02D05-05
Have the possibilities and modes of remote fax retrieval with password been explained to personnel and relevant advice
displayed near to fax machines?
E2
02D05-06
Is the remote retrieval with password mode obligatory for the sending or receipt of a confidential fax?
02D05-07
C1
02D06
Question
Min
Typ
ISO 27002
E2
Conservation and protection of important documents (to be preserved during a long period)
02D06-01
Is there a department specifically responsible for keeping and protecting important documents that need to be kept for a long
period of time?
Such as important originals, elements usable as proof, documentary evidence, etc.
E2
13.2.3
02D06-02
Is there a procedure which obliges users to use this service for all documents usable as proof, documentary evidence or
important originals?
E2
13.2.3
02D06-03
Are the corresponding documents kept in fireproof safes, themselves located in rooms with appropriate equipments for fire
detection and extinguishing, flooding detection and water draining?
E2
02D06-04
Are the rooms used to store these documents equipped with reinforced access control and intrusion detection systems?
E2
02D06-05
Does the shutdown of security systems (fire, water damage, access control, intrusion detection) trigger an alarm with a
surveillance center able to intervene rapidly?
R1
02D06-06
C1
02D06-07
Are the storage conditions and associated security systems subject to regular audit?
C1
02D07
02D07-01
Is there a department specifically responsible for archiving documents to be kept for a long range?
E2
02D07-02
Is there a procedure which obliges users to use this archiving service for all documents to be kept for a long range?
E2
02D07-03
Are the delays for archiving or returning documents in accordance with the expectations of users?
Otherwise users may prefer to keep the documents next to them.
E2
02D07-04
Are the rooms used for archives quipped with appropriate equipments for fire detection and extinguishing, flooding detection
and water draining?
E2
02D07-05
Are these rooms equipped with reinforced access control and intrusion detection systems?
E2
02D07-06
Are the archive rooms under video-survey when they are not occupied?
E3
02D07-07
Are the cartons for archives marked without reference to their content?
E2
02D07-08
Are the correspondence tables associating the content to the reference of archives not accessible to the personnel in charge of
managing physically the cartons of archives?
02D07-09
E2
02D07-10
Does the shutdown of security systems (fire, water damage, access control, intrusion detection) trigger an alarm with a
surveillance center able to intervene rapidly?
R1
E3
02D07-11
E2
02D07-12
E2
02D07-13
02D07-14
Does this procedure guarantee that the requester has the appropriate rights?
02D07-15
Are the archives protected against any diversion during their transport between the archiving room and the requester?
02D07-16
Are the storage conditions for archives and associated security systems subject to regular audit?
341702815.xls ! 02 Sit
E2
3
E2
E2
C1
page 54
Comments
341702815.xls ! 02 Sit
page 55
Comments
341702815.xls ! 02 Sit
page 56
Comments
341702815.xls ! 02 Sit
page 57
Comments
341702815.xls ! 02 Sit
page 58
Comments
341702815.xls ! 02 Sit
page 59
Comments
341702815.xls ! 02 Sit
page 60
Comments
341702815.xls ! 02 Sit
page 61
341702815.xls ! 02 Sit
page 62
341702815.xls ! 02 Sit
page 63
341702815.xls ! 02 Sit
page 64
341702815.xls ! 02 Sit
page 65
341702815.xls ! 02 Sit
page 66
341702815.xls ! 02 Sit
page 67
341702815.xls ! 02 Sit
page 68
1 variant
R-V1 R-V2 R-V3 R-V4
Question
Max
Min
Typ
ISO 27002
General Maintenance
03A
03A01
03A01-01
Does the energy supply conform to the maximum load levels specified by installed equipment suppliers and with a sufficient
margin?
E2
9.2.2
03A01-02
Is there an electricity regulation system which includes at least an uninterruptible power supply for the most sensitive equipment?
E2
9.2.2
03A01-03
Are there backup batteries (supplying one or more uninterruptible power supplies) guaranteeing sufficient autonomy that
equipment shuts down safely and properly?
E2
9.2.2
03A01-04
Is the energy supply system fitted with a control system which signals to the intervention team any partial or complete failure of
equipment (disconnection of batteries, insufficient charge, uninterruptible supply system shutdown etc.)?
03A01-05
Are energy regulation systems checked frequently (battery capacities in particular) in comparison to system requirements
(autonomy needed to ensure a proper shutdown)?
03A01-06
Is the regular replacement of intermediate batteries effected in accordance to the manufacturers' specifications?
E2
E1
9.2.2
E1
9.2.2
03A02
R1
C2
03A02-01
Has it been established a documented policy relative to the requirements about power supply continuity (and all fluids in
general)?
03A02-02
Is there a backup energy supply capable of guaranteeing service continuity of critical equipment (making use a generator and
sufficient independent supply of fuel or independent energy feed)?
03A02-03
Is the backup system tested regularly in order to define the appropriate load required (retaining only critical equipment load
levels)?
03A02-04
Is the start-up routine for the backup system tested regularly and its compatibility with the requirements of service continuity (tests
include system run-down and eventual reconfiguration needed)?
E2
03A02-05
Is the backup energy supply system equipped with an alarm which signals to the intervention team any partial unavailability or
failure of equipment (failure of the backup system, low fuel, shutdown of detection or switching system etc.)?
R1
03A03
C1
03A03-01
Is there an air conditioning system which regulates air quality (temperature, pressure, water content, dust) corresponding to the
specifications of builders of installed equipment?
E2
03A03-02
Is the air conditioning system regularly tested to ensure that it will continue to function even in the worst climatic conditions
possible?
C1
03A03-03
Will the air conditioning system continue to function within the specifications despite a simple component failure (sufficient
equipment redundancy, backup air conditioning system etc.)?
E3
03A03-04
Is the capacity of the air conditioning system tested regularly in spite of a simple equipment failure and under the worst possible
climatic conditions?
03A03-05
Is there a redundancy system for the most critical air conditioning equipments?
03A03-06
Is the accidental or deliberately caused failure (shutdown) of the air conditioning system detected and signaled to an intervention
team able to react swiftly?
03A03-07
Is the security of the air-conditioning system (detection of failure, shutdown, intervention procedures) subject to a regular audit?
03A04
03A04-01
C2
R1
C1
9.2.2
9.2.2
E2
Quality of cabling
Is a file maintained detailing all cable paths and bays (with a backup copy) and associated cabling cabinets and their
characteristics?
341702815.xls ! 03 Pre
E1
9.2.3
page 69
1 variant
R-V1 R-V2 R-V3 R-V4
Number
Question
03A04-02
03A04-03
03A04-04
03A04-05
C1
03A04-06
C1
03A05
Min
Typ
9.2.3
E2
9.2.3
E1
9.2.3
Lightning protection
Is the building protected by a lightning conductor?
03A05-02
Are electrical circuits and cabling protected against surges and against lightning by specialized equipment?
03A05-03
E1
E1
3
C1
03A06-01
Is there a complete and accurate list of all the service equipment required by the IT and communications systems (cold water, air,
specific supplies, etc)?
E2
03A06-02
Is each equipment covered by a maintenance contract tailored to the requirements of the expected service?
C1
03A06-03
For the most critical services, is there system redundancy or a rapid replacement capability?
03A06-04
Are all outages, whether unplanned (breakdown) or planned (stoppage), of service equipment detected and flagged to an
intervention team for rapid reaction?
R1
03A06-05
Is the dependability of service equipment (detection of breakdown or outage, intervention procedures, etc) audited regularly?
C1
03B
ISO 27002
E2
03A05-01
03A06
Max
2
9.2.2
E2
03B01
03B01-01
Are permanent or semi permanent (for a specific length of time) access rights to sensitive locations defined in relation to standard
profiles accounting for the function and status of staff?
These profiles should consider technical, telecom, general maintenance or security staff, fire brigade, service providers, students
or visitors, etc.
03B01-02
Have an inventory and a classification of all the types of sensitive locations been taken?
E2
03B01-03
Has, for each sensitive location or type of location, a manager been named to maintain up-to-date security access rights
attributed to each category of personnel and has each of the managers taken up their post?
E1
03B01-04
Do these persons in charge actually assuming this function and do they provide reports to the CISO about it?
03B01-05
Do the profiles also allow definition of working time limits (daily hours and periods in the working calendar, weekends, holidays
etc.)?
03B01-06
Are these rights and profiles as defined above protected against alteration or falsification during their storage or when
transferred between decision makers and the personnel in charge of implementing the rights?
R1
03B01-07
Is there a regular audit or inspection, at least once a year, of all rights given to the various categories of personnel and of the
management processes for these rights as well?
C1
E1
03B02
03B02-01
E1
9.1.2
E2
E2
9.1.2
341702815.xls ! 03 Pre
page 70
1 variant
R-V1 R-V2 R-V3 R-V4
Number
Question
Max
03B02-02
Is the procedure for granting (or modification or revocation) of access authorizations, for each type of sensitive location,
documented and strictly controlled?
A strict control requires a formal recognition of the signature (electronic or otherwise) of the requestor, that the implementation of
the profile attributed to users is highly secure and that each operation is recorded (mentioning the date of issue of the badge and
its length of validity) that there be a reinforced access control over the modification of such records and that all record
modifications be logged and audited.
03B02-03
Are access authorizations granted to named individuals as a function of profile and materialized by a badge or a card or a key?
E2
03B02-04
Are badges or cards which represent access authorizations personalized using the name of the holder and his or her
photograph?
E2
03B02-05
Can the list of access authorizations and corresponding profile be reviewed at any time?
E3
03B02-06
Is there a rapid and systematic process of attribution and revocation of access authorizations (with invalidation of the badge in
automatic control systems) and the return of the badge or corresponding card at time of change of site (if access rights depend
on the site), departure from the company or at the end of a contract and applied both to internal and external staff?
E2
03B02-07
Are keys or badges stored in a locked secure box or cupboard resistant to break in?
For example: certified safes
E2
03B02-08
Is it prohibited to enter the sensible premises with means of photo, video, or audio taping?
03B02-09
Is there a regular audit, at least once a year, of all the badges attributed to all categories of staff and of the pertinence of the
corresponding authorizations?
C1
03B02-10
Is there a procedure enabling the subsequent detection of irregularities in the management of access authorizations (badge or
card not returned, usage of a lost badge, false badge etc.)?
03B03
Min
Typ
E3
9.1.5
C2
03B03-01
03B03-02
Does authentication employ user related data that cannot be falsified (smart cards or biometric data for example)?
For example :(smart cards, biometric data, digital key, ...
E3
03B03-03
Does the access control system guarantee that all personnel entering the location are verified?
For example: double door limiting the number of people entering to one-at-a-time or a process which prohibits the usage of a
badge by more than one person etc.
E2
03B03-04
Is control assured of all entry and exit points including both normal exits and others such as windows accessible from outside,
emergency exits, potential access via raised flooring and false ceilings?
E2
03B03-05
Are the automatic access control systems under 24 hr surveillance enabling the detection of a failure, a system deactivation or
the usage of emergency exits in real time?
R1
03B03-06
Is there a procedure or automatic alert enabling the immediate intervention of security personnel in the case of a shutdown alarm
of the access control system (or usage of emergency exit)?
R2
03B03-07
Is there an audit procedure enabling the detection of irregularities in the access control procedures (audit of procedures and
parameters of access control systems, audit of exceptions and of interventions etc.)?
C1
03B04
ISO 27002
E2
E1
9.1.2; 9.1.5
03B04-01
Is there an operational on site intrusion detection system for sensitive locations linked to a 24 hr monitoring center?
E1
03B04-02
Does this system detect all attempts to force open locked exits (windows and doors), all opening of emergency exits and all
normal exits abnormally kept open?
E2
03B04-03
Does this system detect the presence of personnel outside of normal working hours?
E2
341702815.xls ! 03 Pre
page 71
1 variant
R-V1 R-V2 R-V3 R-V4
Number
Question
Max
03B04-04
Is this system backed up by a video and audio control system which allows the security team to make a first analysis or dismiss
uncertainty from a distance?
E3
03B04-05
Is the surveillance team dedicated to its task, having only security responsibilities and are any alarms immediately detected
treated as the highest priority?
E3
03B04-06
In the case of an intrusion detection alarm, does the surveillance team have the possibility of sending out an intervention team
without delay to verify the cause of the alarm and to take appropriate action?
E2
03B04-07
Has the security team sufficient resources to cover the eventuality of multiple alarms set off intentionally?
E3
03B04-08
Is there an advisory document clearly stating exactly what action to take in the case of each alarm envisaged?
03B04-09
Is the intrusion detection system itself under surveillance (alarm in the case of shutdown, auto-surveillance by camera etc.)?
R1
03B04-10
Are intrusion control points and procedures for reaction to intrusions audited regularly?
C1
03B05
Min
Typ
E2
03B05-01
Is the perimeter or surroundings of sensitive locations under complete and coherent surveillance by video or direct visual means?
03B05-02
Is the surveillance team dedicated to its task, having only security responsibilities and are any alarms immediately detected and
treated as the highest priority?
03B05-03
In the case of an alarm, does the surveillance team have the possibility of sending out an intervention team without delay to verify
the cause of the alarm and to take appropriate action?
03B05-04
Has the security team sufficient resources to cover the eventuality of multiple alarms set off intentionally?
03B05-05
Is there an advisory document clearly stating exactly what action to take in the case of each alarm envisaged?
E2
03B05-06
E3
03B05-07
Is the intrusion detection system itself under surveillance (alarm in the case of shutdown, auto-surveillance by camera etc.)?
R1
03B05-08
C1
03B06
E2
3
E3
E2
E3
03B06-01
For sensitive locations, is there an additional, complete and coherent, video surveillance system which detects movement inside
the sensitive location and able to detect abnormal behavior?
03B06-02
Is the surveillance team dedicated to its task, having only security responsibilities and are any alarms detected immediately
treated as the highest priority?
E3
03B06-03
In the case of an alarm, does the surveillance team have the possibility of sending out an intervention team without delay to verify
the cause of the alarm and to take appropriate action?
E2
03B06-04
Has the security team sufficient resources to cover the eventuality of multiple alarms set off intentionally?
E3
03B06-05
Is the security surveillance team also on duty at times when cleaning of sensitive locations is done?
E2
03B06-06
03B06-07
Is the intrusion detection system itself under surveillance (alarm in the case of shutdown, auto-surveillance by camera etc.)?
R1
03B06-08
Are procedures for surveillance and intervention in the case of abnormal behavior audited regularly?
C1
03B07
ISO 27002
E2
9.1.5
E3
03B07-01
Is physical access to cabling protected (specific conduits difficult to access or kept locked)?
E2
03B07-02
Are all cable paths kept under video surveillance with alerts in the case of abnormal presence (to signal to staff which screen to
pay particular attention to)?
E3
341702815.xls ! 03 Pre
page 72
1 variant
R-V1 R-V2 R-V3 R-V4
Number
Question
Max
03B07-03
Are locations where it would be possible to place a parasitic device on a LAN or WAN under reinforced security (named
personnel with badge access, biometric security)?
E2
03B07-04
Are locations where it would be possible to place a parasitic device on a LAN or WAN under video surveillance as soon as
accessed (with an alert to surveillance personnel)?
E2
03B07-05
C1
03B08
Min
Typ
ISO 27002
03B08-01
Are the sensible premises located in areas not accessible to the public?
E2
9.1.3
03B08-02
Are the data processing premises exempt of all exterior indication of their content?
E2
9.1.3
03B08-03
E2
9.1.3
E2
9.1.4
03C
03C01
03C01-01
Has there been a systematic and exhaustive analysis of all the possible points at which water might enter?
For example: position of locations relative to natural overflows in the case of flood or violent storms, flooding from floors above,
rupture of hidden or exposed pipes, usage of fire extinguisher systems, overflow of water evacuation conduits, untimely start of
humidifier systems etc.
03C01-02
Have each of the possible water entry points been determined as low risk or have measures been taken to ensure that the risk of
flooding is very low?
For example: pre-emptive fire extinguisher systems, one way valves on exhaust pipes, independent measurement of humidity,
etc.
03C01-03
Are each of the various systems to avoid water damage protected from shutdown and under constant monitoring?
R2
03C01-04
Is there a regular audit of the proper implementation of the measures to prevent water damage and methods to ensure that they
remain pertinent (verification of risk analysis)?
C2
03C02
E3
03C02-01
Are there humidity detectors near to sensitive equipment (in particular in raised flooring) linked to a 24 hr monitoring center?
E2
9.1.4
03C02-02
Are there water detectors nearby sensitive equipment (in particular in raised flooring) linked to a 24 hr monitoring center?
E2
9.1.4
03C02-03
Is there a water leakage detection system on the floor above the location of sensitive equipment linked to a 24 hr monitoring
center?
E3
9.1.4
03C02-04
Does the security desk have the possibility of sending in a rapid intervention team which has sufficient means to act?
For example: knowledge of the location of water cut off points and protected shunts, computers with up-to-date piping plans and
cut off points, plastic covers in order to protect equipment etc.
E2
03C02-05
Has the security team sufficient resources to cover the eventuality of multiple alarms set off intentionally?
E3
03C02-06
Is there an advisory document clearly stating exactly what action to take in the case of each alarm envisaged?
03C02-07
03C02-08
Is the detection equipment regularly tested and are procedures and intervention capabilities regularly audited?
03C02-09
03C03
E2
R1
C1
C1
Water evacuation
341702815.xls ! 03 Pre
page 73
1 variant
R-V1 R-V2 R-V3 R-V4
Question
Max
Min
Typ
03C03-01
Are there permanent means for evacuating water (pumps, natural drain-ways etc.) and a team able to use them effectively?
03C03-02
Is the shutdown of any water evacuation system signaled immediately to a 24 hr monitoring center?
03C03-03
E2
03C03-04
C2
ISO 27002
E2
2
E2
Fire security
03D
03D01
03D01-01
Has an in-depth and systematic analysis been carried out of all fire risks?
For example: short circuits in cables, the effect of lightning, staff smoking areas, normal electrical equipment, heating equipment,
fire spread from outside, spread via technical conduits or via the air conditioning system etc.
03D01-02
Has it been possible to evaluate each risk as highly improbable or taken action to render the risk of fire starting or spreading
highly improbable?
For example: protection of cables in specially adapted conduits, separation of transmission cables from energy supply cables,
protection of sensitive equipment from lightning strikes, smoking ban, fire resistant bins, non-inflammable materials, protection of
electrical circuits by differential circuit breakers, fire detection equipment in nearby locations and in risers etc.
03D01-03
Are the different fire protection systems protected from shutdown and under continual monitoring?
03D01-04
Is there a regular audit of the electric cabling due to changes of the power supply configurations?
For example : control of possible hot points using an infrared camera
03D01-05
Is there a regular audit of the proper implementation of fire prevention measures and methods to ensure that they remain
pertinent?
verification of risk analysis
03D02
E2
E3
R2
C2
C2
Fire detection
03D02-01
Is there an automatic fire detection system for sensitive locations (raised floors and false ceilings if they exist)?
03D02-02
Does the fire detection system have at least two types of detector (for example ionic and optical smoke detector)?
03D02-03
Are the automatic detectors linked to a 24 hr monitoring center, equipped with a system which clearly identifies the location of the
alarms which have been set off?
03D02-04
R1
03D02-05
Is the detection equipment regularly tested? and are procedures and intervention capabilities regularly audited?
C1
03D02-06
C1
03D03
9.1.4
E1
2
9.1.4
E2
E2
Fire extinguishing
03D03-01
Is the monitoring center able to rapidly send in a team which has sufficient means to act (precise diagnosis of the situation,
manual extinguishers, triggering of automatic extinguishers, emergency call)?
E1
03D03-02
Has the security team sufficient resources to cover the eventuality of multiple alarms?
E2
03D03-03
Is there an advisory document clearly stating exactly what action to take in the case of each alarm envisaged?
E2
03D03-04
E2
03D03-05
Are all mobile fire extinguishers regularly controlled by a competent authority (filling, usage manuals, risk reduction, location
etc.)?
E2
03D03-06
Are sensitive locations protected by an automatic extinguishing system (air, raised floors, false ceilings)?
03D03-07
Are automatic extinguishing systems regularly maintained and tested by approved specialists?
03D03-08
Is the shutdown of an automatic fire extinguisher system immediately signaled to a 24 hr monitoring center?
341702815.xls ! 03 Pre
E2
9.1.4
E2
2
R1
page 74
1 variant
R-V1 R-V2 R-V3 R-V4
Number
Question
03D03-09
Is there an installation of armed fire taps near to computer rooms and is this installation periodically and regularly verified and
maintained?
03D03-10
03D03-11
Are regular tests of fire extinguishing equipment and procedures carried out and intervention capabilities regularly audited?
341702815.xls ! 03 Pre
Max
Min
Typ
ISO 27002
E1
E2
3
C1
page 75
Comments
341702815.xls ! 03 Pre
page 76
Comments
341702815.xls ! 03 Pre
page 77
Comments
341702815.xls ! 03 Pre
page 78
Comments
341702815.xls ! 03 Pre
page 79
Comments
341702815.xls ! 03 Pre
page 80
Comments
341702815.xls ! 03 Pre
page 81
Comments
341702815.xls ! 03 Pre
page 82
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Mise jour : janvier 2010
341702815.xls ! 03 Pre
page 83
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
341702815.xls ! 03 Pre
page 84
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
341702815.xls ! 03 Pre
page 85
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
341702815.xls ! 03 Pre
page 86
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
341702815.xls ! 03 Pre
page 87
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Mise jour : janvier 2010
341702815.xls ! 03 Pre
page 88
0
0
0
341702815.xls ! 03 Pre
page 89
1 variant
The extended network is seen here as the network linking separate sites. It is the network architecture between independent units, each
managing their own network (LAN). Connections of mobile machines are assumed to be managed through the local network.
Number
Question
04A
04A01
Max
Min
04A01-01
Have the requirements of service continuity of the extended network been analyzed and, if necessary, has a redundant
architecture been determined for network connection points, equipment and network meshing?
E2
04A01-02
Has a systematic search for single points of failure been carried out and has it been ensured that subsidiary equipment (power
supply and air conditioning etc.) does not introduce or eliminate the redundancy expected in the equipment or network
architecture?
E3
04A01-03
Has a verification of the average and peak load been carried out for each segment of the extended network and has the
compatibility of the network and associated equipment at this load level been verified and is this verification regularly repeated?
E2
04A01-04
Has this analysis been complemented by a study of network capacity to ensure reliability of communications in all cases of failure
of a single link or piece of equipment?
E3
04A01-05
Is there a dynamic measurement of network load and are load balancing tools available?
04A01-06
Do network monitoring and configuration tools allow real time corrective action compatible with the needs of the users?
E2
04A01-07
Are overload detection and load balancing tools accessible only by administrators and are they protected by strengthened access
control?
R2
04A01-08
Is any failure or shutdown of network overload detection and equilibrating equipment signaled immediately to the monitoring
center and to network administrators?
R1
04A01-09
Are regular performance tests of load detection equipment and reconfiguration mechanisms carried out?
C1
04A01-10
Are regular audits carried out of equipment parameters and procedures associated with the load detection and reconfiguration
systems?
C1
04A01-11
Are regular audits carried out of the procedures associated to the load detection and reconfiguration systems?
C1
04A02
E2
04A02-01
E1
04A02-02
Has all critical production equipment been identified, has their performance capability been controlled and have the acceptable
and maximum downtime limits been documented?
E2
04A02-03
Have specifically adapted clauses related to these requirements been set down within maintenance contracts?
04A02-04
Are the penalties of non-compliance with these clauses sufficiently persuasive for the contract holder?
E3
04A02-05
Have escalation procedures been detailed in the case of non-compliance or difficulties in maintenance and do they anticipate the
intervention of specialists within a short delay commensurate with the criticality of the equipment?
R1
04A02-06
Has the number and proximity of specialists been detailed and do they guarantee a sufficiently good level of maintenance within
an acceptable delay?
R2
04A02-07
Do the maintenance contracts anticipate a complete replacement of equipment in the case of significant damage which would not
normally be taken into account by curative maintenance?
E3
04A02-08
04A03
04A03-01
9.2.4
E2
C1
Procedures and Business Contingency Planning following incidents on the extended network
Has a list been established of incidents which could affect the proper functioning of the extended network and analyzed the
seriousness level, for each of them?
341702815.xls ! 04 Wan
E2
page 90
Number
Question
04A03-02
Has it been established, for each critical incident, the solution to implement and the action to execute by operational personnel?
04A03-03
Have sufficient means of intervention (reconfiguration) on the extended network been put in place which cover satisfactorily all of
the scenarios identified and do they allow for the actions decided to be implemented within the specified delays?
04A03-04
For each possible critical incident on the extended network has an expected resolution time and escalation procedure been
determined in the case of failure or delay of the specified corrective actions?
04A03-05
Are the diagnostic, management and reconfiguration tools of the extended network protected against all possible untimely or
malicious action?
04A03-06
Do incident recovery plans and procedures cover the eventual loss of data (especially e-mail messages)?
04A03-07
Are diagnostic and reconfiguration facilities regularly audited in order to assure a satisfactory minimum functioning of the
extended network in the case of an incident?
04A04
Max
Min
E2
E3
3
R1
E3
C1
04A04-01
Has a backup plan been established encompassing all network configurations, defining all objects to save and the frequency of
backups?
E1
10.5.1
04A04-02
04A04-03
Has the backup of programs, (source and executables), documentation and parameters been regularly tested in order to be able
to reconstitute the production environment at any time?
E2
10.5.1
E1
10.5.1
04A04-04
Are operational automatic routines protected by a high level of protection against illicit or unintentional modification?
Such a mechanism may be a digital seal or any equivalent protection system.
R1
10.5.1
04A04-05
Are all configuration backups and files which enable the restoration of the extended network production environment also saved
at a location off premises (recourse backup) ?
E3
10.5.1
04A04-06
Are recourse backup copies stored in a secure location and protected against accidental risk or theft?
Such a location must be protected by strict access control as well as protected against fire or water damage risk.
E3
10.5.1
04A04-07
Are regular tests carried out to read backups and recourse backups?
C1
10.5.1
04A04-08
Are all procedures and plans for backup of configuration files regularly audited?
C1
04A05
04A05-01
Is there an operational recovery solution to make up for the unavailability of any critical equipment or link on the extended
network?
E1
14.1.3
04A05-02
E2
14.1.3
04A05-03
Are these alternative solutions described in detail in one (or several) Disaster Recovery Plan formal and complete?
A complete recovery plan must include the conditions for triggering, the actions to execute, the priorities, the actors to mobilize
and their contact details as well as the conditions for considering the return to the normal state.
E1
14.1.3
04A05-04
C1
14.1.5
04A05-05
Is there a formal guarantee that the capacity and compatibility of these recovery solutions will support a sufficient operational load
which has been approved by all connected entities?
E2
14.1.5
04A05-06
If the recovery solutions include delivery of hardware components which cannot be triggered during tests, is there a contractual
engagement within the recovery plan for the delivery of the replacement hardware within fixed and anticipated time limits
guaranteed by the manufacturer or other third party (leaser, broker, other)?
E2
04A05-07
If the recovery facility (hot site, equipment etc.) is subscribed through a service provider, is the number of other subscribers
known and limited?
E3
04A05-08
Has the possible unavailability or failure of the recovery facility been considered and has a second level backup been organized?
04A05-09
Is the backup solution usable for an unlimited duration and, if not, has a follow on backup solution been established?
341702815.xls ! 04 Wan
R1
E3
page 91
Number
04A05-10
04A06
Question
Are the existence, the pertinence and the updates of the Disaster Recovery Plans regularly audited?
Max
Min
04A06-01
Have the consequences of the disappearance of a supplier of equipment, network service or software been analyzed (in the case
of failure, a bug or change requirement) and has a list of critical points been established?
E2
04A06-02
For each critical point is there a corrective solution to cope with the failure or disappearance of a supplier (consignment of
maintenance documentation with a trusted third party, replacement of equipment or of software by available market solutions
etc.)?
E2
04A06-03
Is it certain that this corrective solution could be made operational to enable company activity to restart within a time delay
sufficiently short to be acceptable to the users ?
04A06-04
Have variants to the primary solution been considered in case the latter might encounter unforeseen difficulties?
E3
04A06-05
C1
04B
E3
04B01
04B01-01
Has a set of rules been defined such that an entity can be connected to the extended network (which is considered to be a
domain of confidence)?
E1
04B01-02
Do these rules cover the necessary organization for each entity connected to the network?
E3
04B01-03
Within each entity connected, are managers designed and known responsible of security in various domains (such as physical
security, operating systems security, etc.)?
E3
04B01-04
Do the rules establishing the connection criteria to the extended network define the physical security measures required to
protect the network equipment and cabling?
E2
04B01-05
Do these rules establishing the connection criteria to the extended network define the logical security measures required to
protect the network equipment and cabling?
04B01-06
Do these rules detail the filtering rules required for the control of incoming as well as outgoing accesses?
04B01-07
04B01-08
04B01-09
Do these rules define the required management methods to cover anomalies and incidents?
04B01-10
E2
11.4.6
E2
11.4.6
E2
E2
E3
Do these rules impose to send a report to a central authority for any anomaly and incident challenging the security of the
extended network?
E3
04B01-11
Is there a management procedure covering the authorization requests for the binding of any entity to the extended network and a
structure empowered to analyze these requests and provide the corresponding authorization?
E2
04B01-12
Is there a structure empowered to audit the application of the rules and to remove specific rights which are no longer needed or
when the conditions are no longer met?
E3
04B01-13
Is there a regular audit of the required conditions and application of the rules in each entity authorized to be part of the extended
network?
C1
04B01-14
Are reviews of the authorized connections (standard and non-standard) and of their relevance regularly conducted?
C1
04B02
11.4.7
Authentication of the entity for an incoming access from the extended network
04B02-01
Is there, for any access arriving from the extended network to the local area network, a mechanism controlling the authentication
and access control rights of the accessing entity prior to any action?
E1
04B02-02
E2
341702815.xls ! 04 Wan
page 92
Number
Question
Max
04B02-03
Does the security equipment that retains and uses reference data (secret elements) to support access authentication use
mechanisms which guarantee inviolability and authenticity?
In the case of authentication using cryptographic procedures, the mechanisms used for the creation, modification and storage of
reference elements (public keys in particular) must guarantee a level of security comparable to the authentication protocol itself.
E2
04B02-04
Does the transmission between systems and security equipments of reference data (secret elements, secret or public keys, etc.)
use mechanisms which guarantee inviolability and authenticity?
In the case of authentication using cryptographic procedures, the mechanisms used for the transmission of reference elements
(public keys in particular) must guarantee a level of security comparable to the authentication protocol itself.
E3
04B02-05
Does the management procedure of revoked keys systematically test that the keys have not been revoked?
E2
04B02-06
Does the management procedure of revoked keys guarantee that the control systems take in consideration in real time any
revocation?
E3
04B02-07
C1
04B03
Min
Authentication of the entity accessed for an outgoing access across the extended network
04B03-01
Is there a mechanism for the authentication of the called entity before any outgoing access from the internal network across the
extended network?
E1
04B03-02
E2
04B03-03
Does the security equipment that retains and uses reference data (secret elements) to support authentication use mechanisms
which guarantee inviolability and authenticity?
In the case of authentication using cryptographic procedures, the mechanisms of modification, storage and transmission of
reference elements (public keys in particular) must use a level of security comparable to the authentication protocol itself.
E2
04B03-04
Does the transmission between equipments of reference data (secret elements) to support authentication use mechanisms which
guarantee inviolability and authenticity?
In the case of authentication using cryptographic procedures, the mechanisms of transmission of reference elements (secret
elements, public keys, etc.) must guarantee a level of security comparable to the authentication protocol itself.
E3
04B03-05
Does the revoked keys management procedure guarantee that the control systems systematically test that the keys used have
not been revoked?
E2
04B03-06
Does the revoked keys management procedure guarantee that the control systems take into consideration in real time any
revocation of keys?
E3
04B03-07
C1
04C
341702815.xls ! 04 Wan
page 93
Number
04C01
Question
Max
Min
04C01-01
Have the permanent links and data exchanges which must be protected by encryption solutions been defined and such solutions
been implemented on the extended network?
04C01-02
Does the encryption solution offer valid and solid guarantees and has it been approved by the Information Security Officer?
The sufficient length of the key is one of among many parameters to take into consideration (as a function of the algorithm) . The
recommendation of an official organization can be a confidence factor.
E2
04C01-03
Do the procedure and mechanisms of storage, distribution and exchange of keys and more generally the management of the
keys offer solid guarantees which merit confidence and are they approved by the Information Security Officer?
E3
04C01-04
Are the encryption mechanisms embodied in electronic components which are strictly protected at a physical level against
intrusion or change?
Encryption mechanisms should be contained within protected enclosures to which it should be impossible to gain a
04C01-05
Is shutdown or by-pass of the encryption solution immediately detected and signaled to a team available 24 hrs a day capable of
triggering an immediate reaction?
R1
04C01-06
In the case of inhibition or bypass of the encryption solution or the activation of an unprotected fail-over link of the network, is
there a procedure to immediately alert all users?
For example by a warning requiring the user to acknowledge its receipt.
R1
04C01-07
Is there a regular audit, at least once a year, of all data exchange, encryption systems and associated procedures?
C1
04C02
E2
12.3.1
12.3.2
R2
04C02-01
Have all data exchanges and permanent links which must be protected by sealing solutions been defined and implemented on
the extended network?
04C02-02
Does the sealing solution offer valid and solid guarantees and has it been approved by the Information Security Officer?
The sufficient length of the key is one of among many parameters to take into consideration (as a function of the algorithm) . The
recommendation of an official organization can be a confidence factor.
E2
04C02-03
Do the procedure and mechanisms for storage, distribution and exchange of keys and more generally the management of keys
offer a sufficient level of confidence and have they been approved by the Information Security Officer?
E3
04C02-04
Are the sealing mechanisms embodied in electronic components which are in turn strictly protected at a physical level against
intrusion or change?
Sealing mechanisms should be contained within protected enclosures to which it should be impossible to gain access. The
algorithm is contained within the microprocessor or a microprocessor card which is protected physically and logically.
04C02-05
Is shutdown or by-pass of the sealing solution immediately detected and signaled to a team available 24 hrs a day capable of
triggering an immediate reaction?
341702815.xls ! 04 Wan
E2
R2
R1
page 94
Max
04C02-06
In the case of inhibition or bypass of the sealing solution or the activation of an unprotected fail-over link, is there a procedure to
immediately alert all users?
For example by a warning requiring the user to actively validate its receipt.
R1
04C02-07
Is there a regular audit, at least once a year, of all systems of sealing of the data exchanged and associated procedures?
C1
Number
Question
Min
04D
04D01
04D01-01
Have events or successions of events which might reveal abnormal behavior or illicit action on the extended network been
analyzed and, as a consequence, have specific monitoring points and indicators been established?
E2
10.10.2
04D01-02
Is the system equipped with an automatic real time monitoring system in the case of an accumulation of abnormal events (for
example unsuccessful connection attempts on non-open ports)?
E3
10.10.2
04D01-03
Is use made of a system capable of detecting intrusion and anomalies on the extended network?
E2
10.10.2
04D01-04
Are there one or more applications capable of analyzing the individual anomaly diagnostic data on the extended network and of
triggering an alert to operational personnel?
E3
04D01-05
Is there within operational personnel a permanent dedicated team or group capable of reacting in the case of a monitoring alert
on the extended network?
E3
04D01-06
For each case of alert has the expected response from the intervention team been defined and is the availability of the
intervention team sufficient to face this expectation?
E3
04D01-07
Are the parameters defining alarms strictly protected (restricted access rights and strict authentication ) against illicit
modification?
04D01-08
Does the inhibition of an alert system on the extended network, trigger an alarm with the surveillance team?
04D01-09
Are the elements which enable the detection of an anomaly or incident archived (on disk, cassette or optical disk etc.)?
04D01-10
Are the procedures for monitoring the extended network, for the detection of the anomalies and the reactivity of the surveillance
team subject to regular audit?
04D02
R1
3
R1
10.10.2
E2
10.10.3
C1
Offline analysis of traces, log files and event journals on the extended network
04D02-01
Has detailed analysis been carried out of the events or succession of events on the extended network which may have had an
impact on security (refused connections, re-routings, reconfigurations, changes in performance, access to sensitive data or tools
etc.)?
E1
10.10.1
04D02-02
Are these events recorded as well as the parameters used for their subsequent analysis?
E1
10.10.1
04D02-03
Is there an application capable of analyzing these records as well as performance measures, of establishing statistics, a
dashboard and anomaly diagnostics for examination by a competent team of specialists?
04D02-04
Is the structure empowered to analyze these summaries (or incidents logs and security related events) required to do so within a
fixed and determined period and does it have sufficient availability?
E2
04D02-05
Has the expected response from the surveillance team been defined for each case of alert and are its availability and staffing
level sufficient to meet these expectations?
E3
04D02-06
Are the parameters defining the elements to record and the analyses to effect strictly protected against unauthorized change
(limited rights and strong authentication)?
R1
04D02-07
Is any inhibition of the recording and processing system immediately signaled to the surveillance team?
R1
04D02-08
Are the records and summary analyses protected against any destruction or modification?
E2
10.10.3
04D02-09
Are the records and summary analyses kept for a long period?
E2
10.10.3
04D02-10
Are the procedures for recording, processing and analyzing of the records and summaries as well as the availability of the
analysis and corrective team subject to regular audit?
C1
04D03
E2
10.10.3
341702815.xls ! 04 Wan
page 95
Number
Question
04D03-01
Is there a hot-line charged with taking and recording calls related to the extended network and to escalate all incidents?
04D03-02
04D03-03
04D03-04
Does this system centralize incidents detected both by operational personnel and by users?
04D03-05
Max
Min
10.10.5
E2
10.10.5
E2
10.10.5
E2
10.10.5
E3
10.10.5
04D03-06
Does this system incorporate a categorization of incidents including statistics and dashboards generation destined for use by the
Information Security Officer?
E3
04D03-07
Is the incident management system strictly controlled with regard to unauthorized or illicit modification?
A strict control requires a reinforced protection in order to modify records and an audit trail or protection by electronic seal of all
modifications of records.
04D03-08
Is each major incident on the network subject to a specific follow-up (nature and description, priority, technical solution, progress
analysis, expected resolution lead time etc.)?
341702815.xls ! 04 Wan
R1
E2
13.2.1
page 96
Comments
341702815.xls ! 04 Wan
page 97
Comments
341702815.xls ! 04 Wan
page 98
Comments
341702815.xls ! 04 Wan
page 99
Comments
341702815.xls ! 04 Wan
page 100
Comments
341702815.xls ! 04 Wan
page 101
Comments
341702815.xls ! 04 Wan
page 102
Comments
341702815.xls ! 04 Wan
page 103
341702815.xls ! 04 Wan
page 104
341702815.xls ! 04 Wan
page 105
341702815.xls ! 04 Wan
page 106
341702815.xls ! 04 Wan
page 107
341702815.xls ! 04 Wan
page 108
341702815.xls ! 04 Wan
page 109
341702815.xls ! 04 Wan
page 110
1 variant
The LAN is seen, here, as the network linking the various servers and user workstations of the site. The remote connexions from nomadic stations are
also included in this questionnaire.
Number
05A
Questions
Max
Min
Typ
ISO 27002
05A01
05A01-01
Has a partitioning of the local area network been effected in order to separate what is strictly the internal network from the areas which
communicate externally (DMZ)?
A DMZ, or demilitarized zone, is an exchange zone to the outside, isolated from the internal network (e.g. using a firewall).
05A01-02
Has the local area network been partitioned into security domains, each requiring a consistent set of security rules, and into zones of
confidence within which controls may be specifically adapted?
E1
11.4.5
05A01-03
In particular, has any wireless network (WLAN) been considered as a distinct domain, strictly isolated from the rest of the network (by
firewall or filtering router, etc.)?
E1
11.4.5
05A01-04
Have these partitions been documented and is the documentation kept up to date?
E2
11.4.5
05A01-05
E2
11.4.5
05A01-06
Is each domain isolated from the others domains, by using specific security means (filtering router, firewall, etc)?
E2
11.4.5; 11.4.6
05A01-07
Is the security proper to this filtering equipment subject to active maintenance and follow-up by an appropriate expert?
E3
05A01-08
For each of the domains, has a strictly limited list of authorized inter-domain links, communications and protocols been defined and, by
default, are all other protocols shut off ("nothing except" policy)?
E2
05A01-09
Is there a procedure for the management of inter-domain connection requests and a group in charge of the analysis of these requests, of
their authorization and the definition of filtering rules which will be put in place (firewall, service requests, protocols etc.)?
E3
05A01-10
Is there a group in charge of controlling the application of the defined rules and the removal of specific rights when the requirement is no
longer needed or the conditions are no longer met?
E3
05A01-11
Are any addition to the authorized connection list for a domain and any modification of its parameters logged and audited?
C1
05A01-12
Is there a regular review of all authorized connections (standard and non-standard) and of their pertinence?
C1
05A02
E1
11.4.6
11.4.7
05A02-01
Has each security domain been analyzed to determine the requirements of continuity of service and, if necessary, has redundancy been
incorporated into interconnection points, networking equipment and meshed links?
E2
05A02-02
Has a systematic analysis of potential single points of failure been carried out in order to ensure that service equipments (such as
energy supply, air conditioning, etc.) do not affect the redundancy planned for network equipment or architecture?
E3
05A02-03
Has a control of the average and peak load been carried out for each element of the network and of the compatibility of the network and
associated equipment at this load level and is this control regularly repeated?
E2
05A02-04
Has this analysis been complemented by a study of network capacity to ensure reliability of communications even in the case of failure
of a single link or piece of equipment?
E3
05A02-05
Is there a dynamic measurement of network load and of the load balancing tools?
05A02-06
Do network monitoring and reconfiguration tools allow real time corrective action compatible with the requirements of the users?
05A02-07
Does the architecture of network equipment allow easy adaptation to changes of load levels (clusters, load balancing etc.)?
341702815.xls ! 05 Lan
E2
2
E2
E2
page 111
1 variant
The LAN is seen, here, as the network linking the various servers and user workstations of the site. The remote connexions from nomadic stations are
also included in this questionnaire.
R-V1 R-V2 R-V3 R-V4
Number
Questions
Max
05A02-08
Are overload detection and load balancing appliances and devices accessible only by administrators and is their access protected by
strengthened access control?
R1
05A02-09
Is any inhibition or shutdown of network overload detection and load balancing equipment signaled immediately to the monitoring center
or to network administrators?
R1
05A02-10
Are regular performance tests of detection and reconfiguration mechanisms carried out?
C1
05A02-11
Are regular audits of the parameterization of detection and reconfiguration systems carried out?
C1
05A02-12
Are regular audits carried out of procedures associated with the detection and reconfiguration systems?
C1
05A03
Min
Typ
05A03-01
E1
05A03-02
Have all equipment, critical to the provision of expected operation and performance of the network, been identified and, for each of
them, have the required acceptable and maximum downtime delays been published?
E2
05A03-03
Have specifically adapted clauses related to these requirements been specified within maintenance contracts?
E2
05A03-04
Are the penalties of non-compliance with these causes sufficiently persuasive for the contract holder?
E3
05A03-05
Have escalation procedures been detailed in the case of non-compliance or difficulties in maintenance and do they anticipate the
intervention of specialists within a short delay commensurate with the criticality of the equipment?
R1
05A03-06
Have the number and proximity of specialists been detailed and do they guarantee a sufficiently good level of maintenance within an
acceptable delay?
R1
05A03-07
Do the maintenance contracts anticipate a complete replacement of equipment in the case of significant damage which would not
normally be taken into account by curative maintenance?
E3
05A03-08
05A04
9.2.4
C1
Procedures and Recovery Plans following incidents on the local area network
05A04-01
Has a list been established of incidents which could affect the proper functioning of the local area network and, for each of them, the
seriousness level?
E1
05A04-02
Has it been established, for each serious incident, the solutions to implement and the actions to execute by operational personnel?
E1
05A04-03
Are the means of intervention over the LAN (for diagnostic as well as for reconfiguration) able to cover satisfactorily all of the scenarios
identified and do they ensure that the actions can be implemented within the specified time delays?
05A04-04
For each serious incident on the local area network, have an expected resolution time and escalation procedure been determined in the
case of failure or delay of the anticipated corrective actions?
05A04-05
Are the diagnostic, management and reconfiguration tools of the local area network protected against all possible untimely or malicious
action?
05A04-06
Do incident recovery plans and procedures cover the eventual loss of data (especially loss of requests and messages)?
05A04-07
Are diagnostic and reconfiguration means regularly audited in order to assure a satisfactory minimum functioning of the local area
network in the case of an incident?
05A05
ISO 27002
E2
E3
R1
C1
E3
05A05-01
Has a backup plan been established, encompassing all local area network configurations, defining all objects to save and the frequency
of backups?
05A05-02
05A05-03
Has the backup of programs (source and executables, documentation and parameters) been regularly tested in order to be able to
reconstitute the production environment at any time?
341702815.xls ! 05 Lan
E1
10.5.1
E2
10.5.1
E1
10.5.1
page 112
1 variant
The LAN is seen, here, as the network linking the various servers and user workstations of the site. The remote connexions from nomadic stations are
also included in this questionnaire.
R-V1 R-V2 R-V3 R-V4
Number
Questions
Max
05A05-04
Are automatic operational backup routines protected by a high level of security against illicit or unintentional modification?
Such a mechanism may be a digital seal or any equivalent modification detection system.
R1
10.5.1
05A05-05
Are all configuration and file backups, necessary for the restoration of the local area network production environment, also saved at a
location off premises (recourse backup)?
E3
10.5.1
05A05-06
Are recourse backup copies stored in a secure location and protected against accidental or human risks?
Such a location must be protected by strict access control as well as protected against fire or water damage risk.
E3
10.5.1
05A05-07
Are regular tests carried out to read backups and recourse backups?
R2
10.5.1
05A05-08
Are all procedures and plans for backup of configuration files regularly audited?
C1
05A06
Min
Typ
ISO 27002
05A06-01
Is there a recovery solution to make up for the unavailability of any equipment or critical link in the local area network?
E1
14.1.3
05A06-02
E2
14.1.3
05A06-03
Are these solutions described in detail in one (or several) Disaster Recovery Plan?
A complete Disaster Recovery plan must describe the rules for triggering, the actions to execute, the priorities, the actors to mobilize and
their contact details, as well as the conditions for return to normal operating conditions.
E1
14.1.3
05A06-04
C1
14.1.5
05A06-05
Is there a formal guarantee of compatibility and capacity that these recovery solutions will support a sufficient operational load which has
been approved by all concerned parties?
E2
14.1.5
05A06-06
If the recovery solutions include delivery of hardware components, which cannot be triggered during tests, is there a contractual
engagement within the recovery plan for the delivery of hardware within fixed and anticipated time limits, guaranteed by the
manufacturer or other third party (leaser, broker, other)?
E2
05A06-07
If the recovery equipment and/or solution are pooled, is the number of other subscribers known and limited?
05A06-08
Has the unavailability or failure of the recovery facility been considered and has a second level backup been organized?
05A06-09
Is the backup solution usable for an unlimited duration and if not, has a follow on solution been established?
05A06-10
Are the existence, the pertinence and the updates of the Disaster Recovery Plans regularly audited?
05A07
E3
3
R1
E3
C1
05A07-01
Have the consequences of the disappearance of a supplier of equipment, network service or software been analyzed (in the case of
failure, of a bug or change requirement) and has a list of critical points been established?
E2
05A07-02
For each critical point, is there a corrective solution to cope with the failure or disappearance of a supplier (maintenance documentation
lodged with a trusted third party, replacement of equipment or of software by widely available market solutions etc.)?
E2
05A07-03
Is it certain that this corrective solution could be made operational within a sufficiently short time to enable the business activity to restart
and which is acceptable to the users ?
E3
05A07-04
Have alternate options to the basic solution been considered for the case where the latter might encounter unforeseen difficulties?
E3
05A07-05
Is there a regular review of critical points and of the corrective solutions envisaged?
C1
05B
05B01
05B01-01
341702815.xls ! 05 Lan
E1
11.1.1
page 113
1 variant
The LAN is seen, here, as the network linking the various servers and user workstations of the site. The remote connexions from nomadic stations are
also included in this questionnaire.
R-V1 R-V2 R-V3 R-V4
Number
Questions
05B01-02
Is this policy documented, regularly revised and approved by the concerned managers in charge?
05B01-03
Is access to the local area network and to the various parts of this network defined in terms of job profiles which regroup roles or
functions within the organization (profiles define access rights which are available to the holders of the profile)?
Note: in certain circumstances, the notion of "profile" may be replaced by a notion of "group". In addition, access rights which may be
attributed to partners must also be considered.
Access profiles must comprise the access rights towards each partition of the network, for a station connected directly to the network as
well as for connections from outside the LAN (mobile users, teleworking, partners, etc.).
E1
05B01-04
Have various variable parameters been introduced into the access rights definition rules (which determine the rights that are attributed to
profiles) as a function of context, in particular, the location of the requesting station (direct LAN access, extended network (WAN),
external), the nature of the connection used (LAN, Leased line, Internet, type of protocol etc.) or the classification of the sub-network
requested?
E2
05B01-05
Do the profiles also allow definition of working time limits (daily working hours) and calendars (weekends, holidays, etc.)?
05B01-06
Have these profiles and the access rights attributed to the different profiles, as a function of context, been approved by the information
owners and the Information Security Officer?
E2
05B01-07
Is the process of definition and management of rights attributed to profiles under strict control?
A strict control requires that the list of people allowed to change rights attributed to profiles be strictly limited, that the implementation of
these rights into tables be strictly secure at the time of transmission and storage and that there exists a reinforced access control in
order to be able to modify these rights and that any modification of these rights be logged and audited.
R1
05B01-08
Is there a regular audit, at least once a year, of the access rights attributed to each profile and of the profile management procedures?
C1
E1
05B02
Max
Min
Typ
E2
ISO 27002
11.2.2
E3
11.2.4
05B02-01
Does the procedure of granting access authorizations to the local area network require the formal authorization of line management or of
the unit managing external contractors (at a sufficiently senior level)?
05B02-02
Are access authorizations granted to named individuals and only as a function of their profile?
05B02-03
Is the procedure for granting (or modification or revocation) of access authorizations to the local area network (directly or via a profile)
strictly controlled?
A strict control requires a formal recognition of the signature (electronic or otherwise) of the requestor, that the
implementation of the profile attributed to users in the form of tables is highly secure during transmission and storage
and that there be a reinforced access control over the modification of such records and that any modification of records
be logged and audited.
05B02-04
Is there a systematic process of updating the table of access authorizations at the time of departure of in house personnel?
05B02-05
E2
E3
11.2.2
E2
11.2.4
Is there a systematic process of updating the table of access authorizations at the time of change of function (at the end of contract for
external personnel or internal change of function)?
E3
11.2.4
05B02-06
Is there a list of all personnel who have access to the local area network?
05B02-07
Is there a regular audit, at least once a year, of all access authorizations granted to the personnel to the local area network and all those
granted to partners?
05B03
C1
2
C1
11.2.4
User or entity authentication for access requests to the local area network from an internal access point
This mechanism corresponds, for example, to the authentication implemented in a Windows domain controller.
341702815.xls ! 05 Lan
page 114
1 variant
The LAN is seen, here, as the network linking the various servers and user workstations of the site. The remote connexions from nomadic stations are
also included in this questionnaire.
R-V1 R-V2 R-V3 R-V4
Number
Questions
Max
05B03-01
Is there a mechanism of authentication of each user before any access to a local area network resource?
E1
05B03-02
Does the process of modification or definition of a user credential respect a set of rules which ensures its robustness?
In the case of passwords: sufficient length (8 characters or more), obligatory mixture of types of characters, frequent change (less than
once a month), impossibility of reusing an old password, non-trivial word test using a dictionary, banning of "standard systems", first
names, anagrams of username, dates etc.
In the case of certificates or authentication based on cryptographic mechanisms, a generation process evaluated or publicly recognized,
encryption keys of a sufficient length etc.
E2
05B03-03
E3
05B03-04
Do the security equipment that retain and use reference data (passwords, calling number, etc.) in support of authentication use
mechanisms which guarantee inviolability and authenticity?
Passwords must be stored encrypted and a preliminary control of the user must be made before usage.
In the case of authentication using cryptographic procedures, the mechanism must provide solid guarantees validated by a recognized
organization.
E2
05B03-05
Does the transmission of reference data in support of authentication (password, calling number, etc.) between the user equipment and
security systems, use mechanisms which guarantee inviolability and authenticity?
Transmission of a password must be encrypted or use an algorithm which introduces a variable at each transmission.
In the case of authentication using cryptographic procedures, the mechanism must provide solid guarantees validated by a recognized
organization.
E3
05B03-06
Is there an automatic process of invalidation of the calling station or the user account in the case of multiple incorrect attempts, so as to
require the intervention of an administrator to reinstate the station or the user?
E2
05B03-07
Does the procedure for the replacement of a lost or mislaid user credential (e.g. password, token card) lead to the instant deactivation of
this credential?
E2
05B03-08
Does the procedure for the replacement of a lost or mislaid user credential (e.g. password, token card) impose an effective control of the
requestor's identity?
E3
05B03-09
C1
05B03-10
C1
05B04
Min
Typ
ISO 27002
11.2.3
User or requestor authentication before access to the local area network from a remote site via the extended network
05B04-01
Do membership rules of the extended network impose that all users are authenticated prior to any outgoing access using the extended
network?
E1
05B04-02
Do membership rules to the extended network and the controls effected mean that the same level of confidence can be attributed to
users of the extended network as those of the local area network?
E2
341702815.xls ! 05 Lan
page 115
1 variant
The LAN is seen, here, as the network linking the various servers and user workstations of the site. The remote connexions from nomadic stations are
also included in this questionnaire.
R-V1 R-V2 R-V3 R-V4
Number
Questions
Max
05B04-03
Is the pertinence of the rules of membership to the extended network regularly audited?
C1
05B04-04
Is a regular audit carried out to ensure that the rules of membership to the extended network are applied by all the entities which are
authorized to connect to it?
C1
E1
11.4.2
05B05
05B05-01
User or requestor authentication for outside access to the local area network
(e.g. from the switched telephone network (POTS), X25, ISDN, broadband, Internet, etc.)
Is there a mechanism of authentication of all users connecting to the local area network from the outside?
Min
Typ
ISO 27002
05B05-02
Does the process of modification or definition of a user credential in support of access control respect a set of rules which ensures its
intrinsic validity?
In the case of passwords: sufficient length (8 characters or more), obligatory mixture of types of characters, frequent change (less than
once a month), impossibility of reusing an old password, non-trivial word test using a dictionary, banning of "standard systems", first
names, anagrams of username, dates etc.
In the case of certificates or authentication based on cryptographic mechanisms, a generation process evaluated or publicly recognized,
encryption keys of a sufficient length etc.
E2
11.4.2
05B05-03
E3
11.4.2
05B05-04
Do the security equipment that retain reference data (e.g. passwords, calling number, etc.) to support access authentication use
mechanisms which guarantee impregnability and authenticity?
Passwords must be stored encrypted and a preliminary control of the user must be made before usage.
In the case of authentication using cryptographic procedures, the mechanism must provide solid guarantees validated by a recognized
organization.
E2
05B05-05
Does the transmission of reference data in support of authentication (e.g. passwords, calling address, etc.) between user equipment and
security systems use mechanisms which guarantee impregnability and authenticity?
Transmission of a password must be encrypted or use an algorithm which introduces a variable at each transmission.
In the case of authentication using cryptographic procedures, the mechanism must provide solid guarantees validated by a recognized
organization.
E3
05B05-06
Is there an automatic process of invalidation of the calling station or the user account in the case of multiple incorrect attempts, so as to
require the intervention of an administrator to reinstate the station or the user?
E2
05B05-07
Does the procedure for the replacement of a lost or mislaid user credential (e.g. password, token card) lead to the instant deactivation of
this credential?
E2
05B05-08
Does the procedure for the replacement of a lost or mislaid user credential (e.g. password, token card) impose an effective control of the
requestor's identity?
E3
05B05-09
C1
05B05-10
C1
341702815.xls ! 05 Lan
page 116
1 variant
The LAN is seen, here, as the network linking the various servers and user workstations of the site. The remote connexions from nomadic stations are
also included in this questionnaire.
Number
05B06
Questions
Max
Min
Typ
05B06-01
Are all WiFi networks isolated from the local area network by a firewall?
E1
05B06-02
Is there a method of authentication of all users connecting to the local area network from a WiFi sub-network?
E1
05B06-03
Does the process of definition or modification of user credential for access control from a WiFi sub network respect a set of rules which
ensures its intrinsic validity?
In the case of passwords: sufficient length (8 characters or more), obligatory mixture of types of characters, frequent change (less than
once a month), impossibility of reusing an old password, non-trivial word test using a dictionary, banning of "standard systems", first
names, anagrams of username, dates etc.
In the case of certificates or authentication based on cryptographic mechanisms, the generation process must be evaluated or publicly
recognized, encryption keys of a sufficient length etc.
In the case of simple access identifiers (e.g. calling phone number), a call back procedure is recommended.
E2
05B06-04
Does the authentication system guarantee the impregnability of the user's credential?
E3
05B06-05
Do the security equipment that retain reference data (e.g. passwords, calling address, etc.) to support access authentication use
mechanisms which guarantee impregnability and authenticity?
Passwords must be stored encrypted and a preliminary control of the user must be made before usage.
In the case of authentication using cryptographic procedures, the mechanism must provide solid guarantees validated by a recognized
organization.
E2
05B06-06
Does the transmission of reference data in support of authentication (e.g. passwords, calling address, etc.) between calling user
equipment and authentication systems use mechanisms which guarantee impregnability and authenticity?
Transmission of a password must be encrypted or use an algorithm which introduces a variable at each transmission.
In the case of authentication using cryptographic procedures, the mechanism must provide solid guarantees validated by a recognized
organization.
E3
05B06-07
Is there an automatic process of invalidation of the user account and/or workstation in the case of multiple incorrect attempts so as to
require the intervention of an administrator to reinstate the station or the user?
E2
05B06-08
Does the procedure for the replacement of a lost or mislaid user credential (e.g. password, token card) lead to the instant deactivation of
this credential?
E2
05B06-09
Does the procedure for the replacement of a lost or mislaid user credential (e.g. password, token card) impose an effective control of the
requestor's identity?
E3
05B06-10
Are authentication parameters for the access from a WiFi sub-network under strict control?
A strict control requires that people able to change the definition rules of identifiers, the identifiers themselves, rules of monitoring
connection attempts etc., be strictly limited and that there exist a reinforced access control to effect these modifications, that these
modifications be logged and audited and that there exists a regular general audit at least once a year of all authentication parameters.
C1
05B06-11
Are the processes that guarantee authentication from a WiFi sub network under strict control?
A strict control requires that the software used has been validated and undergoes a regular test for integrity (seal) and that there is an
audit, audit, at least once a year, of authentication procedures and processes.
C1
05B07
ISO 27002
User or requestor authentication for access requests to the local area network from a WiFi sub-network
05B07-01
Do all access to the local area network require the use of an identifier recognized by the system?
05B07-02
Is there a one to one correspondence between an identifier and a real physical person?
E2
05B07-03
Have all generic or by-default accounts and passwords been changed or deleted?
E2
341702815.xls ! 05 Lan
E1
page 117
1 variant
The LAN is seen, here, as the network linking the various servers and user workstations of the site. The remote connexions from nomadic stations are
also included in this questionnaire.
R-V1 R-V2 R-V3 R-V4
Number
Questions
Max
05B07-04
Is the identifier provided for access to the local area network systematically subject to authentication?
Systematic authentication requires that the control process be in place for all possible access paths (internal access, all types of access
from the outside including reserved ports such as an those used for remote maintenance).
E1
05B07-05
Is there a systematic control of the context of the access requestor (local area network, extended network, external link, nature of the
link and protocols used )?
E3
05B07-06
Is there a systematic control of the profile and the context of the connection of the requestor and the appropriateness of that profile and
context with the access requested?
E3
05B07-07
Is there an automatic invalidation of the user identifier in the absence of traffic after a defined delay, which requires user re-identification
and re-authentication?
E2
05B07-08
For connections requiring it, is there an identification for the calling equipment (MAC address, IP address, etc.) as per the access control
rules?
E3
05B07-09
Are the processes of definition and management of access filtering rules under strict control?
A strict control requires that the list of persons allowed to change the filtering security parameters be extremely limited, and that there be
a reinforced access control in order to be able to effect such modification and that any modification be logged and audited.
R1
05B07-10
Are there regular penetration tests into the network carried out in addition to detailed technical audits?
C1
15.2.2
05B08
Min
Typ
ISO 27002
11.4.3
05B08-01
Do all outgoing accesses require the use of an identifier recognized by the system?
E1
11.4.2
05B08-02
Does this identifier correspond to a unique and directly or indirectly identifiable physical person?
E2
11.4.2
05B08-03
E2
11.4.2
05B08-04
Has it been defined, in a security policy relatively to outgoing accesses, rules specifying the connections authorized (type of external
network, authorized links and protocols) function of the internal sub-networks considered?
E2
05B08-05
Is there, before authorizing any outgoing access, a control of the rules defined in the security policy?
E2
05B08-06
Is there an automatic invalidation of the user identifier in the absence of traffic after a defined delay which requires user re-identification
and re-authentication?
05B08-07
Are the processes of definition and management of outgoing access filtering rules under strict control?
A strict control requires that the list of persons allowed to change the filtering security parameters be extremely limited, and that there be
a reinforced access control in order to be able to effect such modification and that any modification be logged and audited.
R1
05B08-08
Are there regular penetration tests of the network carried out and regular specialized technical audits effected?
C1
05B09
E2
Authentication of the external entity accessed for outgoing access to sensitive sites
05B09-01
Is there a possibility to declare sites or remote access points as sensitive and, as such, requiring an authentication of the entity
accessed?
E2
05B09-02
Is there a mechanism of authentication of the entity called before access to sensitive sites from the internal network?
E2
05B09-03
Does the authentication mechanism of the accessed entity provide a recognized "strong" level of security?
Notably the usage of a simple password will always be a weakness. The only methods recognized as "strong", that is observable without
divulging information, are those based on cryptographic algorithms.
E3
341702815.xls ! 05 Lan
page 118
1 variant
The LAN is seen, here, as the network linking the various servers and user workstations of the site. The remote connexions from nomadic stations are
also included in this questionnaire.
R-V1 R-V2 R-V3 R-V4
Number
Questions
Max
05B09-04
Do the security equipment that retain credentials (e.g. passwords, calling number, etc.) use mechanisms which guarantee their
impregnability and authenticity?
Passwords must be stored encrypted and a preliminary control of the user must be made before usage.
In the case of authentication using cryptographic procedures, the mechanism must provide solid guarantees validated by a recognized
organization.
E2
05B09-05
Does the transmission of credentials (e.g. passwords, calling address, etc.) between calling user equipment and authentication systems
use mechanisms which guarantee their impregnability and authenticity?
Transmission of a password must be encrypted or use an algorithm which introduces a variable at each transmission.
In the case of authentication using cryptographic procedures, the mechanism must provide solid guarantees validated by a recognized
organization.
E3
05B09-06
Does the revoked keys management procedure guarantee that the control systems take into consideration in real time any revocation of
keys?
E2
05B09-07
Does the revoked keys management procedure guarantee that the control systems systematically test that the keys used have not been
revoked?
E3
05B09-08
Are the processes that guarantee the authentication of the accessed entities under strict control?
A strict control requires that the software used has been validated and undergoes a regular test for integrity (seal) and that there is an
audit at least once a year of the authentication procedures and processes.
R1
Min
Typ
ISO 27002
05C
05C01
05C01-01
Have the permanent links and data exchanges which must be protected by encryption solutions been defined and such solutions been
implemented on the local area network?
05C01-02
Does the encryption solution offer valid and solid guarantees and has it been approved by the Information Security Officer?
The sufficient length of the keys is one of among many parameters to take into consideration (as a function of the algorithm) . The
recommendation of an official organization can be a confidence factor.
E2
05C01-03
Do the procedures and mechanisms for storage, distribution and exchange of keys and more generally the management of keys offer a
sufficient level of confidence and have they been approved by the Information Security Officer?
E2
05C01-04
Are the encryption mechanisms embodied in electronic components which are strictly protected at a physical level against intrusion or
change?
Encryption mechanisms should be contained within protected enclosures to which it should be impossible to gain access, i.e. within a
microprocessor or smart cards and protected physically and logically.
05C01-05
Is shutdown or by-pass of the encryption solution immediately detected and signaled to a team available 24 hrs a day capable of
triggering an immediate reaction?
R1
05C01-06
In the case of inhibition or bypass of the encryption solution or the activation of an unprotected fail-over link of the network, is there a
procedure to immediately alert all users?
For example by a warning requiring the user to acknowledge its receipt.
R1
05C01-07
Is there a regular audit, at least once a year, of all data exchange, encryption systems and associated procedures?
C1
341702815.xls ! 05 Lan
E1
12.3.1
12.3.2
R2
page 119
1 variant
The LAN is seen, here, as the network linking the various servers and user workstations of the site. The remote connexions from nomadic stations are
also included in this questionnaire.
Number
05C02
Questions
Max
Min
Typ
05C02-01
Have the permanent links and data exchanges which must be protected by sealing solutions been defined and implemented on the
local area network?
05C02-02
Does the sealing solution offer valid and solid guarantees and has it been approved by the Information Security Officer?
The sufficient length of the keys is one of among many parameters to take into consideration (as a function of the algorithm). The
recommendation of an official organization can be a confidence factor.
E2
05C02-03
Do the procedure and mechanisms of storage, distribution and exchange of keys and more generally the management of the keys offer
solid guarantees which merit confidence and have they been approved by the Information Security Officer?
E2
05C02-04
Are the sealing mechanisms embodied in electronic components which are in turn strictly protected at a physical level against intrusion
or change?
Sealing mechanisms should be contained within protected appliances to which it should be impossible to gain access, i.e. within a
microprocessor or smart card, and protected physically and logically.
05C02-05
Is shutdown or by-pass of the sealing solution immediately detected and signaled to a team available 24 hrs a day capable of triggering
an immediate reaction?
R1
05C02-06
In the case of inhibition or bypass of the sealing solution or the activation of an unprotected fail-over link, is there a procedure to
immediately alert all users?
For example by a warning requiring the user to actively validate its receipt.
R1
05C02-07
Is there a regular audit, at least once a year, of all systems of data integrity protection and of associated procedures?
C1
05C03
E1
R2
Encryption of exchanges in the case of remote access to the local area network
05C03-01
Have encryption solutions been defined and implemented for exchanges with users connecting from outside (mobile staff, authorized
service providers etc.) ?
05C03-02
Does the encryption solution offer valid and solid guarantees and has it been approved by the Information Security Officer?
The sufficient length of the keys is one of among many parameters to take into consideration (as a function of the algorithm). The
recommendation of an official organization can be a confidence factor.
E2
05C03-03
Do the procedure and mechanisms of storage, distribution and exchange of keys, and more generally the management of the keys, offer
solid guarantees which merit confidence and are they approved by the Information Security Officer?
E2
05C03-04
Are the encryption mechanisms embodied in physical electronic components which are strictly protected at a physical level against
intrusion or change?
Encryption mechanisms should be contained within protected enclosures to which it should be impossible to gain access, i.e. within a
microprocessor or smart card and protected physically and logically.
05C03-05
Is access to the network from the outside impossible without using encryption
05C04
ISO 27002
E1
12.3.1
12.3.2
R1
R1
Protection of the integrity of exchanges in the case of remote access to the local area network
05C04-01
Have solutions for sealing or integrity control of exchanges with users connecting from the outside (mobile staff, authorized service
providers etc.) been defined and implemented?
05C04-02
Does the sealing solution offer valid and solid guarantees and has it been approved by the Information Security Officer?
The sufficient length of the keys is one of among many parameters to take into consideration (as a function of the algorithm). The
recommendation of an official organization can be a confidence factor.
E2
05C04-03
Do the procedures and mechanisms of storage, distribution and exchange of keys and more generally the management of keys offer
solid guarantees which merit confidence and have they been approved by the Information Security Officer?
E3
341702815.xls ! 05 Lan
E2
page 120
1 variant
The LAN is seen, here, as the network linking the various servers and user workstations of the site. The remote connexions from nomadic stations are
also included in this questionnaire.
Number
Max
Min
Typ
05C04-04
Questions
Are the sealing mechanisms embodied in electronic components which are in turn strictly protected at a physical level against intrusion
or change?
Sealing mechanisms should be contained within protected enclosures to which it should be impossible to gain access, i.e. within a
microprocessor or smart card and protected physically and logically.
R2
05C04-05
Is access to the network from the outside impossible without using integrity control?
ISO 27002
R1
05D
05D01
05D01-01
Have events or successions of events been analyzed which might reveal abnormal behavior or illicit action on the local area network
and as a consequence have specific monitoring indicators or control points been identified?
E2
10.10.2
05D01-02
Is the system equipped with an automatic real time monitoring system in the case of an accumulation of abnormal events (for example
unsuccessful connection attempts on non-open ports)?
E3
10.10.2
05D01-03
Is use made of an intrusion detection system or capable of detecting anomalies on the local area network?
E2
10.10.2
05D01-04
Are there one or more applications capable of analyzing the individual anomaly diagnostic data on the local area network and of
triggering an alert to operational personnel?
E3
05D01-05
Is there within operational personnel a team available 24 hrs a day or group capable of reacting in the case of a monitoring alert on the
network?
E3
05D01-06
For each case of alert has the expected response from the intervention team been defined and is the availability of the intervention team
sufficient to face this expectation?
E3
05D01-07
Are the parameters defining alarms strictly protected (restricted access rights and strict authentication) against illicit modification?
05D01-08
Does any stoppage of the alarm system, linked to the local area network, trigger an alarm towards the surveillance team?
05D01-09
Are the elements enabling the detection of an anomaly or incident archived (on disk, cassette or optical disk etc.)?
05D01-10
Are the monitoring procedures of the local area network, the detection of the anomalies and the availability of the surveillance team
subject to regular audit?
05D02
R1
3
3
R1
10.10.2
E2
10.10.3
C1
Offline analysis of traces, log files and event journals on the local area network
05D02-01
Has detailed analysis been carried out of the events or succession of events on the local area network which may have an impact on
security (refused connections, re-routings, reconfigurations, changes in performance, access to sensitive data or tools etc.)?
05D02-02
Are these events recorded as well as the parameters used for their subsequent analysis?
05D02-03
Is there an application capable of analyzing these records as well as performance measures, of establishing statistics, a dashboard and
anomaly diagnostics for examination by a competent team of specialists?
05D02-04
Is the structure, empowered to analyze these summaries (or incidents logs) and security related events, required to do so within a fixed
and determined period and does it have sufficient availability?
E2
05D02-05
Has the expected reaction from the surveillance team been defined for each case of alert and are its availability and staffing level
sufficient to meet these expectations?
E3
05D02-06
Are the parameters defining the elements to record and the analyses to effect strictly protected against unauthorized change (limited
rights and strong authentication)?
R1
05D02-07
Is any inhibition of this recording and processing system immediately signaled to the surveillance team?
R1
05D02-08
Are the records and summary analyses protected against any alteration or destruction??
E2
10.10.3
05D02-09
Are the records and summary analyses kept for a long period?
E2
10.10.3
341702815.xls ! 05 Lan
E1
10.10.1
E1
10.10.1
E2
10.10.3
page 121
1 variant
The LAN is seen, here, as the network linking the various servers and user workstations of the site. The remote connexions from nomadic stations are
also included in this questionnaire.
Number
05D02-10
05D03
Questions
Are the procedures for recording, processing and analysis of the records and summaries as well as the availability of the analysis and
corrective team subject to regular audit?
Max
Min
Typ
C1
ISO 27002
05D03-01
Is there a hot-line charged with taking, recording and escalating all calls related to the local area network incidents?
E1
10.10.5
05D03-02
E2
10.10.5
05D03-03
E2
10.10.5
05D03-04
Does this system centralize incidents detected both by operational personnel and by users?
E2
10.10.5
05D03-05
E3
10.10.5
05D03-06
Does this system incorporate a categorization of incidents including statistics and dashboards generation destined for use by the
Information Security Officer?
E3
05D03-07
Is the incident management system strictly controlled with regard to unauthorized or illicit modification?
A strict control requires a reinforced protection in order to modify records and an audit trail or protection by electronic seal of all
modifications of records.
05D03-08
Is each major incident on the network subject to a specific follow-up (nature and description, priority, technical solution, analysis in
progress, expected resolution lead time etc.)?
341702815.xls ! 05 Lan
R1
E2
13.2.1
page 122
Comments
341702815.xls ! 05 Lan
page 123
Comments
341702815.xls ! 05 Lan
page 124
Comments
341702815.xls ! 05 Lan
page 125
Comments
341702815.xls ! 05 Lan
page 126
Comments
341702815.xls ! 05 Lan
page 127
Comments
341702815.xls ! 05 Lan
page 128
Comments
341702815.xls ! 05 Lan
page 129
Comments
341702815.xls ! 05 Lan
page 130
Comments
341702815.xls ! 05 Lan
page 131
Comments
341702815.xls ! 05 Lan
page 132
Comments
341702815.xls ! 05 Lan
page 133
Comments
341702815.xls ! 05 Lan
page 134
341702815.xls ! 05 Lan
page 135
341702815.xls ! 05 Lan
page 136
341702815.xls ! 05 Lan
page 137
341702815.xls ! 05 Lan
page 138
341702815.xls ! 05 Lan
page 139
341702815.xls ! 05 Lan
page 140
341702815.xls ! 05 Lan
page 141
341702815.xls ! 05 Lan
page 142
341702815.xls ! 05 Lan
page 143
341702815.xls ! 05 Lan
page 144
341702815.xls ! 05 Lan
page 145
341702815.xls ! 05 Lan
page 146
1 variant
R-V1 R-V2 R-V3 R-V4
Questions
Max
Min
Typ
ISO 27002
06A
06A01
Security in the relationship with operational personnel (employees, suppliers or service providers)
06A01-01
Is there a security policy specifically aimed at operational network personnel covering all the aspects of information security
(confidentiality of information, service and information availability, integrity of information and configurations, trace ability, etc. )?
06A01-02
Is operational network personnel required to sign contract clauses of adherence to that security policy (no matter their status:
permanent or temporary staff, students, etc.)?
06A01-03
Do these clauses make clear that the obligation to respect security applies to all information no matter what the medium is (paper,
magnetic, optical, etc.)?
E3
06A01-04
Do these clauses make clear, if necessary and legally possible, that the obligation to respect the security policy applies without
limitation in time?
This applies, in particular, to the clauses concerning confidentiality, they may (and often must) continue after the end of the
contract linking (directly or indirectly) the employee or service provider or partner to the company
E3
06A01-05
Do these clauses make clear that the personnel has an obligation not to tolerate any action contrary to security from other
people?
E3
06A01-06
E2
06A01-07
Are these same clauses obligatory for contractors working on network operations?
Practically, the contractors should ensure that their personnel sign individually and explicitly under the same conditions than
internal staff.
E2
06A01-08
Is there a mandatory and well adapted training course aimed at network operations personnel?
06A01-09
Are the confidentiality agreements, signed by personnel, securely kept (at least in a locked cupboard )?
R1
06A01-10
Are the confidentiality agreements, signed by external contractors, securely kept (at least in a locked cupboard )?
R1
06A01-11
Is there a regular audit, at least once a year, of the effective application of the signature procedure by operational personnel
(directly employed by the company or indirectly through a service company) ?
C1
06A02
06A02-01
Is there a control procedure for change decisions, equipment and system evolutions (registration, planning, formal approbation,
communication to all concerned individuals, etc.)?
E1
10.1.2
06A02-02
Are the change decisions based on an analysis of the capacity of the new equipment and systems in ensuring the required load
taking into account the evolution of foreseeable requests?
E2
10.3.1
06A02-03
Do the installations take into account physical protection (protected access, no direct external view to equipments, absence of
physical threats, climate conditions, protection against thunderbolts, protection against dust, etc.)?
E2
9.2.1
06A02-04
Is there a definite review, involving Information Security Office personnel, of the potential risks related to functional changes
associated to each new or revised network software or equipment?
E2
12.4.1; 10.3.2
06A02-05
Does this review contain an analysis of the risks that may arise from these functional changes?
E2
12.4.1; 10.3.2
06A02-06
E3
06A02-07
E3
06A02-08
Are security measures, to be implemented to counter any new risks identified, subject to formal review and control before start of
production?
E2
341702815.xls ! 06 Nop
E1
E2
E2
10.3.2
page 147
1 variant
R-V1 R-V2 R-V3 R-V4
Questions
Max
Min
Typ
ISO 27002
06A02-09
Are security parameters and configuration rules (removal of all generic accounts, changing of generic passwords, closure of all
ports not specifically requested and authorized, access control and authentication parameters, control of routing tables etc.)
detailed and kept up to date and are they reviewed before any start of production of a new version?
E2
11.4.4; 10.3.2
06A02-10
Are the security parameters and configuration rules controlled before any new version is installed and operated?
E2
11.4.4; 10.3.2
06A02-11
Is it considered the possible impact over the continuity plans due the system changes?
E2
10.3.2
06A02-12
Are any dispensations from the prior risk analysis and control of security parameters subject to strict procedures requiring the
signature of a senior manager?
R1
06A02-13
Is the start of production of new equipment or software only possible by operational staff?
E2
12.4.1; 6.1.4
06A02-14
Is the start of production of new equipment or software only possible following a defined validation and authorization process?
E3
12.4.1; 6.1.4
06A02-15
Are all the control procedures related to start of production subject to regular audit?
C1
06A03
06A03-01
06A03-02
Are all maintenance operations required to terminate with a systematic verification of all security parameters (as defined at the
start of production)?
E2
06A03-03
Are all maintenance operations required to terminate with a systematic verification of security log files parameters (events to be
recorded, context of events to be recorded, duration of retention, etc.)?
E3
06A03-04
Are all maintenance operations required to terminate with a systematic verification of administration control parameters
(necessary profile, authentication type, removal of standard logins, etc.)?
E3
06A03-05
Is a formal dispensation, signed by a responsible manager, required if the above mentioned procedures are not observed?
06A03-06
Is the totality of start of production (after maintenance) control procedures regularly audited?
06A04
06A04-01
In the case of remote maintenance, is there a secure authentication procedure of the remote maintenance center?
06A04-02
In the case of remote maintenance is there a secure authentication procedure for maintenance personnel?
06A04-03
Is there a set of procedures covering the attribution of access rights for a new maintenance operative, the revocation of rights and
the attribution of rights in emergency situations?
06A04-04
E2
9.2.4
E3
3
C1
E2
11.4.4
E2
11.4.4
E3
11.4.4
Have the procedures and protocols for the exchange and storage of secret data etc., been approved by the Information Security
Officer or a specialized organization?
E3
06A04-05
Does the usage of the remote maintenance line require the prior agreement (for each usage) of operational personnel (following
the provider's request specifying the nature, date and time of the intervention )?
E2
06A04-06
Is the equipment allocated for remote maintenance protected against inhibition or modification of access conditions, resulting in
the triggering of an alarm?
R1
06A04-07
Are all the control procedures for remote maintenance regularly audited?
C1
06A05
06A05-01
Do the network operating procedure result from the study of the overall cases to be covered by said procedure (normal operating
cases and incidents)?
E2
10.1.1
06A05-02
E2
10.1.1
06A05-03
Are these operating procedures readily available upon request by any accredited individual?
E2
10.1.1
06A05-04
E2
10.1.1
341702815.xls ! 06 Nop
11.4.4
page 148
1 variant
R-V1 R-V2 R-V3 R-V4
Questions
Max
Min
Typ
ISO 27002
06A05-05
R1
06A05-06
Are the operating procedures audited regularly for authenticity and relevance?
C1
06A06
06A06-01
Is it ensured regularly that the network security services allocated to suppliers or service providers are efficiently implemented
and maintained by them?
C1
10.2.1
06A06-02
Is it ensured that the above suppliers have efficiently prepared the appropriate arrangements to ensure that the services are
provided as agreed?
E2
10.2.1
06A06-03
Is the respect of the security provisions by the suppliers or service providers under control and regularly reviewed?
E1
10.2.2
06A06-04
Is it ensured that the suppliers report and document any security incident concerning information or networks?
E2
10.2.2
06A06-05
Is there a regular review of these incidents or malfunctions with the concerned suppliers?
E2
10.2.2
06A06-06
Are any changes in the contract relationship (e.g. Mandatory duties, service levels) analyzed for impact on resulting potential
risks?
E3
10.2.3
06A07
Taking into account the confidentiality during maintenance operations on network equipment.
06A07-01
Is there a procedure describing in detail the operations to execute before conducting maintenance thus avoiding their access to
critical data (encryption keys, network protection, equipment security configuration, etc.)?
E2
9.2.6; 9.2.4
06A07-02
Is there a procedure or a contractual provision regarding the maintenance personnel (internal and external) specifying that any
support containing sensitive information must be wiped out before its disposal?
E2
9.2.4
06A07-03
Is there a systems' integrity verification procedure after a maintenance is conducted (no spyware, no Trojan horse, etc.)?
E2
06A07-04
Is a formal dispensation, signed by a responsible manager, required if the above mentioned procedures are not observed?
E3
06A07-05
06A08
06A08-01
E1
10.6.2
06A08-02
Have these service levels been included in a contractual agreement (whatever the services are ensured internally or by an
external provider)?
E2
10.6.2
06A08-03
C1
10.6.2
06B
06B01
06B01-01
Is there a document or set of documents or an operational procedure detailing all security parameters for network equipment?
which is derived from the network protection policy and determined filtering rules?
Such a document must result from the network protection policy and describe the filtering rules decided. It should also state the
reference versions of the systems so it is possible to check the status of the updates;
E1
06B01-02
Does this document (or documents) require the removal of all generic or by default accounts and does it detail the list of such
accounts?
E2
06B01-03
Does this document or procedure impose a synchronization feature, based on a reliable time reference?
06B01-04
Are these parameters set and updated regularly in line with latest information and in cooperation with expert authorities
(specialized audits, subscription to a service center, regular consultation with CERTs, etc.)?
CERT : Computer Emergency Response Team.
341702815.xls ! 06 Nop
C1
E2
3
10.10.6
E3
page 149
1 variant
R-V1 R-V2 R-V3 R-V4
Questions
Max
Min
Typ
ISO 27002
06B01-05
Are these referenced documents (or copies of installed parameters considered as references) protected, by secure sealing
methods, against untimely or illicit alteration?
R1
06B01-06
Is the integrity of system configurations regularly tested against the configuration theoretically expected (at least weekly if not
each time systems are activated)?
E3
15.2.2
06B01-07
Are regular audits carried out of the list of security parameters specified?
R1
10.1.4; 15.2.2
06B01-08
Are regular audits carried out of the exception or escalation procedures in case of difficulties?
C1
10.1.4; 15.2.2
06B01-09
Are the development and test systems separated from the operational systems?
E2
10.1.4
06B02
06B02-01
Is there a document detailing all parameters to check on user workstations related to external connections capability (modem,
WiFi, etc.)?
E2
06B02-02
Is this document regularly updated in line with the latest information and in cooperation with expert authorities (specialized audits,
subscription to a service center, regular consultation with CERTs, etc.)?
E2
06B02-03
Is this reference document protected against all undue or illicit modification by strong security methods (electronic sealing )?
R1
06B02-04
Is the configuration of network equipment of user workstations checked systematically for compliance against this reference
document?
E2
06B02-05
E3
06B02-06
Are there automatic routines which systematically analyze the use of the telephone network for data transmission?
E3
06B02-07
Are there automatic routines which test for the presence of non declared wireless network (WiFi) access points?
E3
06B02-08
Are user workstations protected against the possibility of installing systems software and of modifying configurations?
E3
06B02-09
Is there a regular audit of the user configuration reference document and is the configuration control procedure regularly
executed?
06C
06C01
06C01-01
Has a management policy for privileged access rights on the network equipment been established, based on a pre-analysis of
the security requirements and business stakes?
E1
06C01-02
Is this policy documented, regularly reviewed, and approved by the affected managers?
E2
06C01-03
Have profiles been defined, as part of network operations, corresponding to each type of activity (equipment administration, the
administration of security equipment, network management, management of backup medias and contents etc.)?
E1
10.1.3; 10.6.1;
11.2.2
06C01-04
For each profile have the necessary administrative rights been defined?
E1
10.1.3; 10.6.1
06C01-05
Does the process of attribution of administrative rights require the formal authorization of management (or the manager
responsible for external service providers) at a sufficiently high level?
E2
10.1.3
06C01-06
Does the process of attribution of administrative rights effected uniquely in relation to the profile of the holder?
E2
10.1.3
06C01-07
Is the process of granting (modification or retraction) of special rights to an individual strictly controlled?
A strict control requires a formal recognition of the signature (electronic or not) of the requestor, that there be an access control in
order to attribute or modify such rights and that any modification of special rights be logged and audited.
R1
11.2.2
06C01-08
Is there a systematic process of removal of administrative rights at the time of departure or role change of staff?
E2
11.2.4
06C01-09
Is there a regular audit, at least once a year, of all administrative rights attributed ?
C1
11.2.4
341702815.xls ! 06 Nop
C1
11.1.1
page 150
1 variant
R-V1 R-V2 R-V3 R-V4
Questions
Max
Min
Typ
06C02
06C02-01
Is the process of authentication of network administrators or holders of administrative rights considered to be secure?
An authentication protocol is considered secure if it is not susceptible to being broken by a listening device on the network or
rendered inoperable by specialists tools (in particular password crack tools ). Such security usually uses cryptographic methods.
E2
06C02-02
Are the rules, for instance in the case of passwords, considered to be very strict?
Strict rules impose the use of tested non-trivial passwords and the use of a mixture of different types of character of a reasonable
length (ten or more characters). It is desirable that such rules be decided or agreed upon by the CISO.
E2
06C02-03
Is a strong authentication used for the connection of administrators to the supervision system as well as for the connection of the
supervision system to network equipments?
If the administrator connects to a hypervisor (such as HP OpenView, IBM TIVOLI, CA Unicenter, BMC Patrol or Bull OpenMaster)
with secure authentication and effective access control, an equivalent level of security is needed for the objects that are managed
(avoiding for example visible passwords, default public and community groups, access via telnet or simple SQL) in order to avoid
malicious direct action on the equipment.
E2
06C02-04
Is there a consistent control of the administrator's rights, of its context, and of the suitability of this context with the requested
access, as per formal rules of access control?
06C02-05
R1
06C02-06
R1
06C02-07
C1
06C02-08
Is there a regular audit of the procedures for granting profiles and the security parameters protecting the profiles and the rights?
C1
06C03
06C03-01
Has a detailed analysis been carried out of the operations performed with administrative rights which may potentially have an
impact on network security (configuration of security systems, access to sensitive information, usage of sensitive tools, download
or modification of administrative tools etc.)?
06C03-02
Are all these events recorded on a log file as well as all parameters required for their subsequent analysis?
06C03-03
Is there a system which enables the detection of the modification or deletion of a past record and to immediately trigger an alarm
to a manager?
06C03-04
Is there a summary of these records which enables management to detect abnormal behavior?
06C03-05
Is there a system which enables the detection of any modification of recording parameters and to immediately trigger an alarm to
a manager?
06C03-06
Does any inhibition of the recording system and processing of logged events trigger an alarm to a manager?
06C03-07
06C03-08
341702815.xls ! 06 Nop
ISO 27002
E2
2
3
11.2.4
E2
10.10.4; 10.6.1
E2
10.10.4; 10.6.1
E3
10.10.4
E3
10.10.4
R1
10.10.4
E3
10.10.4
R1
10.10.4
R1
10.10.4
page 151
1 variant
R-V1 R-V2 R-V3 R-V4
Questions
Max
Min
Typ
ISO 27002
06C03-09
Are the procedures for recording and analyzing operations executed with administrative rights regularly audited?
06C04
06C04-01
Is there an exhaustive inventory of the sensitive networking tools or utilities (administration of rights, configuration management,
backups, copies, hot system restarts etc.) allowed for each type of operational staff profile?
06C04-02
Can the tools or sensitive utilities only be used by the holders of the corresponding profiles following a secure and individual
authentication (authentication token, smart card etc.)?
E2
06C04-03
E2
06C04-04
Is this forbidding rule regularly enforced by an automatic procedure which may trigger an alert to a manager?
E3
06C04-05
Do the rights attributed to operational teams prohibit them from modifying operational tools and utilities or at the very least is
there a control of any such modification with triggering of an alert to a manager?
E3
06C04-06
Are the attribution of profiles and the implementation of the security measures mentioned above regularly audited?
C1
06D
06D01
06D01-01
Has the management established the requirements and procedures to follow during the audits conducted on the networks?
E2
15.3.1
06D01-02
Are the rules related to network audits, relevant procedures and associated responsibilities defined and documented?
The limits to be determined concern the type of access to the equipment, the controls and authorized processing, the deletion of
sensitive data obtained, the flagging of certain operations, ... and the empowerment of the individuals conducting the audits.
E2
15.3.1
06D01-03
E2
15.3.1
06D01-04
E3
15.3.1
06D01-05
E2
15.3.2
06D02
06D02-01
Are the audit tools protected to avoid any unauthorized or abusive use?
This applies particularly to intrusion testing and vulnerability assessments.
E2
15.3.2
06D02-02
E2
15.3.2
06D02-03
E2
15.3.2
341702815.xls ! 06 Nop
C1
E1
page 152
Comments
341702815.xls ! 06 Nop
page 153
Comments
341702815.xls ! 06 Nop
page 154
Comments
341702815.xls ! 06 Nop
page 155
Comments
341702815.xls ! 06 Nop
page 156
Comments
341702815.xls ! 06 Nop
page 157
Comments
341702815.xls ! 06 Nop
page 158
341702815.xls ! 06 Nop
page 159
341702815.xls ! 06 Nop
page 160
341702815.xls ! 06 Nop
page 161
341702815.xls ! 06 Nop
page 162
341702815.xls ! 06 Nop
page 163
341702815.xls ! 06 Nop
page 164
1 variant
Number
Question
07A
07A01
07A01-01
Has a management policy for access rights to the systems been established, built from an analysis of the security requirements
based on the business stakes?
07A01-02
Is access to the various parts of the information system (applications, data bases, systems, equipments, etc) defined in terms of
job profiles which regroup roles or functions within the organization (profiles define access rights which are available to holders of
the profile)?
Note: in certain circumstances the notion of "profile" may be replaced by the notion of "group".
07A01-03
Is it possible to adjust the access rights attributed to a given profile, based on the nature of the connection and equipment used
(location, link, network, protocol, encryption, etc) and on the classification of the resources accessed?
E2
07A01-04
Do the profiles also allow definition of working time limits (daily hours and periods in the working calendar, weekends, holidays
etc.)?
E3
11.5.6
07A01-05
Have these profiles and the access rights attributed to the different profiles, as a function of context, been approved by the
information owners and the Information Security Officer?
E2
11.5.6
07A01-06
Is the process of definition and management of rights attributed to profiles under strict control?
A strict control requires that the list of people able to change rights attributed to profiles be strictly limited and that the
implementation of these rights into tables be strictly secure during transmission and storage and that there exists a reinforced
access control in order to be able to modify these rights and that any modification of these rights be logged and audited.
R1
07A01-07
Is it possible to review at any time, the complete list of profiles and of the rights attributed to each profile?
C1
07A01-08
Is there a regular audit at least once a year of all rights attributed to each profile and the profile management procedures?
C1
07A02
07A02-01
Does the procedure of granting access authorization require the formal approval of line management (at a sufficiently high level)?
E1
07A02-02
07A02-03
Is the procedure for granting (or changing or revoking) authorization to an individual (either directly or via his profile) strictly
controlled?
A strict control requires a formal recognition of the signature (electronic or otherwise) of the requestor, that the implementation of
the profile attributed to users in the form of tables is highly secure during transmission and storage and that there be a reinforced
access control over the modification of such records and that any modification of records be logged and audited.
07A02-04
Is there a systematic process of updating the table of access authorizations at the time of departure of personnel (either internal
or external)?
07A02-05
Is there a systematic process of updating the table of access authorizations at the time of change of function?
07A02-06
Is there a strictly controlled process (as above) which allows to delegate his/her own authorizations, in part or in whole, to a
person of choice for a determined period (in case of absence)?
In this case, the delegated rights must no longer be authorized to the person who has delegated them during this time. The owner
however, must have the possibility of taking them back, by which process he or she effectively ends the delegation.
07A02-07
Is it possible to control at any time, for all users, the rights, authorizations and privileges in force?
341702815.xls ! 07 Sys
Max
Min
Typ
ISO 27002
E1
11.1.1
E1
11.2.2
11.2.4
E1
3
E2
11.2.2
E2
11.2.4
E3
11.2.4
E3
C1
page 165
1 variant
Number
Question
07A02-08
Is there a regular audit, at least once a year, of the profiles and authorizations granted to all users and of the procedures for
management of attributed profiles?
07A03
07A03-01
Max
Min
Typ
ISO 27002
C1
11.2.4
Does the process of distribution or modification of the user credentials guarantee that only the holder of the identifier can have
access to them (initial communication is confidential, password change is under the exclusive control of the user, etc.)?
E1
11.5.3
07A03-02
Does the process of definition or modification of user credentials respect a set of rules which ensures their intrinsic validity?
In the case of passwords: sufficient length (8 characters or more), obligatory mixture of types of characters, frequent change (less
than once a month), impossibility of reusing an old password, non-trivial word test using a dictionary, banning of "standard
systems", first names, anagrams of username, dates etc. In the case of certificates and authentications based on cryptographic
mechanisms: generation process evaluated or publicly recognized, keys of a sufficient length etc.
E2
11.2.3; 11.5.3
07A03-03
E3
11.5.1; 11.5.3
07A03-04
E3
11.5.1; 11.5.3
07A03-05
Do the mechanisms for retention and usage of credentials by the user (or by the equipment representing the user) or by the
target systems guarantee inviolability and authenticity of these credentials?
Passwords must be stored encrypted and a preliminary access control must be made before being accessible to the user.
In the case of authentication using cryptographic procedures, the mechanism must propose solid guarantees validated by a
recognized organization.
E2
11.5.1; 11.5.3
07A03-06
Do the mechanisms used for the transmission of the credentials between the user and target equipments guarantee inviolability
and authenticity of these credentials?
Transmission of a password must be encrypted or use an algorithm which introduces a variable at each transmission.
In the case of authentication using cryptographic procedures, the mechanism must propose solid guarantees validated by a
recognized organization.
E3
11.5.1; 11.5.3
07A03-07
In the case of multiple incorrect authentication attempts, is there an automatic process which temporarily invalidates the identifier
used or, possibly, the user workstation itself, or which slows down the authentication process so as to inhibit any automatic
routine from connecting?
E2
11.5.1; 11.5.3
07A03-08
Does the procedure for the replacement of a lost or mislaid user credential (password, token card) allow the instant deactivation
of the old credential?
E2
11.5.3
07A03-09
Does the procedure for the replacement of a lost or mislaid user credential (password, token card) allow an effective control of
the requestor's identity?
E3
11.5.3
341702815.xls ! 07 Sys
page 166
1 variant
Number
Question
07A03-10
R1
07A03-11
C1
07A04
07A04-01
Does any access to a system require the use of an identifier recognized by the system?
E1
11.5.2
07A04-02
Is there a direct or indirect correspondence between any identifier and a real physical person?
In the case where an application calls another or executes a system call, it may be that the application does not transfer to the
target system the identifier which originally made the request. The link between the call, the identifier and the user himself must
remain traceable after the fact.
E1
11.5.2
07A04-03
E2
11.5.2
07A04-04
E2
11.5.2
07A04-05
May the authentication process be renewed during an open session for those transactions considered to be sensitive?
E3
07A04-06
Is there an automatic invalidation of the user session in the absence of traffic after a defined duration, thus requiring user reidentification and re-authentication?
E3
07A04-07
Is there a systematic control, based upon definite access rules, of the profile of the requestor, of the association context and of
the appropriateness of that profile and context for the access requested?
E3
07A04-08
Are the parameters for the definition and management of access filtering rules under strict control?
A strict control requires that the list of persons allowed to change the security parameters for access filtering be extremely limited,
and that there be a reinforced access control in order to be able to effect such modification and that any modification be logged
and audited.
R1
07A04-09
Are the processes that guarantee access filtering under strict control?
A strict control requires that the software used has been validated and undergoes a regular test for integrity (close with a seal)
and that there be an audit at least once a year of access filtering procedures and processes (including the processes which aim
to detect intrusion attempts and the processes which respond to these intrusion attempts).
C1
07A04-10
Are regular tests carried out to attempt to break into the information system and are there detailed technical audits run by
specialists?
R2
07A05
07A05-01
Is there a possibility to declare servers as sensitive and, as such, requiring an authentication of the server accessed?
E2
341702815.xls ! 07 Sys
Max
Min
Typ
ISO 27002
11.5.5
page 167
1 variant
Number
Question
07A05-02
Is there a mechanism of authentication of the server called before access to a sensitive server from the internal network?
E2
07A05-03
Does the authentication mechanism of the accessed servers provide a recognized "strong" level of security?
Notably the usage of a simple password will always be a weakness. The only methods recognized as "strong", that is observable
without divulging information, are those based on cryptographic algorithms.
E3
07A05-04
Do the security equipment that retain credentials (e.g. passwords, calling number, etc.) use mechanisms which guarantee their
impregnability and authenticity?
Passwords must be stored encrypted and a preliminary control of the user must be made before usage.
In the case of authentication using cryptographic procedures, the mechanism must provide solid guarantees validated by a
recognized organization.
E2
07A05-05
Does the transmission of credentials (e.g. passwords, calling address, etc.) between calling user equipment and authentication
systems use mechanisms which guarantee their impregnability and authenticity?
Transmission of a password must be encrypted or use an algorithm which introduces a variable at each transmission.
In the case of authentication using cryptographic procedures, the mechanism must provide solid guarantees validated by a
recognized organization.
E3
07A05-06
Does the revoked keys management procedure guarantee that the control systems take into consideration in real time any
revocation of keys?
E2
07A05-07
Does the revoked keys management procedure guarantee that the control systems systematically test that the keys used have
not been revoked?
E3
07A05-08
Are the processes that guarantee the authentication of the accessed entities under strict control?
A strict control requires that the software used has been validated and undergoes a regular test for integrity (seal) and that there
is an audit at least once a year of the authentication procedures and processes.
R1
07B
Containment of environments
07B01
07B01-01
Has a detailed analysis been carried out for each type of system to identify residual data files, their storage areas and access
paths to such files and storage areas?
E2
07B01-02
Have storage systems (and medias) been identified which once stored sensitive information and which have been re-affected to
other usages?
E1
07B01-03
Does the system use an access rights control mechanism which prohibits user access to the contents of resources which have
been freed up by another process (areas of memory, temporary resources )?
E2
07B01-04
Are the tools which enable access to sensitive remnant data or temporary files reserved only for the use of systems operators
and does access to those tools require a secure authentication?
E3
07B01-05
Are there procedures of physical erasure of residual files (in main memory or for storage media)?
07B01-06
Are these procedures implemented systematically and automatically by the relevant systems each time a logical resource is
freed?
E2
07B01-07
R1
07B01-08
Is there a procedure which guarantees that sensitive information contained on discarded media will be protected until the
destruction of the supporting media?
07B01-09
Are all security procedures and parameters protecting access to residual data subject to regular audit?
07C
07C01
341702815.xls ! 07 Sys
Max
Min
Typ
ISO 27002
E3
E2
3
10.7.2
C1
page 168
1 variant
Number
Question
Typ
ISO 27002
07C01-01
Has a specific analysis been carried out to determine which access requests and related parameters will be logged?
E2
10.10.2
07C01-02
Is a tool or control application used which is able to log accesses to sensitive resources (applications, files, databases, etc.)?
E2
10.10.2
07C01-03
Are the rules, specifying which accesses to log and retain, formalized?
E2
07C01-04
Have the rules, specifying which accesses to log and retain, been approved by the information owners or the Information Security
Officer?
E3
07C01-05
Do the rules which specify which accesses will be logged include the necessary elements to carry out a subsequent investigation
in the case of anomaly?
These rules should specify for each type of access (system, database management system, etc. ) the fundamental elements to
record; for example user ID, the service or application requested, date and time, the point from where the access was requested
if known etc.
E2
10.10.1
07C01-06
Have these rules been validated by Legal Department (particularly for logs containing personal data)?
E3
10.10.1
07C01-07
Are all these records archived (on disk, cassettes, optical disk, etc.) and conserved for a long period in such a way as to be unmodifiable?
E2
10.10.1; 10.10.3
07C01-08
Are the parameters for definition and management of recording connections (login) and called applications under strict control?
A strict control requires that the list of persons allowed to change the definition parameters and the management of the recording
rules for the logins and called applications be strictly limited and that there exist a reinforced access control to effect these
modifications and that these modifications be logged and audited.
R1
10.10.3
07C01-09
Are the processes which ensure the recording of connections and called applications under strict control?
A strict control requires that the software used for recording has been validated and undergoes a regular test for integrity (closed
with seal) and that there be an audit at least once a year of recording procedures and processes (including the processes which
aim to detect modification attempts and the processes which respond to these modification attempts).
C1
07C02
07C02-01
Has a specific analysis been carried out of privileged system calls to log and of parameters related to these calls which should be
recorded?
E2
10.10.2
07C02-02
Is use made of a tool or control application which is able to record privileged system calls (tools which require special access
rights, access to security files, administration of security parameters etc.)?
E2
10.10.2
07C02-03
Have the rules specifying the privileged system calls to be logged been formalized?
E2
07C02-04
Have the rules specifying the privileged system calls to be logged been approved by the information owners or the Information
Security Officer?
E3
07C02-05
Do the rules specifying the accesses to privileged system calls to be logged include the relevant elements needed for subsequent
investigation in the case of anomaly?
The rules must specify for each type of system call (create, read, update or delete) the basic elements to record, for example, the
nature of the event, the user identifier, the systems services required, date and time etc.
E2
10.10.1
07C02-06
Have these rules been validated by Legal Department (particularly for logs containing personal data)?
E3
10.10.1
07C02-07
Are all these records archived (on disk, cassettes, optical disk, etc.) and conserved for a long period in such a way as to be unfalsifiable?
E2
10.10.3; 10.10.1
341702815.xls ! 07 Sys
Max
Min
page 169
1 variant
Number
Question
Typ
ISO 27002
07C02-08
Are the parameters for definition and management of the rules for recording privileged system calls under strict control?
A strict control requires that the list of persons allowed to change the recording parameters be strictly limited and that there exists
a reinforced access control to effect these modifications and that these modifications be logged and audited.
R1
10.10.3
07C02-09
Are the processes which ensure the recording of privileged system calls under strict control?
A strict control requires that the software used for recording has been validated and undergoes a regular test for integrity (closed
with seal) and that there be an audit at least once a year of recording procedures and processes (including the processes which
aim to detect modification attempts and the processes which respond to these modification attempts).
C1
07D
07D01
07D01-01
Has an analysis been carried out of the various shared equipment and systems (apart from the architecture of the applications
but including general peripheral systems such as backup systems and robots, print servers and centralized printing equipment) in
order to highlight the needs of service continuity?
An in depth analysis assumes that a list of failure scenarios has been established and that the consequences of such events
have been analyzed.
E2
07D01-02
Has this analysis allowed to detail the minimum performance levels that must be maintained for each system and have these
performance levels been accepted by users or information owners?
E2
07D01-03
Has the appropriate level of architectural redundancy been determined (e.g. clusters or disk replication ) for the servers or
equipment concerned?
E2
07D01-04
Does the architecture and its implementation guarantee that the minimum performance levels will be exceeded in the case of an
incident of failure?
Such a guarantee supposes that either failsafe systems are entirely automatic or that sufficient detection systems and staff are in
place so as to manually reconfigure them.
E2
07D01-05
Is there an assurance in this case that secondary equipment (power supply, air-conditioning, etc. ) does not introduce any
additional risk and does not eliminate redundancy envisaged for the systems architecture or equipment?
E3
07D01-06
Does any shutdown or inhibition of redundant equipment or system devoted to detecting the need for human intervention or for
automatic reconfiguration trigger an alarm to an operational manager?
R1
07D01-07
Are regular tests made to demonstrate that security equipment is able to guarantee minimum performance levels required in the
case of an incident or failure?
07D02
07D02-01
Has the systems' sensitivity been analyzed (based on the applications and data processed) including peripheral systems or
robots used for storage or archiving, print servers or central printing equipment, etc.) to highlight their security requirements?
A thorough analysis implies the establishment of a list of incident scenarios (A, I, C), for which all foreseeable consequences
were analyzed.
E2
11.6.2
07D02-02
Did this analysis allow to formalize minimum requirements for each system and were these minimum requirements accepted by
the users (information owner)?
E2
11.6.2
341702815.xls ! 07 Sys
Max
Min
C1
page 170
1 variant
Number
Question
07D02-03
Have appropriate isolation measures (physical and logical) been determined for these servers and equipment?
These measures may impose to use different data centers for sensitive servers or applications from other servers.
341702815.xls ! 07 Sys
Max
Min
Typ
ISO 27002
E2
11.6.2
page 171
Commentaires
341702815.xls ! 07 Sys
page 172
Commentaires
341702815.xls ! 07 Sys
page 173
Commentaires
341702815.xls ! 07 Sys
page 174
Commentaires
341702815.xls ! 07 Sys
page 175
Commentaires
341702815.xls ! 07 Sys
page 176
Commentaires
341702815.xls ! 07 Sys
page 177
Commentaires
341702815.xls ! 07 Sys
page 178
341702815.xls ! 07 Sys
page 179
341702815.xls ! 07 Sys
page 180
341702815.xls ! 07 Sys
page 181
341702815.xls ! 07 Sys
page 182
341702815.xls ! 07 Sys
page 183
341702815.xls ! 07 Sys
page 184
341702815.xls ! 07 Sys
page 185
1 variant
R-V1 R-V2 R-V3 R-V4
Question
Max
Min
Typ
ISO 27002
08A
08A01
Consideration of security in relation with operational personnel (permanent and temporary staff)
08A01-01
Is there a security policy, specifically aimed at operations personnel, related to information systems?
This policy should cover the requirements for the protection of information as well as the protection of physical assets and
processes and mention the forbidden behaviors
E1
08A01-02
Is information systems operations personnel required to sign contract clauses of adherence to that security policy (no matter their
status: permanent or temporary staff, students, etc.)?
E2
08A01-03
Do these clauses make clear that the obligation to respect that security policy applies to information at large (whichever the
support : paper, magnetic, optical, etc.)?
E2
08A01-04
Do these clauses make clear, if necessary and legally possible, that the obligation to respect the security policy applies without
limitation in time?
This applies, in particular, to the clauses concerning confidentiality, they may (and often must) continue after the end of the contract
linking (directly or indirectly) the employee or service provider or partner to the company
E3
08A01-05
Do these clauses make clear that the personnel has an obligation not to tolerate any action contrary to security from other people?
E3
08A01-06
E2
08A01-07
Are these same clauses obligatory for contractors working on systems operations?
Practically, the contractors should ensure that their personnel sign individually and explicitly under the same conditions than
internal staff.
E2
08A01-08
Is there a mandatory and well adapted training course aimed at systems operation personnel?
08A01-09
Are the security policy compliance agreements, signed by personnel, securely kept (at least in a locked cupboard )?
R1
08A01-10
Are the security policy compliance agreements, signed by external contractors, securely kept (at least in a locked cupboard )?
R1
08A01-11
Is there a regular audit, at least once a year, of the effective application of the signature procedure by operational personnel
(directly employed by the company or indirectly through a service company) ?
C1
08A02
9.2.1
E2
08A02-01
Have different profiles been defined for the systems operation staff (administration and management of configurations,
administration of security equipment, monitoring, audit and investigation)?
E1
08A02-02
Are all members of systems operation staff attributed with one of these profiles?
E2
08A02-03
Have all the sensitive system tools and utilities (rights administration, configuration management, backups, copies, hot restarts,
etc.) been exhaustively audited and listed for each profile?
E2
11.5.4
08A02-04
Is it possible only for holders of a certain profile to use the corresponding tools and utilities subsequent to proper strong
authentication (smart card or token card)?
E3
11.5.4
08A02-05
E2
11.5.4
08A02-06
Is there a regular automated check to enforce this rule which triggers an alert to an appropriate manager?
E3
11.5.4
08A02-07
Does the segregation of rights of systems operation staff prevent undue modification of sensitive tools or utilities or at least, is
there an automatic routine which checks that no modification has been made and which may trigger an alert to a manager if so?
E3
11.5.4
08A02-08
Are the granting of administrative profiles and the implementation of the aforementioned security measures subject to regular
audit?
C1
341702815.xls ! 08 Sop
page 186
1 variant
R-V1 R-V2 R-V3 R-V4
Question
Max
Min
Typ
ISO 27002
08A03-01
Are the decisions to change or update equipment and systems significantly subject to a control procedure (registration, planning,
formal approval, communication to all concerned individuals, etc.)?
E1
10.1.2
08A03-02
Are the change decisions based on an analysis of the capacity of the new equipment and systems to ensure the required load and
take into account the evolution of foreseeable requests?
E2
10.3.1
08A03-03
Do the installations take into account physical protection (protected access, no direct external view on equipments, no multiple
physical threats, weather conditions, protection against thunderbolts, protection against dust, etc.)?
E2
9.2.1; 12.5.1
08A03-04
Is any new or modified functionality linked to a new system or new version of a system, systematically documented before moving
into production?
E2
12.4.1; 12.5.1
08A03-05
Is such new functionality (or change in functionality), linked to a new system or new version of a system, formally and
systematically reviewed in conjunction with the IT security function?
E2
12.4.1; 10.3.2
08A03-06
Does this review include an analysis of the risks that may result from the changes?
E2
12.4.1; 10.3.2
08A03-07
Have system operations staff received formal appropriate training in risk analysis?
08A03-08
May the operation staff obtain an appropriate support specially competent on risk analysis?
08A03-09
Are the security measures, determined to counter the new identified risks, formally reviewed before implementation?
E3
10.3.2
08A03-10
Are security parameters and configuration rules (deletion of generic accounts, changing of any default passwords, blocking of
unauthorized communications ports, setting of access rights and authentication parameters, etc.) listed in detail and regularly
updated?
E3
11.4.4; 10.3.2
E3
E3
2
08A03-11
Are the security parameters and configuration rules controlled prior to any start of production of a new version?
E3
11.4.4; 10.3.2
08A03-12
Has the eventual impact of the systems' changes regarding the continuity plans been considered?
E2
10.3.2
08A03-13
Are any derogations from the prerequisite risk analysis and control of security parameters subject to strict procedures, including a
signature from senior management?
R1
12.4.1
08A03-14
Can the start of production of new systems and applications be only carried out by operations personnel?
E3
12.4.1; 6.1.4
08A03-15
Is the start of production of new versions of systems or applications possible by the use of a defined validation and authorization
process?
E3
12.4.1; 6.1.4
08A03-16
C1
08A04
08A04-01
08A04-02
Are all maintenance operations required to terminate with a systematic control of security parameters (as defined at time of start of
production)?
E2
08A04-03
Are all maintenance operations required to terminate with a systematic control of the recording parameters for security events and
the life span of records?
E3
08A04-04
Are all maintenance operations required to terminate with a systematic control of system administration parameters (required
profile, authentication type, removal of standard logins etc.)?
E3
08A04-05
Is a formal dispensation, signed by a responsible manager, required if the above mentioned procedures are not observed?
08A04-06
08A05
08A05-01
E2
9.2.4
E3
3
C1
341702815.xls ! 08 Sop
E1
9.2.4; 9.2.6
page 187
1 variant
R-V1 R-V2 R-V3 R-V4
Number
Question
08A05-02
Is there a binding clause in maintenance personnel contracts stipulating that any storage media which contained sensitive data be
destroyed before disposal?
E2
08A05-03
Is there a procedure of checking for system integrity after maintenance intervention (absence of spyware, or trojans etc.)?
E2
08A05-04
Is a formal dispensation, signed by a responsible manager, required if the above mentioned procedures are not observed?
E3
08A05-05
C1
08A06
Max
Min
Typ
ISO 27002
9.2.4; 9.2.6
08A06-01
In the case of remote maintenance, is the remote maintenance desk's access subject to a secure authentication procedure?
E2
11.4.4
08A06-02
In the case of remote maintenance, are maintenance staff subject to a secure authentication procedure?
E2
11.4.4
08A06-03
Is there a set of procedures covering the granting and revocation of access rights for remote maintenance operatives and the
granting of rights in urgent situations?
E3
11.4.4
08A06-04
Have the procedures and protocols for transmission and retention of secret conventions (in the case of remote maintenance) been
approved by the Information Security Officer or a qualified specialist?
E3
08A06-05
Does the usage of the remote maintenance line require the prior agreement (for each usage) of system operations personnel
(upon request by the manufacturer or editor specifying the nature, date and time of the intervention)?
08A06-06
E3
08A06-07
Are data or command exchanges during remote maintenance protected by integrity control (sealing)?
E3
08A06-08
E2
08A06-09
Are the equipment accessible for remote maintenance protected against inhibition or modification of the access conditions for
remote maintenance (e.g. by the triggering of an alarm)?
R1
08A06-10
C1
08A07
E3
08A07-01
08A07-02
Are all sensitive documents and reports protected against diversion while being produced?
E1
08A07-03
Are all sensitive documents and reports protected against diversion while waiting for distribution?
E1
08A07-04
Does the distribution system for printouts and reports ensure protection against theft (locked cabinets and carrying cases during
transportation)?
E2
08A07-05
Does the distribution system for printouts and reports ensure protection against prying consultation?
E2
08A07-06
Does the distribution system for printouts and reports require the addressee to be authenticated prior to their delivery?
E3
08A07-07
Are printed documents and reports labeled anonymously without showing any particular classification?
E2
08A07-08
Are these measures adapted to the maximum security level of the information within (temporary storage in locked strong boxes
and hand delivery for very sensitive information)?
E2
08A07-09
Are sensitive printed documents and reports put on the scrap destroyed in a secure way so that they cannot be exploited?
E2
08A07-10
Are the security procedures for distribution of printed material regularly audited?
C1
08A08
11.4.4
E1
341702815.xls ! 08 Sop
page 188
1 variant
R-V1 R-V2 R-V3 R-V4
Number
Question
08A08-01
Do the operating procedures result from the study of the overall cases to be covered by said procedure (normal operating cases
and incidents)?
E2
10.1.1
08A08-02
E2
10.1.1
08A08-03
Are the operating procedures readily available upon request by any accredited individual?
E2
10.1.1
08A08-04
E2
10.1.1
08A08-05
R1
08A08-06
Are the operating procedures audited regularly for authenticity and relevance?
C1
08A09
Max
Min
Typ
ISO 27002
08A09-01
Is it regularly ensured that the security services allocated to suppliers or providers are efficiently implemented and maintained by
them?
E1
10.2.1
08A09-02
Is it ensured that the service suppliers or providers have efficiently prepared the appropriate arrangements to ensure that the
services are provided as agreed?
E2
10.2.1
08A09-03
Is the respect of the security provisions by the suppliers or providers regularly reviewed?
C1
10.2.2
08A09-04
Is it ensured that the suppliers and providers report and document any security incident concerning information or systems?
E2
10.2.2
08A09-05
Is there a regular review of these incidents or malfunctions with the concerned suppliers and providers?
E2
10.2.2
08A09-06
Are any changes in the contract relationship (obligations, service levels, etc.) analyzed for resulting potential risks?
E3
10.2.3
08B
08B01
08B01-01
E1
Such a document should be derived from the security policy and describe all the filtering rules decided. It should also mention the
reference to the system versions so as to check the status of the updates.
08B01-02
Does this document require that all generic or by default accounts be deleted and their list established?
E2
11.4.4
08B01-03
Are the system versions, fixes and parameters updated regularly in line with latest information?
This should be done in cooperation with expert authorities (specialized audits, subscription to a service center, regular consultation
with CERTs, etc.)
E2
10.7.4; 12.6.1
08B01-04
Does the resulting document or procedure impose a synchronization feature, based on a reliable time reference?
E3
10.10.6
08B01-05
Are these reference documents protected, by secure methods, against untimely or illicit alteration (sealing)?
R1
10.7.4
08B01-06
Is the integrity of system configurations checked, regularly (at least weekly) if not at each system start-up, against the configuration
theoretically expected?
E3
15.2.2
08B01-07
Are regular audits carried out of the compliance to the specifications for security parameters?
R1
15.2.2
08B01-08
Are regular audits carried out of the exception and escalation procedures in the case of difficulty or installation problems?
R1
15.2.2
08B01-09
Are the development and test environments separated from the operational environments?
C1
08B02
08B02-01
Is there a document (or a set of documents ) or an operational procedure which describes the security parameters for all
applications?
These parameters should result from the security architecture retained for the applications
E1
08B02-02
E2
08B02-03
Does this document require that all generic or by default accounts be deleted and their list established?
E2
341702815.xls ! 08 Sop
page 189
1 variant
R-V1 R-V2 R-V3 R-V4
Number
Question
Max
08B02-04
Are the application software versions, fixes and parameters updated regularly in line with latest information?
This should be done in cooperation with expert authorities (specialized audits, subscription to a service center, regular consultation
with CERTs, etc.)
E2
10.7.4; 12.6.1
08B02-05
Are these reference documents protected, by secure methods, against untimely or illicit alteration (sealing)?
R1
10.7.4
08B02-06
Is the integrity of application configurations regularly checked against the configuration theoretically expected (weekly)?
E3
10.7.4; 15.2.2
08B02-07
Are regular audits carried out of possible differences between the security parameters expected and effectively implemented?
R1
15.2.2
08B02-08
Are regular audits carried out of the exception and escalation procedures in the case of difficulty or installation problems?
R1
15.2.2
E1
12.4.1
08B03
Min
Typ
ISO 27002
08B03-01
Do IT operations manage a reference version for each product installed in production (source code and executables)?
08B03-02
Is this reference version protected against all possible illicit or untimely modification (signed media kept by a senior manager,
electronic sealing, etc.)?
R1
08B03-03
Is this protection considered to be inviolable (sealing by cryptographic algorithm approved by the Information Security Officer)?
R2
08B03-04
Is the protective seal controlled automatically (otherwise it may be an authoritative signature) at each new installation?
R2
08B03-05
Is a check made of the proof of origin and integrity of received maintenance module or a new version, from the editor or the
manufacturer (for operating systems)?
E2
08B03-06
Are the sealing and sealing control tools protected against any unauthorized usage?
R2
08B03-07
Does the inhibition of the automatic control of seals trigger an alarm to a manager?
E3
08B03-08
C1
08C
08C01
08C01-01
Are all media removals from the media library controlled by a dedicated person or department responsible for the media handling?
E1
10.7.1
08C01-02
Are media returns after use by the operations controlled by the same person or department?
E2
10.7.1
08C01-03
Is the removal of storage media systematically registered (date and time, individual responsible for media, etc.) ?
E2
10.7.1
08C01-04
Is the disposal of storage media systematically registered (date and time, individual responsible for media, etc.) ?
E2
10.7.1; 10.7.2
08C01-05
E3
10.7.1; 9.2.6
08C01-06
Are any missing items systematically subject to a search procedure and a follow-on form included in the overall operational
dashboard?
E2
08C01-07
Are all movements of storage media into or out of the library strictly controlled with respect to production systems planning?
E3
08C01-08
Are the files related to storage media management under strict control?
A strict control requires that people authorized to access the files be registered and in limited number, that there be a reinforced
access control to be able to modify the files and that any modification be logged and audited.
341702815.xls ! 08 Sop
R1
page 190
08C02
1 variant
R-V1 R-V2 R-V3 R-V4
Question
Are the processes which ensure the management of storage media under strict control?
A strict control requires to control that the software has been effectively, that a regular data integrity test (seal) be performed and
that there is an audit, at least once a year, of media management procedures and processes (including handling the anomalies
detected in the course of storage media management).
Max
Min
Typ
08C02-01
Are magnetic media marked neutrally without any mention of their classification level?
08C02-02
Are the files accompanying the marking system (files which make the link between the label of the media and its contents) under
strict control?
A strict control requires that people authorized to access the files be registered and in limited number, that there be a reinforced
access control to be able to modify them and that any modification be logged and audited.
E2
08C02-03
Are the processes which ensure the management of storage media marking under strict control?
A strict control requires that the software used has been validated and undergoes a regular test for integrity (seal) and that there is
an audit at least once a year of support media marking procedures and processes (including a management of anomalies detected
in the course of support media marking).
This presupposes that there be a document which details all of the requirements of support media marking.
C1
08C03
E1
08C03-01
Is there an automatic and systematic access control to the location used for on site storage of operation media?
08C03-02
Does authentication, for access control to the storage rooms of production media, employ user related data that cannot be falsified
(smart cards or biometric data for example)?
E2
08C03-03
Does the access control system guarantee that all personnel entering the location are verified (double door limiting the number of
people entering to one-at-a-time, process which prohibits the usage of a badge by more than one person etc.)?
E2
08C03-04
In addition to access control for the normal exits, is there a specific control for non authorized exits (windows accessible from
outside, emergency exits, potential access via false panels, flooring and ceilings, etc)?
E3
08C03-05
Are the automatic access control systems under 24 hr surveillance enabling to detect in real time the failure or deactivation of the
system or the usage of emergency exits?
R1
08C03-06
Is there an audit procedure enabling later to uncover irregularities in the access control procedures (audit of procedures and
parameters of access control systems, audit of exceptions and of interventions etc.)?
C1
08C03-07
Is there an operational intrusion detection system for the storage locations, linked to a 24 hr monitoring center?
R2
08C03-08
Are the on site locations for production storage media placed under 24 hours surveillance (video surveillance of the location itself)?
R2
08C03-09
Is the transfer of production media, between the production and on site storage locations, under strict control (specific moving
procedures, secured containers etc.)?
E2
08C03-10
Is the storage location of production storage media protected against accidental risk (fire detection and extinguisher equipment,
protection from water damage, etc.)?
E2
E2
E1
08C03-11
Is the storage location for production storage media regulated and supervised for temperature and humidity?
08C03-12
Are the automatic fire, flood and humidity detection systems, under 24 hour operational control enabling to detect in real time a
failure, a deactivation or an alarm?
R1
08C03-13
Is there a procedure or automatic routine which triggers the immediate intervention of specialized personnel in the case of an
alarm (of the access control system or the incident detection system)?
C1
08C04
08C04-01
ISO 27002
C1
10.7.1
341702815.xls ! 08 Sop
E1
page 191
1 variant
R-V1 R-V2 R-V3 R-V4
Max
08C04-02
Does the contract signed with the outside media storage company ensure a high level of security (strong access authentication,
control of access points and emergency exits, intrusion detection, video surveillance, protection against natural risk, intervention
team, etc.)?
08C04-03
Does the procedure used for the transfer of sensitive media to the external storage location require a high level of security (like
secure containers and transporters accredited by the company)?
E2
08C04-04
Are there contractual clauses or annex clauses, which stipulate the conditions of restitution of storage media, guaranteeing that the
person to whom to the media is returned has the correct authorization even in the case of an emergency procedure?
E3
08C04-05
Is there a regular audit of the security measures used by the company ensuring the external storage of archives and backups?
C2
08C04-06
Is there a regular audit of the management procedures related to storage media (transport and return )?
C1
08C04-07
Is there a regular audit of the contractual clauses specifying relations with the company ensuring the external storage of archives
and backups?
C1
08C05
Question
Min
Typ
10.8.3
08C05-01
Are the storage media which retain data for long periods (archives) regularly verified (as a function of the frequency of updates and
the classification of the information)?
E2
08C05-02
Are the storage media which retain data for long periods (archives) periodically copied to new storage media with the maintenance
of an inventory and redundancy of media?
E2
08C05-03
Is there a regular verification of the technical compatibility between the storage media and the operational solution used to effect
restoration of data?
E3
08C05-04
E2
08C05-05
Do the reread tests contain controls of the authenticity of the information stored?
08C05-06
Are the files used for the management of storage media rotation and sampling under strict control?
A strict control requires that people authorized to access the files be registered and in limited number, that there be a reinforced
access control to be able to modify them and that any modification be logged and audited.
08C05-07
Are the procedures concerning the verification of archived storage media regularly audited?
08C06
ISO 27002
E2
E3
R2
08C06-01
Are the storage networks physically or logically isolated from other data networks?
08C06-02
Are the storage networks protected by a firewall which only allows data and administrative flows related to storage?
E1
08C06-03
Is access to storage bays subject to strong authentication, for authorized elements (servers and administration stations)?
E2
08C06-04
08C06-05
Is data stored using a storage network encrypted before transmission to the network?
08C06-06
Do the solutions, protecting access to data stored on the storage network, offer valid and solid guarantees?
A cryptographic solution with keys of sufficient length is one of among many parameters to take into consideration (as a function of
the algorithm) .
The recommendation of an official organization can be a confidence factor. At least the solution should have been approved b the
CISO.
E2
08C06-07
Are the security mechanisms for access to data protected against infraction or alteration?
R1
08C06-08
Is the switching off or bypass of security mechanisms immediately detected and signaled to a responsible team?
R1
08C06-09
R1
08C06-10
Is there a procedure detailing the actions to carry out in the case of error or alert?
341702815.xls ! 08 Sop
E1
E3
3
E3
12.3.1
C1
page 192
1 variant
R-V1 R-V2 R-V3 R-V4
Question
Max
Min
Typ
ISO 27002
08C07-01
Are the transfer of medias between sites (internal or external) strictly controlled (specific procedures, follow-up or secured
containers, etc.) ?
E1
08C07-02
Are the medias marked anonymously, without reference to any classification, while in transit?
E2
08C07-03
E2
08C07-04
08C07-05
10.8.3
E2
3
C1
Service continuity
08D
08D01
08D01-01
E1
08D01-02
Are there specific maintenance contracts for all hardware which require a high availability and for which the replacement must be
made within limited delays?
E2
08D01-03
Do the contracts stipulate maximum delays before intervention and compatible with the requirements of availability?
E2
08D01-04
Do the contracts detail the required time slots and days of intervention (24h/7d for example) compatible with the requirements of
availability?
E3
08D01-05
R1
08D01-06
Do the contracts detail specific clauses for when the hardware downtime exceeds the specific times stipulated (penalties, hardware
replacement, etc.)?
It is desirable that these clauses be general and apply to all cases no matter what the reasons (technical difficulty, staff strikes,
etc.)
E3
08D01-07
Do the maintenance contracts anticipate the complete replacement of equipment in the case of important damage which might not
be taken into consideration by reparative maintenance?
08D01-08
Are the maintenance contracts, the choice of subcontractors and associated maintenance procedures subject to regular audit?
08D02
9.2.4
E3
3
C1
08D02-01
Are there maintenance contracts for all acquired software products (systems software, middleware and applications)?
E1
08D02-02
Do the suppliers provide a technical software support center which guarantees a quick and competent telephone assistance?
E2
08D02-03
Do the software maintenance contracts anticipate the regular release of new versions taking into account all applicable fixes to the
product?
E2
08D02-04
Are there specific maintenance contracts for software products (systems, middleware and applications) which require corrective
delays that standard maintenance cannot cover?
E2
08D02-05
Do these contracts detail specific maximum intervention delays, compatible with the availability requirements?
E2
08D02-06
Do the contracts detail the required time slots and days of intervention (24h/7d for example) compatible with the requirements of
availability?
E3
08D02-07
R1
08D02-08
Do the contracts specify specific clauses when system downtime exceeds specific durations stipulated (penalties, replacement of
hardware, etc.)?
It is desirable that these clauses be general and apply to all cases no matter what the reasons (technical difficulty, staff strikes,
etc.)
E3
341702815.xls ! 08 Sop
page 193
1 variant
R-V1 R-V2 R-V3 R-V4
Question
Are the maintenance contracts, the choice of subcontractors and associated maintenance procedures subject to regular audit?
Max
Min
Typ
ISO 27002
C1
08D03-01
Has a list been established, for all applications, of incidents which could occur during production and, for each of these, the
seriousness of possible consequences?
Critical consequences may relate to data consistency and continuity of service
E1
08D03-02
For each incident during operation have the corresponding diagnostic means been identified?
E2
08D03-03
For each incident during operation, has a solution been established as well as the operations to carry out by system operation
personnel?
E2
08D03-04
For each possible incident during operation, have an acceptable resolution delay and an escalation procedure been determined in
the case of failure or lateness of the anticipated corrective actions?
E3
08D03-05
Are the diagnostic means, needed by system operation personnel, protected against any possible inhibition or unauthorized
modification?
R1
08D03-06
Are the corrective means, needed by system operation personnel, to solve a critical operation incident protected against any
possible inhibition or unauthorized modification?
R2
08D03-07
Are there regular tests concerning the efficiency of the procedures and facilities which survey and diagnose the applications'
operation?
08D03-08
Are there regular checks concerning the update of the corresponding documentation?
08D03-09
Are regular tests made of the effective capacity to restore data and restart the application after an incident during operation?
08D03-10
For encrypted data retrieval, does the Key Management provide the recovery for lost or altered keys?
E3
12.3.2
E1
10.5.1
08D04
C1
C2
3
C1
08D04-01
Has a backup plan been established which covers all programs and defines all objects to save and the frequency of backups?
08D04-02
Does the plan also cover system and middleware configuration parameters to save?
E2
10.5.1
08D04-03
E2
10.5.1
08D04-04
E2
10.5.1
08D04-05
Are there regular tests that the backup copies of programs (source code and/or executables) enable the effective restoration of the
production environment at any time?
These tests should consider all the backups (including documentation and parameters files) of legitimate elements.
E2
10.5.1; 14.1.5
08D04-06
Are the production routines which ensure backups protected, against illicit or undue modification, by secure mechanisms?
Such mechanisms might be electronic seal or any equivalent modification detection system.
R1
10.5.1
08D04-07
R2
10.5.1
08D04-08
Are all software backup plans and procedures subject to regular audit?
C1
08D05
08D05-01
341702815.xls ! 08 Sop
E1
10.5.1
page 194
1 variant
R-V1 R-V2 R-V3 R-V4
Question
Max
Min
Typ
ISO 27002
08D05-02
Has an analysis been carried out with the users in order to define for each file the maximum acceptable time between two
backups?
These studies are to be based on the capacity to rebuild lost information and permit to define the required backup cycle
E1
10.5.1
08D05-03
Have studies been made of the necessary synchronization between bound backups for all platforms in order to ensure the proper
functioning of the resumed applications and the coherence of the data necessary for this resumption?
E1
10.5.1
08D05-04
From above studies, have the various procedures been recorded in a backup plan comprising, for each class of files, the
frequency, the details of constitution and the necessary synchronizations?
E2
10.5.1
08D05-05
Does the backup plan integrate a control plan pointing out the various control points (size of files, duration, reread, etc.) and their
frequency?
E3
10.5.1
08D05-06
Does the control plan mention the actions to effect in the case of incident or anomaly?
E3
10.5.1
08D05-07
Is the backup plan updated each time the operation's environment is changed?
Updates should occur in particular at the time of addition or modification of applications
E2
10.5.1
08D05-08
E2
10.5.1
08D05-09
Are regular controls carried out to ensure that a restart or start up is possible from the backups made (i.e. a complete test which
verifies all functionality and the absence of synchronization or coherence problems)?
E2
10.5.1; 14.1.5
08D05-10
Are production routines which effect backups under strict control with regard to illicit or undue modification?
A strict control requires a reinforced access control to modify these routines, a logging and an audit of all modification and/or an
integrity control by electronic sealing of the automatic operational routines.
R1
10.5.1
08D05-11
Do the data saving and retention procedures offer guarantees of compliance to regulations and commitments from the organization
regarding confidentiality and integrity?
E3
10.5.1
08D05-12
E2
10.5.1
08D05-13
Are several generations of files systematically kept in order to guard against any losses or illegibility by organizing, for example, the
rotation of backup storage media?
E3
10.5.1
08D05-14
08D06
C1
08D06-01
Have all the scenarios which may impact the IT infrastructure and services been considered and, for each scenario, the
consequences in terms of service unavailability for users?
E1
14.1.3
08D06-02
For each scenario, and in agreement with the users, have a list and schedule of IT service resume been defined?
Loss of information, means to reconstruct them and temporary operational procedures must be considered.
E2
14.1.3
08D06-03
Has an activity recovery solution been defined and implemented to resolve each scenario identified above, in accordance with user
requirements?
E1
14.1.3
08D06-04
Are the technical, organizational and human resources sufficient to address the organization's requirements for IT continuity?
This means being able to correct personnel deficiencies
E2
14.1.3
08D06-05
Are the technical, organizational and human resources educated to address the organization's requirements for IT continuity?
This implies to train appropriately all concerned staff.
E2
14.1.3
08D06-06
Are all these solutions described in detail in Disaster Recovery Plans including the conditions for triggering the plan, the actions to
execute, the priorities, the actors to mobilize and their contact details?
E1
14.1.3
08D06-07
E2
14.1.5
341702815.xls ! 08 Sop
page 195
1 variant
R-V1 R-V2 R-V3 R-V4
Question
Max
08D06-08
Are above tests able to guarantee that the staff capacity and the recovery systems can cope, under full operational load, the
minimum IT services required by users?
The tests required to obtain this guarantee are preferably full scale tests of each variant of scenario, involving all users. The results
of the tests have to be registered and analyzed in order to improve the capability of the organization to answer to the situations
considered.
Min
Typ
E2
08D06-09
If the recovery solutions include delivery of hardware components (which cannot be triggered during tests), is there a contractual
commitment by the manufacturer or any relevant third party (leaser, broker, distributor) to deliver the replacement hardware within
fixed and anticipated time limits as stated in the recovery plan?
E2
08D06-10
Has the unavailability or failure of the recovery facility been considered and has a replacement solution been defined and validated
(second level recovery)?
E2
ISO 27002
14.1.5
08D06-11
E3
08D06-12
Is the recovery solution usable for an unlimited duration and, if not, has a follow on replacement solution been established?
E3
08D06-13
Are the existence, the pertinence and the updates of the IT services Recovery Plans regularly controlled?
C1
08D06-14
Is the updating of the above procedures within the recovery plan subject to regular audit?
C1
E2
10.4.1
10.4.1
08D07
08D07-01
Have the measures to be taken by the IT staff been defined so as to prevent, detect and correct any attacks by malevolent code
(virus, spyware, other)?
08D07-02
Are production servers (including office and mail servers) protected by anti virus or malevolent code software?
E1
08D07-03
Are several antivirus software (from different editors) simultaneously operating for the protection of the operation servers?
E2
08D07-04
E2
08D07-05
Is a subscription held with an emergency response center able to warn and anticipate large scale virus attacks for which the
installed antivirus software is not yet up to date?
E3
08D07-06
Is there an emergency committee which can be implemented quickly in the case of alert or detection of viral infection?
E2
08D07-07
Is the activation and the update of antivirus software on servers subject to regular audit?
C1
08D08
08D08-01
Have the consequences of the disappearance of a supplier been analyzed (in the case of failure, a bug or change requirement)
and has a list of critical systems been established?
This is valid for hardware, software or service providers
E2
08D08-02
For all critical systems, has a corrective solution been analyzed to cope with the failure or disappearance of a supplier
(consignment of maintenance documentation or source code with a trusted third party, hardware replacement by standard market
solutions etc.)?
E2
08D08-03
Is there a guarantee that the corrective solutions could be made operational within time delays compatible with the continuity of the
business and accepted by the users?
08D08-04
Have variants to the primary solution been considered in case it might encounter unforeseen difficulties?
E3
08D08-05
C1
08D09
E2
08D09-01
Are all software backups and configuration files, which enable the restoration of the production environment, also saved at a
location off premises (recourse backup)?
E1
08D09-02
Are all data saved for backup also saved at a location off premises (recourse backup)?
E1
08D09-03
Are regular tests carried out that these emergency backups can be read?
E2
341702815.xls ! 08 Sop
page 196
1 variant
R-V1 R-V2 R-V3 R-V4
Question
Max
Min
Typ
ISO 27002
08D10-01
Has it been defined with the users the maximum acceptable delay for reinstating their rights following the accidental or deliberate
blocking of their accounts (application, system, or network?
E1
08D10-02
E2
08D10-03
08D10-04
Does this procedure respect the maximum acceptable delay in the case of isolated blockage of several accounts (denial of service
attack)?
E2
08D10-05
E3
08D10-06
Has the procedure to follow if many accounts are simultaneously blocked been defined with users?
E3
08D10-07
C1
E2
08E
08E01
08E01-01
Has a detailed analysis been carried out of the events or succession of events which may reveal abnormal behaviors or illicit
actions and, as a consequence, have specific monitoring indicators or control points been identified?
E2
08E01-02
Is the system equipped with an automatic real time monitoring system in the case of an accumulation of abnormal events (for
example unsuccessful connection attempts on non-open ports)?
E3
08E01-03
Is there one application able to analyze the individual anomaly diagnostic data and trigger an alert to operational personnel?
E3
08E01-04
Is there, within operational personnel, a team or individual available 24 hrs a day and capable of reacting in the case of an alert
after this application has detected an anomaly?
08E01-05
Has the expected response time from the surveillance team been defined for each case of alert and are its availability and staffing
level sufficient to meet these expectations?
08E01-06
Are the alarm definition parameters strictly protected (restricted access rights and strong authentication ) against illicit
modification?
R1
08E01-07
Does the shutdown of the alarm system trigger an alert with the surveillance team?
R1
08E01-08
Are all the elements which enabled the detection of an anomaly or incident archived (on disk, cassette or DON etc.)?
08E01-09
Are the procedures of detection of the anomalies and the availability of the surveillance team subject to regular audit?
C1
08E02
E3
E3
E2
08E02-01
Has a detailed analysis been carried out of the events or succession of events which may have an impact on security (refused
connections, reconfigurations, changes in performance, access to sensitive data or tools etc.)?
08E02-02
Are these events recorded as well as the parameters useful for their subsequent analysis?
08E02-03
Is there an application able to analyze these records as well as performance measurements and to infer statistics, a dashboard,
anomaly diagnostics, etc. for examination by a competent team?
08E02-04
Is the structure in charge of the analysis of these summaries (or incident logs and security related events) obliged to do so at
regular intervals and does it have sufficient availability?
E2
08E02-05
Has the expected reaction from the surveillance team been defined for each case of alert and is its availability level sufficient to
meet these expectations?
E3
08E02-06
Are the parameters defining the elements to record and the summaries effected on these elements strictly protected against
unauthorized change (limited rights and strong authentication)?
R1
08E02-07
Is any inhibition of the recording and processing system immediately signaled to the surveillance team?
R1
341702815.xls ! 08 Sop
E1
E1
2
E2
page 197
1 variant
R-V1 R-V2 R-V3 R-V4
Number
Question
08E02-08
Are the records and summary analyses kept for a long period?
E2
08E02-09
Are the procedures for recording, processing and analysis of the records and summaries as well as the availability of the analysis
and corrective team subject to regular audit?
C1
08E03
Max
Min
Typ
ISO 27002
08E03-01
Is there a hot-line charged with taking and recording calls and to log and escalate all incidents?
E1
08E03-02
E2
08E03-03
E2
08E03-04
Does this system centralize incidents detected both by operational personnel and by users?
08E03-05
E3
08E03-06
Does this system incorporate a categorization of incidents with statistics generation and dashboards destined for use by the
Information Security Officer?
E3
08E03-07
Is the incident management system strictly controlled with regard to unauthorized or inadvertent modification?
A strict control requires a reinforced protection in order to modify records and an audit trail of all modifications of records or
protection by electronic seal on all records modification.
08E03-08
Is each a major incident on systems or applications subject to a specific follow-up (nature and description, priority, technical
solution, progress analysis, expected resolution lead time etc.)?
E2
E1
10.1.3; 11.2.2
E2
R1
08F
08F01
08F01-01
Have profiles been defined, within IT operations staff, corresponding to each type of activity (system administration, administration
of security equipment, system monitoring, management of data storage and backup functions etc.)?
08F01-02
For each profile have the necessary rights and privileges been defined?
E1
10.1.3
08F01-03
Does the process of attributing special rights require the formal authorization of management (or the manager responsible for
external service providers) at a sufficiently high level?
E2
10.1.3
08F01-04
Is the process of attributing special rights allocated only in relation to the profile of the holder?
E2
10.1.3
08F01-05
Is the process of granting (modification or revocation) of special rights to an individual strictly controlled?
A strict control requires a formal recognition of the signature (electronic or not) of the requestor, that there be a tight control of
access in order to attribute or modify such rights and that any modification of special rights be logged and audited.
R1
11.2.2
08F01-06
Is there a systematic process of removal of special rights at the time of departure or role change of IT operations staff?
E2
11.2.4
08F01-07
Is there a regular audit, at least once a year, of all special rights attributed ?
C1
11.2.4
08F02
08F02-01
Is the authentication protocol used for administrators or holders of special rights considered to be secure?
An authentication protocol is considered secure if it is not susceptible to being broken by a listening device on the network or
rendered inoperable by specialists tools (in particular password crack tools ). Such security usually uses cryptographic methods.
08F02-02
Are the rules, for instance in the case of passwords, considered to be very strict?
Strict rules impose the use of tested non-trivial passwords, using a mixture of different types of characters and of a reasonable
length (ten characters). It is desirable that these rules have been approved by the Information Security Officer
E2
08F02-03
Is there a consistent control of the administrator's rights, of its context, and of the suitability of this context with the requested
access, as per formal rules of access control?
E2
341702815.xls ! 08 Sop
E2
page 198
1 variant
R-V1 R-V2 R-V3 R-V4
Number
Question
Max
08F02-04
R1
08F02-05
R1
08F02-06
C1
08F02-07
Is there a regular audit of the procedures of granting privileged rights and the security parameters attached to protecting profiles
and rights?
C1
08F03
Typ
ISO 27002
11.2.4
08F03-01
Has a detailed analysis been carried out of the events and operations carried out with administrative rights which may potentially
have an impact on system security (configuration of security systems, access to sensitive information, usage of sensitive tools,
download or modification of administrative tools etc.)?
08F03-02
Are these events recorded as well as all parameters which may be useful for their subsequent analysis?
08F03-03
Is there a system able to detect any modification or deletion of a past record and to immediately trigger an alarm to a manager?
08F03-04
08F03-05
Is there a system enabling the detection of any modification of recording parameters and to immediately trigger an alarm to a
manager?
08F03-06
Does any inhibition of the recording and processing of the logged events system trigger an alarm to a manager?
08F03-07
Are all records or summary analyses protected against any falsification or destruction?
08F03-08
08F03-09
08G
Min
E2
10.10.4; 10.6.1
E2
10.10.4; 10.6.1
E3
10.10.4
E3
10.10.4
E3
10.10.4
E3
10.10.4
E2
10.10.4
E2
10.10.4
Are the procedures, which record and process privileged operations, regularly audited?
C1
10.10.4
2
3
2
08G01
08G01-01
Have requirements and enforced procedures for the audit of IT systems been enacted by Management?
E2
15.3.1
08G01-02
Are the rules related to Information System audits, relevant procedures and associated responsibilities defined and documented?
The restrictions concern the type of access to data and applications, the authorized controls and processing, the deletion of
sensitive data obtained, the flagging of certain operations, ... and the empowerment of the individuals conducting the audits.
E2
15.3.1
08G01-03
E2
15.3.1
08G01-04
E3
15.3.1
08G02
08G02-01
Are the audit tools protected to avoid any unauthorized or malevolent use?
This applies particularly to intrusion testing and vulnerability assessments.
E2
15.3.2
08G02-02
E2
15.3.2
08G02-03
E2
15.3.2
341702815.xls ! 08 Sop
page 199
08H
1 variant
R-V1 R-V2 R-V3 R-V4
Question
Max
Min
Typ
ISO 27002
08H01
08H01-01
Is there an organization in charge of archiving IT files that require to be kept over a long period?
E2
08H01-02
Is there a procedure forcing users to use this archiving service for all the files that require to be kept over a long period?
E2
08H01-03
Has a list of conditions been established and updated by each owner of data requiring to be archived concerning the archiving
rules?
08H01-04
Are the requirements for external (legal and regulatory) and internal archiving defined and tackled by the entity owning the data
and accepted by the top management at the highest level?
The consequences (legal, financial, image) of non compliance (partial or total) of the archiving requirements must be endorsed by
the board of managers.
08H01-05
Are service agreements negotiated with the IT department, considered as agents only for the data?
Each agreement must state the requirements: content of the archives, retention duration, durability, capacity to trace, imputability,
non disclosure, procedures and delay for disposal, administrative constraints, etc.
A clear separation must be stated between the content of the archives, under responsibility of the owner of data, and the container
(media, disks, tapes, cartridges) under the responsibility of the IT department.
08H01-06
Are the resources necessary for archiving the data known and financed over the longer term?
08H01-07
08H01-08
Are the possible modifications resulting from technological or regulatory evolutions, that may modify the content or the containers
of the archives, taken into account, documented and accepted by the management?
These evolutions cannot be avoided on the long term and all the external regulations must be respected in order to guarantee the
conformity of the data to the original ones.
08H01-09
Is the existence of the hardware and software tools for the processing of the archives regularly controlled?
08H01-10
Is there a regular control of the procedures stated for the archiving and any deviation related to the data owners?
The controls must also look for eliminating the possibilities of fraud involving the persons in charge of the operations as well as
those who may have an access to the contents or the containers.
08H01-11
Are all the procedures concerning the archiving policy audited regularly?
08H02
E1
E1
13.2.3; 15.1.3
E2
15.1.3
E2
15.1.3
C1
2
E2
C1
C1
08H02-01
Have the requirements and procedures to be followed to access the archives been specified by management?
E2
08H02-02
E2
08H02-03
Are requests for extracts from the archives accepted only from the designated owner?
08H02-04
08H02-05
08H02-06
Given that users do not have access to the archives, does the archival department always keep the original version?
08H02-07
4
4
4
4
4
4
2
2
3
3
3
08H02-08
08H02-09
4
4
3
3
08H02-10
Are the conditions of access to the archives and the associated security systems audited regularly
08H03
15.3.1
E2
E2
E3
E3
E3
E3
E3
C1
341702815.xls ! 08 Sop
page 200
1 variant
R-V1 R-V2 R-V3 R-V4
Question
Max
08H03-01
Are the archive storage locations equipped with suitable fire detection and extinction systems and water leakage detection and
evacuation?
08H03-02
Are the archive storage locations equipped with an access control system backed up with intruder detectors?
08H03-03
Are the archive storage locations under video surveillance when not occupied?
E2
08H03-04
E2
08H03-05
08H03-06
Are the index tables used to associate content to an archive media number inaccessible to the staff managing the archive media?
08H03-07
E2
08H03-08
Does stopping or interrupting the safety systems (fire, water, access control, intrusion detection) cause an alarm at a monitoring
center for rapid intervention?
R1
08H03-09
Are the storage conditions for archives and the associated safety systems audited regularly?
C1
341702815.xls ! 08 Sop
Min
Typ
ISO 27002
E2
E2
E2
E2
page 201
Comments
341702815.xls ! 08 Sop
page 202
Comments
341702815.xls ! 08 Sop
page 203
Comments
341702815.xls ! 08 Sop
page 204
Comments
341702815.xls ! 08 Sop
page 205
Comments
341702815.xls ! 08 Sop
page 206
Comments
341702815.xls ! 08 Sop
page 207
Comments
341702815.xls ! 08 Sop
page 208
Comments
341702815.xls ! 08 Sop
page 209
Comments
341702815.xls ! 08 Sop
page 210
Comments
341702815.xls ! 08 Sop
page 211
Comments
341702815.xls ! 08 Sop
page 212
Comments
341702815.xls ! 08 Sop
page 213
Comments
341702815.xls ! 08 Sop
page 214
Comments
341702815.xls ! 08 Sop
page 215
Comments
341702815.xls ! 08 Sop
page 216
Comments
341702815.xls ! 08 Sop
page 217
341702815.xls ! 08 Sop
page 218
341702815.xls ! 08 Sop
page 219
341702815.xls ! 08 Sop
page 220
341702815.xls ! 08 Sop
page 221
341702815.xls ! 08 Sop
page 222
341702815.xls ! 08 Sop
page 223
341702815.xls ! 08 Sop
page 224
341702815.xls ! 08 Sop
page 225
341702815.xls ! 08 Sop
page 226
341702815.xls ! 08 Sop
page 227
341702815.xls ! 08 Sop
page 228
341702815.xls ! 08 Sop
page 229
341702815.xls ! 08 Sop
page 230
341702815.xls ! 08 Sop
page 231
341702815.xls ! 08 Sop
page 232
341702815.xls ! 08 Sop
page 233
09A
1 variant
R-V1 R-V2 R-V3 R-V4
Question
Max
Min
Typ
ISO 27002
09A01
09A01-01
Has a management policy for access rights to data and information been established, built from an analysis of the security
requirements based on the business stakes?
09A01-02
Is access to applications and associated data defined in terms of job profiles which regroup roles or functions within the
organization (a profile defines access rights available to holders of the profile)?
Note: in certain circumstances the notion of "profile" may be replaced by the notion of "group".
09A01-03
Is it possible to adjust the access rights (that establish rights attributed to a given profile), variable parameters based on the
connection context such as the origin of the request or network paths used, or depending on protection means used (protocol,
encryption, etc) and on the classification of the resources accessed?
E2
09A01-04
Do the access profiles also allow definition of working time limits and periods in the working calendar (daily hours, weekends,
holidays etc.)?
E3
09A01-05
Have these profiles and the access rights attributed to the different profiles been approved by the information owners and/or the
Information Security Officer?
E2
09A01-06
Are the processes of definition and management of rights attributed to profiles under strict control?
A strict control requires that the list of people allowed to change rights attributed to profiles be strictly limited and that the
implementation of these rights (e.g. into tables) be strictly secure and that there exist a reinforced access control for any
modification of these rights and that any modification be logged and audited.
R1
09A01-07
Is it possible to review at any time the list of profiles and the rights attributed to each profile?
C1
09A01-08
Is there a regular audit, at least once a year, of the totality of rights attributed to each profile and the profile management
procedures?
C1
11.2.4
E1
11.6.1
E1
11.6.1
E2
11.2.2
09A02
E1
11.1.1
E1
11.2.2; 11.6.1
11.5.6
09A02-01
Does the procedure of granting access authorization to applications require the formal authorization of line management (at a
sufficiently senior level)?
09A02-02
Are authorizations granted to named individuals and only as a function of their profile?
09A02-03
Is the procedure for granting (or modification or revocation) of access rights (directly or via a profile) strictly controlled?
A strict control requires a formal recognition of the signature (electronic or otherwise) of the requestor, that the implementation of
the profile attributed to users in the form of tables is highly secure and that there be a reinforced access control over the
modification of such records and that any modification of records be logged and audited.
09A02-04
Is there a systematic process of updating the table of access rights at the time of departure of personnel (internal or external
personnel)?
E2
11.2.4
09A02-05
Is there a systematic process of updating the table of access rights at the time of change of function?
E3
11.2.4
09A02-06
Is there a strictly controlled process (see below) which allows rights to be delegated, in part or in whole, to a person of choice for a
determined period (in case of absence )?
In this case, the delegated rights must no longer be available to the person who has delegated them during this time. The latter
however, must have the possibility of taking them back, by which process he or she effectively ends the delegation.
E3
09A02-07
Is it possible to control at any time, for all users, the rights, authorizations and privileges in force?
09A02-08
Is there a regular audit, at least once a year, of the profiles and authorizations granted to all personnel and the procedures for
management of attributed profiles?
09A03
C1
2
C1
11.2.4
341702815.xls ! 09 App
page 234
1 variant
R-V1 R-V2 R-V3 R-V4
Quest. Nr
Question
Max
09A03-01
Does the process of distribution or modification of the user credentials guarantee that only the holder of the identifier has access
(initial communication is confidential, password change is under the exclusive control of the user, etc.)?
E1
11.5.3
09A03-02
Does the process of creation or modification of a user credentials respect a set of rules which ensures its intrinsic validity?
In the case of passwords: sufficient length (8 characters or more), obligatory mixture of types of characters, frequent change (less
than once a month), impossibility of reusing an old password, non-trivial word test using a dictionary, banning of "standard
systems", first names, anagrams of username, dates etc.
In the case of certificates or use made of cryptographic mechanisms for authentication: a generation process evaluated or publicly
recognized, encryption keys of a sufficient length etc.
E2
11.2.3; 11.5.3
09A03-03
Does the presentation of his credentials by the user guarantee their inviolability?
Typing a password will always be a weak point. The only processes whose observation does not divulge information consist either
of introducing an object containing a secret (smart card), or using a code which changes at every moment (token card) or using a
means of which contains some biometric characteristic.
E3
11.5.3
09A03-04
Is there a guarantee that the credentials, used for authentication, will remain inviolable and authentic while kept or presented by
the user or by the user agent?
Passwords must be stored encrypted and a preliminary access control must be made before usage.
In the case of authentication using cryptographic processing, the mechanism must provide solid guarantees validated by a
reference organization.
E2
11.5.3
09A03-05
Is there a guarantee that the credentials, used for authentication, will remain inviolable and authentic while transmitted between the
user and the target systems?
Transmission of a password must be encrypted or use an algorithm which introduces a variable at each transmission.
In the case of authentication using cryptographic processing, the mechanism must provide solid guarantees validated by a
reference organization.
E3
11.5.3
09A03-06
In the case of multiple incorrect authentication attempts, is there a process which automatically invalidates the user identifier, even
the user workstation itself, or a slowing of the authentication process (aimed at preventing connection from an automatic routine)?
E2
11.5.3
09A03-07
Does the procedure for the replacement of lost or mislaid user authentication means (password, token card) allow for the instant
deactivation of the user account?
E2
11.5.3
09A03-08
Does the procedure for the replacement of lost or mislaid user authentication means (password, token card) allow for an effective
control of the requestor's identity?
E3
11.5.3
09A03-09
R1
09A03-10
C1
E1
09A04
09A04-01
Min
Typ
ISO 27002
341702815.xls ! 09 App
11.5.2; 11.6.1
page 235
1 variant
R-V1 R-V2 R-V3 R-V4
Quest. Nr
Question
Max
09A04-02
Is there a direct or indirect correspondence between any identifier and a real physical person?
In the case where an application calls another one or calls a system, it may be that the application does not transfer to the target
system the identifier which originally made the request. However, the link between that call and the original user identifier must
remain traceable after the fact.
E1
11.5.2; 11.6.1
09A04-03
Have all generic or by-default accounts and passwords been changed or deleted?
E2
11.5.2
09A04-04
Is the acceptance of the account identified by the system systematically followed by authentication control?
Systematic authentication requires that the process be implemented for all subsystems (remote processing monitor, database
management system, batch processes, etc. ), for all application requests, for all access routes and for all ports, including ports
reserved for remote maintenance.
E2
11.5.2
09A04-05
May the authentication process be repeated during an open session for transactions considered to be sensitive?
E3
11.5.6
09A04-06
Is there an automatic invalidation of the user identifier in the absence of traffic after a defined delay, which requires user reidentification and re-authentication?
E3
11.5.5
09A04-07
Are there application access controls which limit the view and access to very sensitive information?
E3
11.6.1
09A04-08
Is there a systematic control of the profile and connection context of the requestor and of their appropriateness for the access
requested?
R1
09A04-09
Is the process of definition and management of access filtering rules under strict control?
A strict control requires that the list of persons able to change the filtering security parameters be extremely limited, and that there
be a reinforced access control in order to be able to effect such modification and that any modification be logged an audited.
C1
09A04-10
Are the processes that guarantee access filtering under strict control?
A strict control requires that the software used has been validated and undergoes a regular test for integrity (seal) and that there be
an audit at least once a year of access control procedures and processes (including the processes which aim to detect change
attempts and the processes which respond to these change attempts).
R2
09A05
Min
Typ
ISO 27002
09A05-01
Is there a possibility to declare applications as sensitive and, as such, requiring an authentication of the application accessed?
E2
09A05-02
Is there a mechanism of authentication of the application called before access to a sensitive application from the internal network?
E2
09A05-03
Does the authentication mechanism of the accessed sensitive applications provide a recognized "strong" level of security?
Notably the usage of a simple password will always be a weakness. The only methods recognized as "strong", that is observable
without divulging information, are those based on cryptographic algorithms.
E3
09A05-04
Do the security equipment that retain credentials (e.g. passwords, calling number, etc.) use mechanisms which guarantee their
impregnability and authenticity?
Passwords must be stored encrypted and a preliminary control of the user must be made before usage.
In the case of authentication using cryptographic procedures, the mechanism must provide solid guarantees validated by a
recognized organization.
E2
09A05-05
Does the transmission of credentials (e.g. passwords, calling address, etc.) between calling user equipment and authentication
systems use mechanisms which guarantee their impregnability and authenticity?
Transmission of a password must be encrypted or use an algorithm which introduces a variable at each transmission.
In the case of authentication using cryptographic procedures, the mechanism must provide solid guarantees validated by a
recognized organization.
E3
341702815.xls ! 09 App
page 236
1 variant
R-V1 R-V2 R-V3 R-V4
Quest. Nr
Question
Max
09A05-06
Does the revoked keys management procedure guarantee that the control systems take into consideration in real time any
revocation of keys?
E2
09A05-07
Does the revoked keys management procedure guarantee that the control systems systematically test that the keys used have not
been revoked?
E3
09A05-08
Are the processes that guarantee the authentication of the accessed entities under strict control?
A strict control requires that the software used has been validated and undergoes a regular test for integrity (seal) and that there is
an audit at least once a year of the authentication procedures and processes.
R1
09B
Min
Typ
ISO 27002
09B01
09B01-01
Have integrity sensitive files been identified which must be protected by sealing solutions and have such solutions been
implemented at the application level?
09B01-02
E3
09B01-03
Does the sealing solution offer valid and solid guarantees and has it been approved by the Information Security Officer?
The sufficient length of the key is one of the parameters to take into consideration. The recommendation of an official organization
can be a confidence factor.
E3
09B01-04
Do the procedures and mechanisms for storage, distribution and exchange of keys and more generally the management of keys
offer a sufficient level of confidence and have they been approved by the Information Security Officer?
R1
09B01-05
09B01-06
Is shutdown or by-pass of the sealing solution immediately detected and signaled to a team available 24 hrs a day and capable of
triggering an immediate reaction?
09B01-07
Is there a procedure detailing the actions to carry out in the case of error or alert?
09B01-08
Are sealing mechanisms, their parameters and associated procedures subject to regular audit?
09B02
E2
R2
R2
2
R2
C1
09B02-01
Have all data exchanges which must be protected by sealing solutions been defined and have such solutions been implemented at
the application level?
09B02-02
09B02-03
Does the sealing solution offer valid and solid guarantees and has it been approved by the Information Security Officer?
The sufficient length of the key is one of the parameters to take into consideration (as a function of the algorithm). The
recommendation of an official organization can be a confidence factor.
09B02-04
Do the procedures and mechanisms for storage, distribution and exchange of keys and more generally the management of keys
offer a sufficient level of confidence and have they been approved by the Information Security Officer?
09B02-05
09B02-06
E2
12.2.3
E3
12.2.3
E2
12.2.3
R1
Is shutdown or by-pass of the sealing solution immediately detected and signaled to a team available 24 hrs a day or by direct call
and capable of triggering an immediate reaction?
341702815.xls ! 09 App
R2
R2
page 237
1 variant
R-V1 R-V2 R-V3 R-V4
Quest. Nr
Question
09B02-07
Is there a procedure detailing the actions to carry out in the case of error or alert?
09B02-08
Are sealing mechanisms, their parameters and associated procedures subject to regular audit?
09B03
Max
3
Min
Typ
R2
ISO 27002
C1
09B03-01
Are sensitive data strictly controlled by the person entering them (auto-control)?
09B03-02
09B03-03
Are sensitive data subject to means allowing to ascribe their entry or modification to their author?
09B03-04
E1
12.2.1
E1
12.2.1
E3
12.2.1
Are there incentives for data entry without error (individual bonuses, departmental bonuses, penalties in the case of too many
errors etc.)?
E2
12.2.1
09B03-05
Is there an overall control of series of data items entered (sum, range, min, max, etc.)?
E2
12.2.1
09B03-06
Is data entry subject to coherence checks incorporated into the data entry process?
E2
12.2.1
09B03-07
Are these additional checks (range, coherence, etc.) strongly protected against any illicit alteration ?
R1
09B03-08
R1
09B03-09
09B04
C1
09B04-01
Has a review been carried out with users to determine suitable controls of the pertinence of data entered or modified (correction in
relation to data ranges, ratios between data entered independently, coherence checks, evolution and comparison with statistics)
and have the corresponding controls been implemented in applications?
E1
09B04-02
Have control parameters (values of data ranges, etc.) been stored in tables separate from the application and which may be easily
checked?
E2
09B04-03
Are the processes that guarantee these permanent controls under strict control themselves?
A strict control requires that the software used has been validated and undergoes a regular test for integrity (seal) and that there is
an audit at least once a year of the control procedures and processes.
R1
09B04-04
R1
09B04-05
When these controls exist, are they the integrated into an operational process for alert and processing of errors?
E2
09B05
12.2.1; 12.2.4
09B05-01
Have the checks that should be made to verify consistency of the data after processing by the application been analyzed with the
users (test variables, ratios, evolution and comparison before and after processing, etc.), and have the corresponding checks been
implemented in the applications?
E1
09B05-02
Are the parameters for these checks recorded in tables separated from the application code and easily verifiable?
E2
09B05-03
Are the processes insuring continuous checking of the data processing under strict control?
Strict control requires that the corresponding software is validated and is subject to a regular integrity check (sealing) and that
there is an audit at least once a year of the control process and procedures (including procedures for detecting attempts at
modification and for reacting to these attempts).
R1
09B05-04
R1
09B05-05
Are the checks that exist integrated into an operational procedure that signals and handles any errors?
09C
12.2.1
12.2.1; 12.2.4
E2
341702815.xls ! 09 App
page 238
1 variant
R-V1 R-V2 R-V3 R-V4
Question
Max
Min
Typ
09C01-01
Have the messages which must be protected by encryption solutions been defined and such solutions been implemented at the
application level?
09C01-02
Does the encryption solution offer valid and solid guarantees and has it been approved by the Information Security Officer?
The sufficient length of the key is one of among many parameters to take into consideration (as a function of the algorithm). The
recommendation of an official organization can be a confidence factor.
E2
09C01-03
Does the procedure and mechanisms of storage, distribution and exchange of keys and more generally the management of the
keys offer solid guarantees which merit confidence and are they approved by the Information Security Officer?
E2
09C01-04
09C01-05
Is shutdown or by-pass of the encryption solution immediately detected and signaled to a team available 24 hrs a day or by direct
call and capable of triggering an immediate reaction?
R1
09C01-06
Are encryption mechanisms, their parameters and associated procedures subject to regular audit?
C1
09C02
E1
12.3.2
09C02-02
Is this encryption systematically applied (as a function of information classification ) and/or automatic (as a function of storage
media) each time data is written to the storage media or each time the application session closes?
E2
09C02-03
Is this encryption systematically applied each time files are transferred or remotely-loaded by the relevant applications?
E2
09C02-04
Does the encryption solution offer valid and solid guarantees and has it been approved by the Information Security Officer?
The sufficient length of the key is one of among many parameters to take into consideration (as a function of the algorithm). The
recommendation of an official organization can be a confidence factor.
E2
09C02-05
Do the procedures and mechanisms for storage, distribution and, more generally, management of keys offer a sufficient level of
confidence and have they been approved by the Information Security Officer?
The possibility of having to recover these data on another hardware system or another version of the operating system needs to be
anticipated.
E2
09C02-06
09C02-07
Is shutdown or by-pass of the encryption solution immediately detected and signaled to a team available 24 hrs a day or by direct
call and capable of triggering an immediate reaction?
R1
09C02-08
Are encryption mechanisms for stored data, their parameters and associated procedures (in particular the management and
protection of keys) subject to regular audit?
C1
09C03
12.3.1
R2
09C02-01
09C03-01
ISO 27002
E1
12.3.1
12.3.2
E3
341702815.xls ! 09 App
E2
page 239
1 variant
R-V1 R-V2 R-V3 R-V4
Quest. Nr
Question
09C03-02
Are radiation levels regularly controlled for equipment hosting these sensitive applications?
09D
Max
Min
Typ
ISO 27002
E3
Data availability
09D01
09D01-01
Are specific procedures applied to verify that all data recorded can be reread?
09D01-02
Are there procedures or an architecture of a very high security level which records all data with redundancy (RAID disks, mirroring,
etc.)?
09D01-03
Do these very high security procedures enable the reconstitution of data in the case of an error or readability issue for a few
sectors?
E3
09D01-04
Have scenarios been defined for which very high security recording is to be used and has the physical protection of storage media
been tested to ensure that it is suited to meet the requirements of these scenarios?
E2
09D02
E2
3
E2
09D02-01
Is the list of data file formats that must be readable verified and maintained?
E1
09D02-02
Are the hardware and software required for reading all these types of data files available or easily made available?
E1
09D02-03
Do the procedures for allocating and customizing the mechanisms for encryption and protection of files guarantee that the files can
be accessed, even in the event of the absence or departure of the file owners?
E2
09D02-04
Are the means of recovering access keys or encryption keys protected against accidental or malicious loss?
E2
09D02-05
Are there regular audits of these means and procedures to guarantee permanent access to the data files?
E2
09E
Service continuity
09E01
Hardware reconfiguration
09E01-01
Has a fail-safe architecture been established, including redundancy and system mirroring for critical equipment or servers?
E2
09E01-02
Does the implementation of this architecture guarantee the minimum performance levels required in the case of incident or failure?
Such a guarantee supposes either that failsafe systems features are entirely automatic or that systems will detect failures and staff
will have the specifications and capability to manually reconfigure failed systems.
E2
09E01-03
Is there some assurance in this case that ancillary equipment (power supply, air-conditioning, etc. ) do not introduce any additional
risk and do not ruin the redundancy expected from the equipment or network architecture?
E3
09E01-04
Does the shutdown or invalidation of any redundant equipment or failure dtection system (requiring human intervention) trigger an
alarm to an operational manager?
R1
09E01-05
Are regular tests made to demonstrate that security equipment is able to guarantee minimum performance levels required in the
case of an incident or failure?
09E02
14.1.4
C1
09E02-01
Have application service continuity plans been established for each business application, based on its criticality classification
level?
09E02-02
Are these continuity plans compatible with the Disaster Recovery Plans for the hardware and systems used by the process or
application?
09E02-03
Do these continuity plans detail all the actions necessary to ensure service continuity between the time of an alert and the effective
implementation of solutions prescribed by the Disaster Recovery Plans?
09E02-04
Do these plans treat all the organizational aspects related to a manual emergency solution (personnel, logistic, management etc.)?
341702815.xls ! 09 App
E1
14.1.3
E1
14.1.3
E2
14.1.3
E2
14.1.3
page 240
1 variant
R-V1 R-V2 R-V3 R-V4
Quest. Nr
Question
09E02-05
Have the appropriate instructions and training been given to staff in order to deal with a "manual" emergency solution?
09E02-06
Have the application service continuity plans anticipated all the procedures required for a return to normal service?
09E02-07
Is there a plan which regroups all emergency solutions designed to overcome critical process and application shutdowns?
09E02-08
Is the crisis plan initiation compliant with the above application service continuity plan?
09E02-09
Are these plans regularly tested under full scale conditions (with operational data volumes) and updated at least once a year?
C1
09E02-10
Are the updates of these plans regularly audited (at least once a year)?
C1
09E03
Max
Min
Typ
14.1.3
E2
14.1.3
E2
14.1.3
E2
14.1.5
09E03-01
Have the consequences of the disappearance of an application or package editor been analyzed (in the case of failure of a bug or
the need for evolution) and has a list of critical applications been deduced?
E2
09E03-02
For each critical application, is there a corrective solution to cope with the failure or disappearance of a supplier (consignment of
maintenance documentation and source code with a trusted third party, replacement of equipment or of software by standard
package etc.)?
E2
09E03-03
Is it certain that this corrective solution could be made operational to enable company activity to restart within a time delay
sufficiently short to be acceptable to users?
E2
09E03-04
Have variants to the primary solution been considered in case the latter might encounter unforeseen difficulties?
E3
09E03-05
C1
09F
ISO 27002
E2
09F01
09F01-01
Have sensitive transactions been identified which must be protected by electronic signature solutions implemented at the
application level?
09F01-02
E2
09F01-03
Does the electronic signature solution offer valid and solid guarantees and has it been approved by the Information Security
Officer?
The sufficient length of the key is one of among many parameters to take into consideration (as a function of the algorithm). The
recommendation of an official organization can be a confidence factor.
E2
09F01-04
Do the procedure and mechanisms of storage, distribution and exchange of keys and more generally the management of the keys
offer solid guarantees which merit confidence and are they approved by the Information Security Officer?
E2
09F01-05
Are the electronic signature mechanisms strictly protected against violation or change?
In the case of hardware solution or appliance, it should be physical protected against access to the signature mechanisms. If a
software solution is used, it must itself contain an integrity control.
09F01-06
Is shutdown or by-pass of the signature solution immediately detected and signaled to a team available 24 hrs a day or by direct
call and capable of triggering an immediate reaction?
09F01-07
Is there a procedure which details the operations to carry out in the case of error or alert?
09F01-08
Are electronic signature mechanisms, their parameters and associated procedures subject to regular audit?
09F02
E2
12.3.2
R2
R1
2
12.3.1
R1
C1
09F02-01
Have sensitive transactions been identified which must be protected by sequencing control solutions implemented at the
application level (or at the network level)?
09F02-02
Is the coherence of the numbers and sequences controlled automatically by the application or by the middleware used?
341702815.xls ! 09 App
E2
2
E2
page 241
1 variant
R-V1 R-V2 R-V3 R-V4
Quest. Nr
Question
Max
09F02-03
Does the numbering and sequencing solution offer valid and solid guarantees and has it been approved by the Information
Security Officer?
The recommendation of an official organization can be a confidence factor.
09F02-04
Are the numbering and numbering control mechanisms strictly protected against violation or change?
In the case of hardware solution or appliance, it should be physical protected against access to the sequencing mechanisms. If a
software solution is used, it must itself contain an integrity control.
09F02-05
Is shutdown or by-pass of the numbering system immediately detected and signaled to a team available 24 hrs a day or by direct
call and capable of triggering an immediate reaction?
09F02-06
Is there a procedure which details the operations to carry out in the case of error or alert?
09F02-07
Are numbering mechanisms, their parameters and associated control procedures subject to regular audit?
09F03
Min
Typ
ISO 27002
E2
R2
R1
2
R1
C1
Acknowledgements of receipt
09F03-01
Is there a procedure which requires an acknowledgement of receipt to be sent for all sensitive messages?
Note: in certain cases, checks may be based on the signature.
09F03-02
Is an alert triggered when an acknowledgement of receipt is not sent (or received) for sensitive messages?
E2
09F03-03
Is the acknowledgement of receipt emitted only after the message has been effectively considered by the target application?
No acknowledgement should be sent for a message still waiting for treatment
E3
09F03-04
R1
09F03-05
Is there a procedure which details the operations to carry out in the case of error or alert?
R1
09F03-06
C1
E1
09G
09G01
09G01-01
Have events or successions of events been analyzed which might reveal abnormal behavior or illicit action and, as a consequence,
have specific monitoring points been identified?
09G01-02
Are features, detecting and recording sensitive events, installed in applications (with type of event, user identifier, date and time,
etc.)?
E2
09G01-03
Is there an audit trail within certain sensitive processes which records the events which would enable later diagnosis of
anomalies?
E3
09G01-04
Are sensitive applications provided with an automatic monitoring function dealing in real time with large numbers of abnormal
events (for example many unsuccessful connection attempts on user workstations or unsuccessful attempts to use sensitive
transactions)?
E3
09G01-05
09G01-06
Are there one or more applications capable of analyzing the individual anomaly diagnostic data and triggering an alert to
operational personnel?
09G01-07
Does the anomaly diagnostic system trigger an alarm in real time to a permanent surveillance team able or by direct call and able
to react without delay?
09G01-08
For each case of alert has the expected response from the intervention team been defined and is the availability of the intervention
team sufficient to face this expectation?
E3
09G01-09
Are the parameters defining the elements to record and the diagnostic analyses effected on these elements strictly protected
(restricted access rights and strict authentication ) against illicit modification?
R2
09G01-10
Does the stopping of the recording and record processing system trigger an alarm with the surveillance team?
R1
341702815.xls ! 09 App
E2
E2
2
E3
3
E3
page 242
1 variant
R-V1 R-V2 R-V3 R-V4
Quest. Nr
Question
09G01-11
Are the procedures for recording, processing and diagnostic analysis and the availability of the intervention team regularly audited?
09H
09H01
Max
Min
Typ
C1
ISO 27002
E-commerce
Security of the e-commerce Sites
09H01-01
Have the security requirements specific to e-commerce been analyzed and thus defined the necessary protections?
E2
10.9.1
09H01-02
Have the security requirements specific to on-line trades been analyzed and thus defined the necessary protections?
E2
10.9.2
09H01-03
Have the security requirements specific to making information available to the public been analyzed and thus defined the
necessary protections?
E2
10.9.3
341702815.xls ! 09 App
page 243
Comments
341702815.xls ! 09 App
page 244
Comments
341702815.xls ! 09 App
page 245
Comments
341702815.xls ! 09 App
page 246
Comments
341702815.xls ! 09 App
page 247
Comments
341702815.xls ! 09 App
page 248
Comments
341702815.xls ! 09 App
page 249
Comments
341702815.xls ! 09 App
page 250
Comments
341702815.xls ! 09 App
page 251
Comments
341702815.xls ! 09 App
page 252
Comments
341702815.xls ! 09 App
page 253
341702815.xls ! 09 App
page 254
341702815.xls ! 09 App
page 255
341702815.xls ! 09 App
page 256
341702815.xls ! 09 App
page 257
341702815.xls ! 09 App
page 258
341702815.xls ! 09 App
page 259
341702815.xls ! 09 App
page 260
341702815.xls ! 09 App
page 261
341702815.xls ! 09 App
page 262
341702815.xls ! 09 App
page 263
1 variant
R-V1 R-V2 R-V3 R-V4
Question
Max
Min
Type
ISO 27002
Domain 10 of MEHARI represents a particular point of view that can be summarized as follows: the challenge of security in application
development and maintenance is to protect against the introduction of weaknesses. Quality insurance for the developments, which aims to ensure
that needs are well specified, developments are effected in conformity to a recognized method, that specifications are properly applied and that the
application functions correctly, etc. is not considered within this security domain.
10A
10A01
10A01-01
Is there a systematic analysis, from the start of project specification, of the dysfunctions which could be induced by the application
or applications following the project or during one of the components of the project?
Notes : A project may consist simply of the installation of a software package or of a full internal development.
Possible dysfunctions must be analyzed on two levels: at the level of company activity and its operational processes (do new or
deleted functions represent an additional risk?) and at the IT architecture level (do new or changed infrastructure, operating
system, middleware, applications, data represent additional risk?).
E1
12.1.1
10A01-02
Is an analysis carried out with user managers of the level of impact and probability of possible dysfunction taking into consideration
the security measures already in place and the additional or specific measures envisaged in the specifications of the project?
E2
12.1.1
10A01-03
Are there project reviews during which these risks are presented, decisions are taken about their acceptability or not and about
any additional security measures needed?
E1
12.1.1
10A01-04
Has the possibility of information leaks through hidden canals been considered within risk studies and have adapted controls been
implemented?
E3
12.5.4
10A01-05
Is the implementation of security measures, specific to the project, formally tracked during the project lifecycle?
The tracking may consist of an obligatory review point at each project phase, followed up by documentation detailing the choice of
solutions and the status of their implementation.
C1
10A01-06
Is there a support group, specialized in project risk analysis, assisting the management of the project with the risk analysis
process?
E2
10A01-07
Is the Information Security Office implicated, directly or indirectly, in security related decisions in the projects? 10A08 has been
deleted
E2
10A02
Change management
10A02-01
Are all change requests for an application subject to a formal review procedure (requestor, rationale, decision process)?
E2
12.5.1
10A02-02
R2
12.5.1
10A02-03
E2
12.5.1
10A02-04
E2
10A02-05
When changes are made to the operating systems, is there a review and test of their impact on the applications?
E2
12.5.2
10A02-06
Does the change management procedure impose non regression tests to be run?
Non regression tests check that the modifications do not change the characteristics nor the performances of the other functions of
the application.
E2
12.5.2
10A02-07
Is the impact on the continuity plans of the changes introduced into the applications taken into account?
E2
12.5.2; 14.1.5
E2
12.5.5
10A03
10A03-01
When the software development is subcontracted, have the issues regarding license agreement and intellectual property of the
code developed been handled?
10A03-02
Were requirements regarding the quality and the security level of the code formally integrated in the contracts?
E2
12.5.5
10A03-03
Have access rights allowing to audit the quality of the work effected by subcontractors been agreed upon?
E2
12.5.5
341702815.xls ! 10 Dev
page 264
1 variant
R-V1 R-V2 R-V3 R-V4
Number
Question
10A03-04
Have pre-installation tests of new applications been anticipated in order to detect eventual malevolent code?
10A03-05
Have security measures regarding code custody, including all accompanying documents, been taken in case of default by a third
party?
10A04
Max
2
Does application maintenance have at its disposal a technical software support center which guarantees rapid, competent
assistance in case of difficulty or bug?
10A04-02
Is there a special service agreement for all in-house software requiring high availability and for which standard maintenance would
not be provided within acceptable delays?
Does this special service agreement anticipate the conditions of escalation in the case of intervention difficulty and the possibilities
and conditions for calling in the most qualified specialists?
ISO 27002
E2
12.5.5
E2
12.5.5
E1
E2
E2
10A04-04
Is there a guarantee that the competence and availability of the maintenance staff enable them to respond in a satisfactory manner
to the maintenance requests of users ?
This agreement should consider weekend and holiday periods as well.
10A04-05
10A05
Type
10A04-01
10A04-03
Min
E2
C1
10A05-01
E2
12.5.3
10A05-02
E2
12.5.3
10A05-03
Specifically, has the editor's consent to proceed with said changes been obtained?
E2
12.5.3
10A05-04
Have the consequences of those changes on the maintenance provided by the editor been examined?
E2
12.5.3
10B
10B01
10B01-01
Do application development procedures impose a strict separation between detailed specification, design, unit test and integration,
with the attribution of specific profiles to the various members of the development team specific to the task involved?
10B01-02
Is the attribution of profiles and tasks to application development personnel done on an individual and nominative basis?
10B01-03
E2
10B01-04
Are the application development, test and integration environments strictly separated?
E1
10B01-05
Have strict and separated access rights been defined for these environments, based on profile and project?
A strict access control supposes that it is necessary to get the right profile in order to access to a given environment
E2
10B01-06
Is the authentication protocol for development personnel holding privileged rights considered as strong?
An authentication protocol is considered secure if it is not susceptible to being broken by a listening device on the network or
rendered inoperable by specialists tools (in particular password crack tools ). Such security usually uses cryptographic methods.
10B01-07
In the particular case of passwords, can the imposed rules be considered as very strict?
Very strict rules impose the use of tested non-trivial passwords, using a mixture of different types of characters and of a reasonable
length (ten characters or more). It is desirable that these rules have been approved by the Information Security Officer.
10B01-08
Do application development procedures require that a person never have sole responsibility for a task?
10B01-09
Do application development procedures require that, for sensitive functions, a verification of code is made by an independent
team?
341702815.xls ! 10 Dev
E1
E2
12.4.1
E3
E2
R1
3
R2
page 265
1 variant
R-V1 R-V2 R-V3 R-V4
Number
Question
10B01-10
Do application development procedures require a formal validation, by users, of the coverage of functional tests?
10B01-11
Do application development procedures require that the security function provide a formal validation of the coverage of tests
related to security functions or mechanisms?
10B01-12
In the case of software packages or developments conferred on IT service companies are the above conditions contractually
imposed on the editor, partner or subcontractor?
E1
10B01-13
Are the management control parameters of rights attributed to development personnel under strict control?
A strict control requires that the list of people able to change per project rights attributed to development staff, the access control
parameters to development environments and objects be strictly limited and that there be a reinforced access control in order to be
able to modify these rights and that any modification of these rights be logged and audited.
C2
10B01-14
Are the organization of tasks within development teams and the application of clear segregation and control rules regularly
audited?
C1
10B02
Max
Min
Type
E3
10B02-01
Do the development procedures impose an analysis of the confidentiality of applications developed and a classification of objects
implemented in the course of developments (documentation, source code, executable code, study notes, etc.)?
E1
10B02-02
In the case of development of a confidential application, are their special procedures for management of documentation?
E1
10B02-03
In the case of development of a confidential application, are profiles put in place which enable the distribution of confidential
information to be limited only to people who have a real need?
E1
10B02-04
Are source code, executable code and documentation protected by a strict access control procedure which details, as a function of
development phase, the authorized profiles having access to these objects as well as the storage conditions and corresponding
access control rules?
An access control procedure using strict access conditions should guarantee that all code or documentation modification is made
by an authorized person under authorized conditions.
E2
10B02-05
Are the control parameters related to the management of rights attributed to development personnel under strict control?
A strict control requires that the list of people able to change rights attributed to development personnel by project and the access
control parameters to development environment and objects be strictly limited and that there be a reinforced access control in
order to modify these rights and that any modification of these rights be logged and audited.
R2
10B02-06
Are the processes which ensure the filtering of access to development objects (documentation and code ) under strict control ?
A strict control requires that the software used has been validated and undergoes a regular test for integrity (seal) and that there be
an audit at least once a year of the procedures and processes of access filtering (including the process aiming to detect
modification attempts and the processes which respond to these modification attempts).
R3
10B02-07
In the case of developments of packages or conferred on IT service companies are the above conditions contractually imposed on
the editor, partner or subcontractor?
E1
10B02-08
Is the management of access rights to development objects, protection procedures and mechanisms subject to a regular audit?
C1
10B03
10B03-01
ISO 27002
E2
12.4.3
341702815.xls ! 10 Dev
E2
12.2.2
page 266
1 variant
R-V1 R-V2 R-V3 R-V4
Number
Question
10B03-02
Specifically, is it made sure that the use of the functions "Add", "Modify", "Delete" could not result in a loss of integrity (referential
integrity, etc)?
E2
12.2.2
10B03-03
Has the processing sequence of execution been validated and has the restart sequence after failure of a previous processing
been anticipated?
E2
12.2.2
10B03-04
E2
12.2.2
E1
12.4.2
10B04
Max
Min
Type
ISO 27002
10B04-01
For testing, is the use of functional databases containing personal information or any other sensitive information avoided?
10B04-02
If sensible or personal data have to be used, is it ensured deleting sensitive details and contents before using them (or make them
anonymous)?
E2
12.4.2
10B04-03
When using operations data, do the access control procedure that apply to the running applications also apply to the test
applications?
E2
12.4.2
10B04-04
Is the operating information used by a test application deleted immediately after the test is completed?
E2
12.4.2
10B04-05
Is there a log of all copy or use of operating data during tests to create a audit trail?
C1
12.4.2
E1
10B05
10B05-01
Do application maintenance procedures impose a strict separation between detailed specification, design, unit test and integration
tasks, with the attribution of specific profiles to the various members of the maintenance staff?
10B05-02
Is the attribution of profiles and tasks to maintenance personnel done on an individual and named basis?
E2
10B05-03
Is a trace kept of the tasks effected by each member of the maintenance staff?
E2
10B05-04
Are the application maintenance, test and integration environments strictly separated?
10B05-05
Have strict and separated access rights been defined for these environments, based on profile and project?
A strict access control supposes that it is necessary to get the right profile in order to access to a given environment
10B05-06
Is the authentication protocol for development personnel holding privileged rights considered as strong?
An authentication protocol is considered secure if it is not susceptible to being broken by a listening device on the network or
rendered inoperable by specialists tools (in particular password crack tools ). Such security usually uses cryptographic methods.
10B05-07
In the particular case of passwords, can the imposed rules be considered as very strict?
Very strict rules impose the use of tested non-trivial passwords, using a mixture of different types of characters and of a reasonable
length (ten characters or more). It is desirable that these rules have been approved by the Information Security Officer.
10B05-08
Do application maintenance procedures require that a person never be the only person responsible for a task?
10B05-09
Do application maintenance procedures require that, for sensitive functions, a verification of code is a made by an independent
team?
10B05-10
Do application maintenance procedures require a formal validation, by users, of the coverage of functional tests?
10B05-11
Do application maintenance procedures require that a formal validation be run by the security function of the coverage of tests
related to security functions or mechanisms?
10B05-12
In the case of application maintenance conferred on outside contractors, are the above conditions contractually imposed on the
partner or subcontractor?
Note: when the maintenance is assured by a software editor and/or in a another country, separated by considerable distance, the
guarantees made in respect of maintenance conditions must be reviewed with great care.
341702815.xls ! 10 Dev
E2
E3
E2
E2
3
E2
E2
E3
E1
page 267
1 variant
R-V1 R-V2 R-V3 R-V4
Number
Question
10B05-13
Are the control parameters related to the management of rights attributed to application maintenance personnel under strict
control?
A strict control requires that the list of people able to change profiles by project attributed to application maintenance personnel and
the access control parameters to maintenance environments and objects be strictly limited and that there be a reinforced access
control in order to be able to modify these rights and that any modification of these rights be logged and audited.
C2
10B05-14
Are the organization of tasks within application maintenance and the application of clear segregation and control rules regularly
audited?
C1
10B06
Max
Min
Type
ISO 27002
Hot Maintenance
10B06-01
Is real-time (hot) maintenance, when done directly in the production environment, subject to the triggering of a formal procedure
including, in particular, the formal agreement of the operational director and the manager responsible for the application domain (or
data owner) concerned?
E1
10B06-02
Is a full backup of the production environment (systems and applications) made before any real time maintenance, which would
enable a return to the previous situation in case of a problem?
E2
10B06-03
Is a full backup of operational data (synchronized) made before any real time maintenance so as to enable a return to the prior
situation in case of a problem?
E2
10B06-04
Is a trace kept of all operations effected and commands launched during any real time maintenance in order to be able to
investigate afterwards, or even to cancel them, if the sequence of operations finished improperly?
10B06-05
Are the procedures of real time maintenance and their application subject to regular audit?
341702815.xls ! 10 Dev
E2
3
C1
page 268
Comments
341702815.xls ! 10 Dev
page 269
Comments
341702815.xls ! 10 Dev
page 270
Comments
341702815.xls ! 10 Dev
page 271
Comments
341702815.xls ! 10 Dev
page 272
Comments
341702815.xls ! 10 Dev
page 273
341702815.xls ! 10 Dev
page 274
341702815.xls ! 10 Dev
page 275
341702815.xls ! 10 Dev
page 276
341702815.xls ! 10 Dev
page 277
341702815.xls ! 10 Dev
page 278
1 variant
Question
Max
Min
Typ
ISO 27002
11A
Security of the operational procedures for the whole set of users' equipment
11A01
Control of the installation of new software or system versions on the users' equipment
11A01-01
Are the decisions to change or update users' software versions subject to a control procedure (registration, planning, formal
approval, communication to all concerned individuals, etc.)?
E1
11A01-02
Are the new versions validated on pilot equipment before general installation throughout the user stations?
E2
11A01-03
Is the remotely ordered validation of new installations on users' equipment reserved to a limited list of administrators in charge of
users work equipment?
E2
11A01-04
Are security parameters and configuration rules of user equipment listed in detail and regularly updated?
E3
10.3.2
11A01-05
Are security parameters and configuration rules controlled following any configuration evolution of user equipment?
E3
10.3.2
11A01-06
Has the eventual impact of the user equipment configuration changes regarding the continuity plans been considered?
E2
10.3.2
11A01-07
Are all the control procedures related to user configurations subject to regular audit?
11A02
10.1.2; 10.3.1
C1
11A02-01
Has a list of authorized software for the user equipment been established?
This list should state the reference versions authorized and the possible parameterization options accepted.
E2
11A02-02
Has a list of additional equipment authorized on the user work stations been established?
This list should contain the authorized reference versions and possibly the parameter options used
E2
11A02-03
Are these lists protected against untimely or illicit alteration by a robust sealing process?
R2
11A02-04
Are the rights provided to users preventing them to modify the system configurations of their equipment (addition of hardware or
software)?
E2
11A02-05
Is the conformity of the hardware configurations for user workstations regularly controlled relatively to the authorized options?
E3
15.2.2
11A02-06
Is the conformity of the software configurations for user workstations regularly controlled relatively to the authorized options?
E3
15.2.2
11A02-07
E3
11A02-08
Is it also controlled that the users do not possess the access rights required for the installation of additional hardware or software?
E3
11A02-09
C1
11A03
11A03-01
Does the security policy state that it is strictly forbidden to load any piece of software on the workstation without a proper license?
E1
15.1.2
11A03-02
Is a permanent inventory held up to date of the software officially installed and declared on each work station?
E2
15.1.2
11A03-03
Is there a regular control of the conformity of the software installed to those declared or that they possess an authorized license?
E2
15.1.2
11A03-04
E3
11A03-05
C1
11A04
11A04-01
Conformity control of the reference programs (source and executable) for user software
Does the IT operation manage a reference for each software product installed on the user workstations (source code and
executable)?
341702815.xls ! 11 Mic
E1
12.4.1
page 279
1 variant
Question
Max
Min
Typ
ISO 27002
Is this reference version protected against untimely or illicit alteration (media signed and kept by a responsible person of high rank,
electronic sealing, etc.)?
R1
11A04-03
R2
11A04-04
Is there an automatic control of the sealing (or, at least, a deposited signature) for each new installation of a user workstation?
R2
11A04-05
Is a check made of the proof of origin and integrity of received maintenance module or a new version, from the editor or the
manufacturer (for operating systems)?
E2
11A04-06
C1
11A05
Management of service suppliers and providers relating to the operation and handling of the user workstations base
11A05-01
Is it regularly ensured that the security services allocated to suppliers or providers for the operation and handling of the user
workstations are efficiently implemented and maintained by them?
C1
10.2.1
11A05-02
Is it ensured that the service suppliers or providers for the operation and handling of the user workstations have efficiently
prepared the appropriate arrangements to ensure that the services are provided as agreed?
E2
10.2.1
11A05-03
Is the respect of the security provisions by the suppliers or providers regularly reviewed?
E1
10.2.2
11A05-04
Is it ensured that the suppliers and providers report and document any security incident concerning operation and handling of the
user workstations?
E2
10.2.2
11A05-05
Is there a regular review of these incidents or malfunctions with the concerned suppliers and providers?
E2
10.2.2
11A05-06
Are any changes in the contract relationship (obligations, service levels, etc.) analyzed for resulting potential risks?
E3
10.2.3
11B
Protection of workstations
11B01
11B01-01
Is access to the workstation itself (even for local use) protected by a password or authentication system?
E1
11B01-02
Does the process of creation or modification of user authentication means respect a set of rules which ensures its intrinsic validity?
In the case of passwords: sufficient length (8 characters or more), mandatory mixture of types of characters, frequent change
(less than once a month), impossibility of reusing an old password, non-trivial word test using a dictionary, banning of "standard
systems", first names, anagrams of username, dates etc. In the case of authentication based on cryptographic mechanisms and of
certificates: a generation process evaluated or publicly recognized, encryption keys of a sufficient length etc.
E1
11B01-03
Does the process of providing credentials for authentication (like user password) guarantee its inviolability?
The usage of a password will always be a weak point. The only process which does not divulge observable information consists
either of introducing an object containing a secret (smart card), or using a code which changes at every moment (token card type
SecureId) or providing some biometric character.
E2
11B01-04
E2
11B01-05
If the authentication process is not permanent, must it be reinitialized after a short period of inactivity?
E2
11B01-06
Is the workstation protected against the installation of software by anyone apart from workstation administrators?
E1
11B01-07
Is there a procedure allowing an authorized administrator to access to the workstation in the event of departure or of
disappearance of its holder?
E2
11B01-08
Are the workstations protected against any use by individuals other than the incumbent (particularly if the post is left temporarily,
for more than 10 min for example)?
E2
341702815.xls ! 11 Mic
11.2.3
11.3.2
page 280
1 variant
Question
Max
Min
Typ
ISO 27002
Is the shutdown of the access control system detected dynamically at the time of connection to the enterprise network?
R1
11B01-10
Are the procedures and services for access control subject to regular audit?
C1
11B02
11B02-01
Have a security policy and associated recommendations relative to working off premises been established?
The recommendations and directives should cover the precautions to take working at home, when on business travel, on public
transport and should cover the protection of mobile computers, the usage of firewalls and up to date antivirus software,
connections to public or third party networks, precautions to take concerning written documents, instant message services,
telephone and conversations.
E1
9.2.5; 11.7.1;
11.7.2
11B02-02
Has it been established a security policy and recommendations relative to teleworking using remote connections to the office
network)?
The recommendations and instructions should cover the precautions and means to implement and cover the security of the
connection to the company network (reinforced authentication, VPN, etc.), possible restriction of access authorizations,
precautions concerning the use of personal workstations by individuals other than the incumbent (family, friends, etc.).
E1
11.7.2
11B02-03
Does the security policy formally forbid to carry out of the premises documents classified or carrying a value of proof?
E2
9.2.5; 11.71
11B02-04
Are personnel likely to work off site made aware of and receive training on the measures to be applied in order to protect
documents, systems and the data they contain?
These measures cover physical and logical protection against theft as well as disclosure or unauthorized access by family
members as well as by other persons.
E2
9.2.5; 11.71
11B02-05
Are the computing systems used off site only those belonging to the company and configured specifically for that purpose (in
particular if they permit an access to the internal network)?
E2
11.7.2
11B02-06
Is the configuration of computing systems used for work outside company buildings (portable computers) regularly checked?
C1
11B03
11B03-01
Has an exhaustive analysis of all the work situations or professional exchanges using equipments that do not belong to the
organization?
E2
11B03-02
Has an exhaustive analysis of all the external peripheral connection possibilities to the Information Systems of the organization
(USB ports, bluetooth, etc...) ?
E2
11B03-03
C2
11B03-04
Has it been deduced from them a security policy regarding the use of personal equipment for work purposes?
The instructions should consider the introduction and use of personal equipment such as laptops, PDAs, external disks, optical
supports, USB keys, etc.
E2
6.1.4; 11.7.2
11B03-05
Have means of control regarding the use of personal equipment been defined and implemented?
Such as specific parameters of the operating systems, filtering capabilities, etc.
E2
6.1.4
11B03-06
R1
11B03-07
C1
11C
341702815.xls ! 11 Mic
page 281
1 variant
Question
Max
Min
Typ
ISO 27002
Protection of the confidentiality of data on the workstation or on a data server (logical disk for the workstation)
11C01-01
Is confidential data stored encrypted, whether on the user workstation or hosted on a data server (logical disk)?
E2
11C01-02
Are all elements of the encryption process securely protected against any alteration, modification or inhibition?
E3
11C01-03
Are workstations equipped with an effective file erasing system which ensures that any file deleted (whether from a local or shared
disk) cannot be subsequently reread?
E2
11C01-04
Are workstations equipped with a true and efficient system which erases temporary files after their use (whether on a local or a
shared disk)?
E2
11C01-05
Is the process or the directives concerning file encryption extended to messages and message attachments?
E2
11C01-06
Does the process or the directives concerning file encryption extended to information residing on the address book?
E3
11C01-07
Have users received an appropriate training on file encryption and erasing systems, indicating in particular the rules to follow to
ensure that encryption is not circumvented?
E3
11C01-08
Are regular audits carried out on the usage of file encryption and erasing facilities by users?
C1
11C02
11C02-01
E2
11C02-02
Are the elements used for the encryption process protected strongly against any illicit alteration, modification or blocking ?
E3
11C02-03
Is the encryption process applied whichever media type (external disk, USB key, PDA, etc.)?
E2
11C03
11C03-01
Is there a procedure which details the actions to carry out before calling maintenance to ensure that unauthorized staff do not gain
access to sensitive information which may be stored on the workstation (physical erasing of sensitive data and of temporary files,
retaining of disks etc.)?
E2
11C03-02
Is there a written procedure and a binding clause in personnel maintenance contracts stipulating that any storage media which
contained sensitive data be destroyed before disposal?
E2
11C03-03
Is there a procedure of checking for system integrity after maintenance intervention (absence of spyware, or trojans etc.)?
E2
11C03-04
Are the procedures described above obligatory in all circumstances and do any derogations require the signature of senior
management?
R2
11C03-05
C2
11C04
11.7.1; 12.3.1
9.2.6
Protection of the integrity of files stored on workstations or on data servers (logical disk for workstations)
11C04-01
Are integrity sensitive files (whether stored on workstations or hosted on a data server) write-protected and is there an integrity
control mechanism?
Such a mechanism may authorize the creation of modifiable working copies while guaranteeing the integrity of the original
E2
11C04-02
Are the components of the integrity control process security protected against any alteration, modification or inhibition?
R2
11C04-03
Is the process or the directives concerning integrity control extended to messages and message attachments?
E2
11C04-04
Is the process or the directives concerning integrity control extended to information contained in address books
E3
11C04-05
Have users undergone training on integrity control means indicating in particular the rules to respect such that integrity control
cannot be circumvented?
E2
341702815.xls ! 11 Mic
page 282
1 variant
Question
Max
Min
Typ
ISO 27002
Are regular audits carried out on the usage of means of integrity control by users?
C2
11C05-01
Is there a security policy specific to emails defining precautions for use and security measures to implement?
E1
11C05-02
Does this policy state the rules concerning the use of email address out of the internal space (internet site, forum, etc...)?
It is advisable to use aliases rather than professional email address
E2
11C05-03
Does this policy impose that message sent with a high importance be systematically requesting an acknowledgement of receipt
controlled by the sender?
E2
11C05-04
Is there also a security policy attached to various other electronic exchange of information (telephonic or video conference,
cooprative work, document sharing, FTP services, instant messaging, etc.) defining the security measure and precautions to
implement?
E1
10.8.5
11C05-05
E2
10.8.4
11C05-06
E3
10.8.4
11C05-07
E3
11C05-08
Are regular audits carried out on the procedures and instructions concerning email and electronic exchanges security?
C1
11C06
11C06-01
11C06-02
11C06-03
Is the access to the printer's room reserved to persons of the same service sharing the same rights?
11C06-04
Is it possible for this personnel to cancel, if necessary, a printout in the waiting list?
11C06-05
Is it possible for this personnel to destroy printed documents put on scrap in a secure way?
11C06-06
Are regular audits conducted on the protective measures for printouts from a shared printer?
11D
10.8.4
11D01
11D01-01
Is all computing hardware covered by a maintenance contract (personal computers, peripherals, etc.)?
E1
11D01-02
Are there specific maintenance contracts for all hardware requiring a high availability and for which repair or swap is required
swiftly?
E1
11D01-03
E1
11D01-04
Do the maintenance contracts include specific obligations stipulating maximum intervention and reparation times which are
compatible with availability requirements?
E1
11D01-05
Are maintenance contracts, selection of service providers and the associated maintenance procedures regularly audited?
C1
11D02
9.2.4
11D02-01
Are there maintenance contracts for all software installed on user workstations?
E1
11D02-02
Is a technical support center available for each software supplier which guarantees rapid and qualified telephone support?
E1
341702815.xls ! 11 Mic
page 283
1 variant
Question
Max
Min
Typ
ISO 27002
Are there specific maintenance contracts for all software requiring high availability and for which standard repair times are not
acceptable?
E1
11D02-04
Are maintenance contracts, selection of service providers and the associated procedures regularly audited?
C1
11D03
11D03-01
Has it been established a backup plan including all the configuration parameters of the user workstations?
E1
10.5.1
11D03-02
E2
10.5.1
11D03-03
Is there a regular test that the backup of the configuration parameters of the user workstations allow the effective rebuild of the
user working environment upon a new station or a complete restoring, within time limits compatible to the business requirements?
E2
10.5.1; 14.1.5
11D03-04
Are the production routines which ensure backups of user configurations protected, against illicit or undue modification, by secure
mechanisms?
Such mechanisms might be electronic seal or any equivalent modification detection system.
R1
10.5.1
11D03-05
Are user configuration backup plans and procedures subject to regular audit?
C1
11D04
11D04-01
E1
10.5.1
11D04-02
E1
10.5.1
11D04-03
Are several generations of save files available in order to guard against missing or unreadable files, by organizing, for example a
rotation of backup media?
E2
10.5.1
11D04-04
E2
10.5.1
11D04-05
Are the backup procedures, for office data stored on servers, subject to a regular audit?
C1
11D05
11D05-01
Are the users made aware and trained to backup operations for sensitive data possibly stored in their workstation?
E1
10.5.1
11D05-02
Is all user data (stored on workstations) systematically backed up (by users, at a fixed frequency or when connecting to the internal
network)?
E1
10.5.1; 11.7.1
11D05-03
E1
10.5.1
11D05-04
Are several generations of saved files available in order to guard against missing or unreadable files, by organizing, for example a
rotation of backup media?
E2
10.5.1
11D05-05
E2
10.5.1
11D05-06
Are the backup procedures for user data subject to a regular audit?
C1
11D06
Anti virus (malware, unauthorized executable code, etc.) protection for user workstations.
11D06-01
Has it been defined a policy to prevent risks of attack from malevolent codes (virus, Trojan Horse, worms, etc.) like prohibit the use
of unauthorized software, protection measures during file retrieval via external networks and reviews of installed software?
E1
11D06-02
Are user workstations equipped with a means to protect from viruses and malware?
E1
11D06-03
E1
11D06-04
Is there a regular and automatic analysis of all the files on the workstations?
E2
341702815.xls ! 11 Mic
10.4.1
page 284
1 variant
Question
Max
Min
Typ
ISO 27002
Have actions to be taken by users' support team in case of an attack by malevolent code (alert, confinement measures, triggering
of a crisis management process, etc.) been defined?
E2
11D06-06
Is it possible for the users' support team to make, at any time, a complete check of the users' workstation base?
E2
11D06-07
Has it been defined a policy and protection measures to fight against unauthorized executable codes (applets, ActiveX controls,
etc.) (blocking or environment control where the codes execute, control of accessible resources by mobile codes, issuer
authentication, etc.)?
E2
11D06-08
C1
E1
14.1.3
E2
14.1.3
E1
14.1.3
11D07
10.4.1
10.4.2
11D07-01
Have all the scenarios which may impact the users' workstation base been considered and, for each scenario, the consequences
in terms of service unavailability for users?
11D07-02
Has it been defined, to resolve each scenario identified above, a sequence of minimal services recovery in accordance with user
requirements?
The user services need to be considered qualitatively and quantitatively (percentage of the base to be reinstalled)
11D07-03
Has an activity recovery solution been defined and implemented to resolve each scenario identified above, in accordance with
user requirements?
11D07-04
Are the technical, organizational and human resources sufficient to address the organization's requirements?
This means being able to correct personnel deficiencies
E2
14.1.3
11D07-05
Are the technical, organizational and human resources educated to address the organization's requirements?
This implies to train appropriately all concerned staff.
E2
14.1.3
11D07-06
Are all these solutions for the continuity of users' services related to the workstations base described in detail in Disaster Recovery
Plans including the conditions for triggering the plan, the actions to execute, the priorities, the actors to mobilize and their contact
details?
E1
14.1.3
11D07-07
E2
14.1.5
11D07-08
Are above tests able to guarantee the capacity of the recovery solution to cope, under full operational load, the minimum services
required by users?
The tests required to obtain this guarantee are preferably full scale tests of each variant of scenario, involving all users. The
results of the tests have to be registered and analyzed in order to improve the capability of the organization to answer to the
situations considered.
E2
14.1.5
11D07-09
If the recovery solutions include delivery of hardware components (which cannot be triggered during tests), is there a contractual
commitment by the manufacturer or any relevant third party (distributor) to deliver the replacement hardware within fixed and
anticipated time limits as stated in the recovery plan?
E2
11D07-10
Are the existence, the pertinence and the updates of the users' workstations Recovery Plans regularly controlled?
C1
11D07-11
Is the updating of the above procedures within the recovery plan subject to regular audit?
C1
11D08
11D08-01
Is the list of office file formats, that are required to be accessible, kept up to date?
E1
11D08-02
Are the necessary hardware and software elements required for the access to all the types of office files put in archive available or
easily made available?
E1
11D08-03
Do the procedures of allocation and personalization of office files encryption and protection capabilities guarantee possibilities to
access the files, even if their owners are absent or have left the organization?
E2
341702815.xls ! 11 Mic
page 285
1 variant
Question
Max
Min
Typ
ISO 27002
Are the recovery capabilities of the access or encryption keys protected against accidental or malevolent unavailability?
E2
11D08-05
Are there regular audits of the mechanisms and procedures that guarantee the continuity of access to office files?
E2
11E
11E01
11E01-01
Have profiles been defined, within users workstation operations staff, corresponding to each type of activity (assistance,
installation, maintenance, etc.)?
11E01-02
For each profile have the necessary rights and privileges been defined?
11E01-03
Does the process of attributing special rights require the formal authorization of management (or the manager responsible for
external service providers) at a sufficiently high level?
11E01-04
Is the process of attributing special rights allocated only in relation to the profile of the holder?
11E01-05
Is the process of granting (modification or revocation) of special rights to an individual strictly controlled?
A strict control requires a formal recognition of the signature (electronic or not) of the requestor, that there be a tight control of
access in order to attribute or modify such rights and that any modification of special rights be logged and audited.
11E01-06
Is there a systematic process of removal of special rights at the time of departure or role change of user support operations staff?
11E01-07
Is there a regular audit, at least once a year, of all special rights attributed ?
11E02
E1
10.1.3; 11.2.2
E1
10.1.3
E2
10.1.3
E2
10.1.3
R1
11.2.2
E2
11.2.4
C1
11.2.4
Authentication and control of the access rights of administrators and operational personnel
11E02-01
Is the authentication of the administrator required before taking control of a user workstation?
E2
11E02-02
Is the authentication protocol used for administrators or holders of special rights considered to be secure?
An authentication protocol is considered secure if it is not susceptible to being broken by a listening device on the network or
rendered inoperable by specialists tools (in particular password crack tools ). Such security usually uses cryptographic methods.
E2
11E02-03
Are the rules, for instance in the case of passwords, considered to be very strict?
Strict rules impose the use of tested non-trivial passwords, using a mixture of different types of characters and of a reasonable
length (ten characters). It is desirable that these rules have been approved by the Information Security Officer
E2
11E02-04
Is there a consistent control of the administrator's rights, of its context, and of the suitability of this context with the requested
access, as per formal rules of access control?
E2
11E02-05
R1
11E02-06
R1
11E02-07
Is there a regular audit of the procedures of the security parameters attached to protecting profiles and rights?
C1
11E03
341702815.xls ! 11 Mic
page 286
1 variant
Question
Max
Min
Typ
ISO 27002
Has a detailed analysis been carried out of the events and operations carried out with administrative rights on the users'
workstations which may potentially have an impact on system security?
11E03-02
Are these events recorded as well as all parameters which may be useful for their subsequent analysis?
11E03-03
Is there a system able to detect any modification or deletion of a past record and to immediately trigger an alarm to a manager?
11E03-04
11E03-05
Is there a system enabling the detection of any modification of recording parameters and to immediately trigger an alarm to a
manager?
11E03-06
Does any inhibition of the recording and processing of the logged events system trigger an alarm to a manager?
11E03-07
11E03-08
11E03-09
E2
10.10.4
E2
10.10.4
E3
10.10.4
E3
10.10.4
E3
10.10.4
E3
10.10.4
Are all records or summary analyses protected against any falsification or destruction?
E2
10.10.4
E2
10.10.4
Are the procedures, which record and process privileged operations, regularly audited?
C1
10.10.4
341702815.xls ! 11 Mic
2
3
2
page 287
Comments
341702815.xls ! 11 Mic
page 288
Comments
341702815.xls ! 11 Mic
page 289
Comments
341702815.xls ! 11 Mic
page 290
Comments
341702815.xls ! 11 Mic
page 291
Comments
341702815.xls ! 11 Mic
page 292
Comments
341702815.xls ! 11 Mic
page 293
Comments
341702815.xls ! 11 Mic
page 294
Comments
341702815.xls ! 11 Mic
page 295
Comments
341702815.xls ! 11 Mic
page 296
341702815.xls ! 11 Mic
page 297
341702815.xls ! 11 Mic
page 298
341702815.xls ! 11 Mic
page 299
341702815.xls ! 11 Mic
page 300
341702815.xls ! 11 Mic
page 301
341702815.xls ! 11 Mic
page 302
341702815.xls ! 11 Mic
page 303
341702815.xls ! 11 Mic
page 304
341702815.xls ! 11 Mic
page 305
1 variant
The architecture and operations concerning voice are often effected by a different entity than data networks
Number
12A
Question
Max
Min
Typ
ISO 27002
12A01
Consideration of security in relation with operational personnel (permanent and temporary staff)
12A01-01
E1
12A01-02
Is telecommunication operations personnel required to sign contract clauses of adherence to that security policy (no matter their
status: permanent or temporary staff, students, etc.)?
E2
12A01-03
Do these clauses make clear that the personnel has an obligation not to tolerate any action contrary to security from other people?
E3
12A01-04
E2
12A01-05
Are these same clauses obligatory for contractors working on systems operations?
Practically, the contractors should ensure that their personnel sign individually and explicitly under the same conditions than
internal staff.
E2
12A01-06
Is there a mandatory and well adapted training course aimed at systems operation personnel?
12A01-07
Are the security policy compliance agreements, signed by personnel, securely kept (at least in a locked cupboard )?
R1
12A01-08
Are the security policy compliance agreements, signed by external contractors, securely kept (at least in a locked cupboard )?
R1
12A01-09
Is there a regular audit, at least once a year, of the effective application of the signature procedure by operational personnel
(directly employed by the company or indirectly through a service company) ?
C1
12A02
9.2.1
E2
12A02-01
Are the decisions to change or update equipment and systems significantly subject to a control procedure (registration, planning,
formal approval, communication to all concerned individuals, etc.)?
The possible separation (physical or logical, using VLAN) of data and voice flows shall be analyzed when moving to ToIP and
revised based on the observed load changes, the same applies to interconnection capabilities between the two networks
E1
10.1.2; 10.3.1
12A02-02
Are the change decisions based on an analysis of the capacity of the new equipment and systems to ensure the required load and
take into account the evolution of foreseeable requests?
E2
10.3.1
12A02-03
E2
9.2.1
12A02-04
Is any new or modified functionality linked to a new system or new version of a system, systematically documented before moving
into production?
12A02-05
Is such new functionality (or change in functionality), linked to a new system or new version of a system, formally and
systematically reviewed in conjunction with the IT security function?
341702815.xls ! 12 Top
E2
E2
10.3.2
page 306
1 variant
The architecture and operations concerning voice are often effected by a different entity than data networks
R-V1 R-V2 R-V3 R-V4
Number
Question
Max
12A02-06
Does this review include an analysis of the risks that may result from the changes?
12A02-07
Have telecommunication operations staff received formal appropriate training in risk analysis?
This should include service continuity as well as confidentiality and integrity of the data and the transmissions
12A02-08
May the operation staff obtain an appropriate support specially competent on risk analysis?
12A02-09
Are the security measures, determined to counter the new identified risks, formally reviewed before implementation?
E3
10.3.2
12A02-10
Are security parameters and configuration rules (deletion of generic accounts, changing of any default passwords, blocking of
unauthorized communications ports, setting of access rights and authentication parameters, etc.) listed in detail and regularly
updated?
E3
10.3.2; 11.4.4
12A02-11
Are the security parameters and configuration rules controlled prior to any start of production of a new version?
E3
10.3.2; 11.4.4
12A02-12
Has the eventual impact of the systems' changes regarding the continuity plans been considered?
E2
10.3.2
12A02-13
Are any derogations from the prerequisite risk analysis and control of security parameters subject to strict procedures, including a
signature from senior management?
R1
12A02-14
Can the start of production of new systems and applications be only carried out by operations personnel?
E3
6.1.4; 12.4.1
12A02-15
Is the start of production of new versions of systems or applications possible by the use of a defined validation and authorization
process?
E3
6.1.4; 12.4.1
12A02-16
C1
12A03
Min
Typ
E2
E3
E3
12A03-01
12A03-02
Are all maintenance operations required to terminate with a systematic control of physical or recorded configurations and security
parameters (as defined at time of start of production)?
E2
12A03-03
Are all maintenance operations required to terminate with a systematic control of the recording parameters for security events and
the life span of records?
E3
12A03-04
Are all maintenance operations required to terminate with a systematic control of system administration parameters (required
profile, authentication type, removal of standard logins etc.)?
E3
12A03-05
Is a formal dispensation, signed by a responsible manager, required if the above mentioned procedures are not observed?
12A03-06
12A04
ISO 27002
10.3.2
E2
9.2.4
E3
3
C1
12A04-01
In the case of remote maintenance, is the remote maintenance desk's access subject to a secure authentication procedure?
E2
11.4.4
12A04-02
In the case of remote maintenance, are maintenance staff subject to a secure authentication procedure?
E2
11.4.4
12A04-03
Is there a set of procedures covering the granting and revocation of access rights for remote maintenance operatives and the
granting of rights in urgent situations?
E3
11.4.4
12A04-04
Does the usage of the remote maintenance line require the prior agreement (for each usage) of telecommunication operations
personnel (upon request by the manufacturer or editor specifying the nature, date and time of the intervention)?
E3
11.4.4
12A04-05
E2
341702815.xls ! 12 Top
page 307
1 variant
The architecture and operations concerning voice are often effected by a different entity than data networks
Number
Question
12A04-06
12A05
Max
Min
Typ
ISO 27002
C1
12A05-01
Do the operating procedures result from the study of the overall cases to be covered by said procedure (normal operating cases
and incidents)?
E2
10.1.1
12A05-02
E2
10.1.1
12A05-03
Are the operating procedures readily available upon request by any accredited individual?
E2
10.1.1
12A05-04
E2
10.1.1
12A05-05
R1
12A05-06
Are the operating procedures audited regularly for authenticity and relevance?
C1
12A06
12A06-01
Is it regularly ensured that the security services allocated to suppliers or providers are efficiently implemented and maintained by
them?
C1
10.2.1
12A06-02
Is it ensured that the telecommunications service suppliers or providers have efficiently prepared the appropriate arrangements to
ensure that the services are provided as agreed?
E2
10.2.1
12A06-03
Is the respect of the security provisions by the suppliers or providers regularly reviewed?
E1
10.2.2
12A06-04
Is it ensured that the suppliers and providers report and document any security incident concerning information or networks?
E2
10.2.2
12A06-05
Is there a regular review of these incidents or malfunctions with the concerned suppliers and providers?
E2
10.2.2
12A06-06
Are any changes in the contract relationship (obligations, service levels, etc.) analyzed for resulting potential risks?
E3
10.2.3
E2
12B
12B01
12B01-01
Is an exact inventory of the equipments kept up to date by the concerned responsible persons?
Of key importance with ToIP for the move of terminal equipments and their configuration (including configured emergency call
numbers)
12B01-02
Is there a document (or a set of documents ) or an operational procedure which describes all security parameters for the
equipments and systems?
Such a document should be derived from the security policy and describe all the filtering rules decided. It should also mention the
reference to the system versions so as to check the status of the updates.
E1
12B01-03
Does this document require that all generic or by default accounts be deleted and their list established?
E2
11.4.4
12B01-04
Are the system versions, fixes and parameters updated regularly in line with latest information?
This should be done in cooperation with expert authorities (specialized audits, subscription to a service center, regular consultation
with CERTs, etc.)
E2
10.7.4; 12.6.1
12B01-05
Does the resulting document or procedure impose a synchronization feature, based on a reliable time reference?
E3
10.10.6
12B01-06
Are these reference documents protected, by secure methods, against untimely or illicit alteration (sealing)?
R1
10.7.4
12B01-07
Is the integrity of system configurations checked, regularly (at least weekly) if not at each system start-up, against the configuration
theoretically expected?
E3
15.2.2
12B01-08
Are regular audits carried out of the compliance to the specifications for security parameters?
R1
15.2.2
12B01-09
Are regular audits carried out of the exception and escalation procedures in the case of difficulty or installation problems?
R1
15.2.2
12B01-10
Are the development and test environments separated from the operational environments?
C1
341702815.xls ! 12 Top
page 308
1 variant
The architecture and operations concerning voice are often effected by a different entity than data networks
R-V1 R-V2 R-V3 R-V4
Number
Question
12B01-11
Is it possible to control, each time it is needed, the compliance of the architecture and of the configurations of the equipments ?
12B02
Max
Min
Typ
R2
E1
ISO 27002
12B02-01
Do the telecommunications operations manage a reference version for each equipment or system in operation (source and
executable code)?
12B02-02
Is this reference version protected against all possible illicit or untimely modification (signed media kept by a senior manager,
electronic sealing, etc.)?
R1
12B02-03
Is this protection considered to be inviolable (sealing by cryptographic algorithm approved by the Information Security Officer)?
R2
12B02-04
Is the protective seal controlled automatically (otherwise it may be an authoritative signature) at each new installation?
R2
12B02-05
Is a check made of the proof of origin and integrity of received maintenance module or a new version, from the editor or the
manufacturer (for operating systems)?
E2
12B02-06
Are the sealing and sealing control tools protected against any unauthorized usage?
R2
12B02-07
Does the inhibition of the automatic control of seals trigger an alarm to a manager?
E3
12B02-08
C1
Service continuity
12C
12C01
12C01-01
E1
12C01-02
Are there specific maintenance contracts for all hardware which require a high availability and for which the replacement must be
made within limited delays?
E2
12C01-03
Do the contracts stipulate maximum delays before intervention and compatible with the requirements of availability?
E2
12C01-04
Do the contracts detail the required time slots and days of intervention (24h/7d for example) compatible with the requirements of
availability?
E3
12C01-05
R1
12C01-06
Do the contracts detail specific clauses for when the hardware downtime exceeds the specific times stipulated (penalties, hardware
replacement, etc.)?
It is desirable that these clauses be general and apply to all cases no matter what the reasons (technical difficulty, staff strikes,
etc.)
E3
12C01-07
Do the maintenance contracts anticipate the complete replacement of equipment in the case of important damage which might not
be taken into consideration by reparative maintenance?
A special attention should be born on the confidentiality of data stored on the disk of the replaced equipments
12C01-08
Are the maintenance contracts, the choice of subcontractors and associated maintenance procedures subject to regular audit?
12C02
9.2.4
E3
C1
12C02-01
Are there maintenance contracts for all acquired software products (systems software, middleware and applications)?
E1
12C02-02
Do the suppliers provide a technical software support center which guarantees a quick and competent telephone assistance?
E2
341702815.xls ! 12 Top
page 309
1 variant
The architecture and operations concerning voice are often effected by a different entity than data networks
Number
Question
Max
Min
Typ
12C02-03
Are there specific maintenance contracts for software products (systems, middleware and applications) which require corrective
delays that standard maintenance cannot cover?
12C02-04
Do these contracts detail specific maximum intervention delays, compatible with the availability requirements?
E2
12C02-05
Do the contracts detail the required time slots and days of intervention (24h/7d for example) compatible with the requirements of
availability?
E3
12C02-06
R1
12C02-07
Do the contracts specify specific clauses when hardware downtime exceeds specific durations stipulated (penalties, replacement
of hardware, etc.)?
It is desirable that these clauses be general and apply to all cases no matter what the reasons (technical difficulty, staff strikes,
etc.)
E3
12C02-08
Are the maintenance contracts, the choice of subcontractors and associated maintenance procedures subject to regular audit?
C1
12C03
ISO 27002
E2
12C03-01
Has a backup plan been established which covers all programs and defines all objects to save and the frequency of backups?
E1
10.5.1
12C03-02
Does the plan also cover configuration parameters of the telecommunication equipments to save?
12C03-03
E2
10.5.1
E2
12C03-04
Are there regular tests that the backup copies of configurations enable the effective restoration of the production environment at
any time?
These tests should consider all the backups (including documentation and parameters files) of legitimate elements.
10.5.1
E2
10.5.1; 14.1.5
12C03-05
Are the production routines which ensure backups protected, against illicit or undue modification, by secure mechanisms?
Such mechanisms might be electronic seal or any equivalent modification detection system.
R1
10.5.1
12C03-06
R2
10.5.1
12C03-07
Are all software backup plans and procedures subject to regular audit?
C1
12C04
12C04-01
Have all the scenarios which may impact the telecommunications infrastructure and services been considered and, for each
scenario, the consequences in terms of service unavailability for users?
ToIP creates additional requirements for power supply continuity and ability to reconfigure of terminal equipments
12C04-02
For each scenario, and in agreement with the users, have a list and schedule of service resume been defined?
Loss of information, means to reconstruct them and temporary operational procedures must be considered.
12C04-03
Has an activity recovery solution been defined and implemented to resolve each scenario identified above, in accordance with user
requirements?
12C04-04
Are the technical, organizational and human resources sufficient to address the organization's requirements for IT continuity?
This means being able to correct personnel deficiencies
12C04-05
Are the technical, organizational and human resources educated to address the organization's requirements for continuity?
This implies to train appropriately all concerned staff.
341702815.xls ! 12 Top
E1
14.1.3
E2
14.1.3
E1
14.1.3
E2
14.1.3
E2
14.1.3
page 310
1 variant
The architecture and operations concerning voice are often effected by a different entity than data networks
Number
Question
12C04-06
Are all these solutions described in detail in Disaster Recovery Plans including the conditions for triggering the plan, the actions to
execute, the priorities, the actors to mobilize and their contact details?
12C04-07
12C04-08
Are above tests able to guarantee that the staff capacity and the recovery systems can cope, under full operational load, the
minimum service levels required by users?
The tests required to obtain this guarantee are preferably full scale tests of each variant of scenario, involving all users. The results
of the tests have to be registered and analyzed in order to improve the capability of the organization to answer to the situations
considered.
12C04-09
Max
Min
Typ
ISO 27002
E1
14.1.3
E2
14.1.5
E2
14.1.5
If the recovery solutions include delivery of hardware components (which cannot be triggered during tests), is there a contractual
commitment by the manufacturer or any relevant third party (leaser, broker, distributor) to deliver the replacement hardware within
fixed and anticipated time limits as stated in the recovery plan?
E2
12C04-10
Has the unavailability or failure of the recovery facility been considered and has a replacement solution been defined and validated
(second level recovery)?
E2
12C04-11
E3
12C04-12
Is the recovery solution usable for an unlimited duration and, if not, has a follow on replacement solution been established?
E3
12C04-13
Are the existence, the pertinence and the updates of the services Recovery Plans regularly controlled?
C1
12C04-14
Is the updating of the above procedures within the recovery plan subject to regular audit?
C1
12C05
12C05-01
Have the consequences of the disappearance of a supplier been analyzed (in the case of failure, a bug or change requirement)
and has a list of critical systems been established?
This is valid for hardware, software or service providers
E2
12C05-02
For all critical systems, has a corrective solution been analyzed to cope with the failure or disappearance of a supplier
(consignment of maintenance documentation or source code with a trusted third party, hardware replacement by standard market
solutions etc.)?
E2
12C05-03
Is there a guarantee that the corrective solutions could be made operational within time delays compatible with the continuity of the
business and accepted by the users?
12C05-04
Have variants to the primary solution been considered in case it might encounter unforeseen difficulties?
E3
12C05-05
C1
12D
E2
12D01
12D01-01
Has a list of the telecommunication software authorized on the users' stations been established?
This list should indicate the reference versions authorized and possibly the parameterization options
E2
12D01-02
Are these lists protected against untimely or illicit alteration by a robust sealing process?
R2
12D01-03
Are the rights provided to users preventing them to modify the specific telecommunication (telephone, audio or video conferencing,
etc. )configurations of their equipment?
E2
12D01-04
Is the conformity of the telecommunication configurations for user workstations regularly controlled relatively to the authorized
options?
C1
12D01-05
C2
12D01-06
341702815.xls ! 12 Top
C1
page 311
1 variant
The architecture and operations concerning voice are often effected by a different entity than data networks
Number
12D02
Question
Max
Min
Typ
12D02-01
Are the users made aware of the risks of tapping resulting from the use of telecommunication equipment and services?
E1
12D02-02
Are the users informed of risks resulting from the malevolent usage, locally or remotely, of their communication equipment?
In addition to the use of their colleagues' equipment without their knowing.
E2
12D02-03
Are the deactivation procedures explained to users at the installation or replacement time of their equipment?
E2
12D02-04
12D02-05
12D03
ISO 27002
E2
3
E2
12D03-01
Are encryption of exchanges mechanisms settable in accordance to the non-disclosure requirements established?
12D03-02
12D03-03
Have the user functions requiring a protection of the telecommunication exchanges been analyzed?
E2
12D03-04
Have encryption functions been installed on all the corresponding user equipment?
E2
E2
E2
12E
12E01
Management of privileged access rights granted on equipments and systems (administrative rights)
12E01-01
Have profiles been defined, within telecommunication operations staff, corresponding to each type of activity (system
administration, administration of security equipment, system monitoring, management of data storage and backup functions etc.)?
E1
10.1.3; 11.2.2
12E01-02
For each profile have the necessary rights and privileges been defined?
12E01-03
Does the process of attributing special rights require the formal authorization of management (or the manager responsible for
external service providers) at a sufficiently high level?
E1
10.1.3
E2
10.1.3
12E01-04
12E01-05
Is the process of attributing special rights allocated only in relation to the profile of the holder?
Is the process of granting (modification or revocation) of special rights to an individual strictly controlled?
A strict control requires a formal recognition of the signature (electronic or not) of the requestor, that there be a tight control of
access in order to attribute or modify such rights and that any modification of special rights be logged and audited.
12E01-06
Is there a systematic process of removal of special rights at the time of departure of telecommunication operations staff?
12E01-07
12E01-08
12E02
12E02-01
E2
10.1.3
R1
11.2.2
E2
11.2.4
Is there a systematic process of removal of special rights at the time of rle change of telecommunication operations staff?
E2
11.2.4
Is there a regular audit, at least once a year, of all special rights attributed ?
C1
11.2.4
Authentication and control of the access rights of administrators and operational personnel
Is the authentication protocol used for administrators or holders of special rights considered to be secure?
An authentication protocol is considered secure if it is not susceptible to being broken by a listening device on the network or
rendered inoperable by specialists tools (in particular password crack tools ). Such security usually uses cryptographic methods.
341702815.xls ! 12 Top
E2
page 312
1 variant
The architecture and operations concerning voice are often effected by a different entity than data networks
R-V1 R-V2 R-V3 R-V4
Number
Question
12E02-02
Are the rules, for instance in the case of passwords, considered to be very strict?
Strict rules impose the use of tested non-trivial passwords, using a mixture of different types of characters and of a reasonable
length (ten characters). It is desirable that these rules have been approved by the Information Security Officer
E2
12E02-03
Is there a consistent control of the administrator's rights, of its context, and of the suitability of this context with the requested
access, as per formal rules of access control?
E2
12E02-04
R1
12E02-05
R1
12E02-06
Is there a regular audit of the security parameters attached to protecting profiles and rights?
C1
12E03
Max
Min
Typ
ISO 27002
12E03-01
Has a detailed analysis been carried out of the events and operations carried out with administrative rights which may potentially
have an impact on system security (configuration of security systems, access to sensitive information, usage of sensitive tools,
download or modification of administrative tools etc.)?
12E03-02
Are these events recorded as well as all parameters which may be useful for their subsequent analysis?
12E03-03
Is there a system able to detect any modification or deletion of a past record and to immediately trigger an alarm to a manager?
12E03-04
12E03-05
Is there a system enabling the detection of any modification of recording parameters and to immediately trigger an alarm to a
manager?
12E03-06
Does any inhibition of the recording and processing of the logged events system trigger an alarm to a manager?
12E03-07
Are all records or summary analyses protected against any falsification or destruction?
12E03-08
12E03-09
E2
10.10.4
E2
10.10.4
E3
10.10.4
E3
10.10.4
E3
10.10.4
E3
10.10.4
E2
10.10.4
E2
10.10.4
Are the procedures, which record and process privileged operations, regularly audited?
C1
10.10.4
341702815.xls ! 12 Top
2
3
2
page 313
Comments
341702815.xls ! 12 Top
page 314
Comments
341702815.xls ! 12 Top
page 315
Comments
341702815.xls ! 12 Top
page 316
Comments
341702815.xls ! 12 Top
page 317
Comments
341702815.xls ! 12 Top
page 318
Comments
341702815.xls ! 12 Top
page 319
Comments
341702815.xls ! 12 Top
page 320
Comments
341702815.xls ! 12 Top
page 321
341702815.xls ! 12 Top
page 322
341702815.xls ! 12 Top
page 323
341702815.xls ! 12 Top
page 324
341702815.xls ! 12 Top
page 325
341702815.xls ! 12 Top
page 326
341702815.xls ! 12 Top
page 327
341702815.xls ! 12 Top
page 328
341702815.xls ! 12 Top
page 329
1 variant
R-V1 R-V2 R-V3 R-V4
Question
Max
Min
Typ
ISO 27002
13A
13A01
13A01-01
Is there a set of legal provisions and regulations concerning the protection of personal information (PPI)?
E2
15.1.2
13A01-02
E2
15.1.2
13A01-03
E1
15.1.4
13A01-04
E2
15.1.4
13A01-05
Does the policy indicate that PPI must be taken into consideration in the development of projects related to information
technology?
E2
13A01-06
Do the PPI directives cover all legal obligations, including those related to collection, access, communication, use, preservation
and destruction of such information?
E2
13A01-07
Has the adequacy of the directives with respect to all the relevant laws and regulations been verified by independent audit?
E2
13A01-08
E2
13A01-09
E2
13A01-10
Does the PPI policy (or the management framework) clearly define the responsibilities of the various stakeholders: the PPI
manager, Digital Information Security Manager, internal control, etc.?
E1
13A01-11
Is there a committee related to the governing bodies that is charged with developing PPI policy and with periodically studying any
related problems?
E2
13A01-12
If such a committee exists, is it composed of the PPI manager and representatives from senior management, security, audit, IT,
legal, document management, and users?
E2
13A01-13
13A02
E2
13A02-01
E1
13A02-02
E2
13A02-03
Is this program offered to the staff who process information covered by the legal provisions related to PPI?
E2
13A02-04
E2
13A02-05
Does this program take into account PPI issues relating to the use of IT and telecommunications systems?
E2
13A02-06
Does this program include training or awareness of the consequences of not respecting the legal provisions relating to PPI?
E2
13A02-07
Is the level of knowledge of members of staff concerning PPI periodically evaluated by survey or other mechanism?
13A02-08
Are members of staff periodically reminded of the existence of this program by poster, or other communication?
13A02-09
13A02-10
13A03
E3
R1
C1
E2
13A03-01
Have the conditions necessary for implementing the PPI policy been analyzed?
13A03-02
Have the corresponding resources (technical and human) been put in place?
E2
13A03-03
Is the level of resource necessary for the application of PPI audited regularly?
E2
13A04
C1
341702815.xls ! 13 Man
page 330
1 variant
R-V1 R-V2 R-V3 R-V4
Number
Question
Max
13A04-01
C1
13A04-02
E2
13A04-03
E2
13B
Min
Typ
ISO 27002
13B01
13B01-01
Is there a reference document stating the set of rules related to the collection, treatment and presentation of results leading to
Communication of financial data?
E3
13B01-02
E2
13B01-03
Is there a policy and are there precise directives concerning Communication of financial data?
E1
13B01-04
13B01-05
Does the policy concerning Communication of financial data encompass all the legal requirements in that matter?
13B01-06
Has the upper management conducted an evaluation of the effectiveness of internal control regarding the procedures and controls
ensuring that financial statements are produced in line with external regulations?
13B01-07
Has the quality evaluation document been evaluated and approved by financial auditors?
This approval implies that the auditors must obtain all the necessary elements in time for them to control
13B01-08
Has the upper management certified the efficiency of the procedures and controls implemented to ensure the veracity of financial
statements?
E2
13B01-09
Is there an audit commission charged with choosing external auditors, fixing their remuneration levels and supervising their
activities?
E2
13B01-10
E3
13B01-11
Does the application of this frame of reference enable all information published to be traced back?
This includes the capacity to trace back the chain of treatments so as to identify the original data (references to the facts,
accounting data entries, ... ) and the decisions related to the origin of the information
C1
13B01-12
E2
13B01-13
Does the policy concerning Communication of financial data (or its management framework) clearly establish the responsibilities of
each of the contributors?
E1
13B01-14
Is there a committee related to the governing bodies that is charged with developing the Communication of financial data policy
and with periodically studying any related problems?
E2
13B01-15
13B02
E2
3
E2
E2
E2
E2
13B02-01
E1
13B02-02
Is this program approved by the manager responsible or in charge of the Communication of financial data?
E2
13B02-03
Is this program available to the staff who process information covered by the legal provisions related to Communication of financial
data?
E2
13B02-04
E2
341702815.xls ! 13 Man
page 331
1 variant
R-V1 R-V2 R-V3 R-V4
Number
Question
13B02-05
Does this program take into account Communication of financial data issues relating to the use of IT and telecommunications
systems?
P
4
Max
Min
Typ
E2
13B02-06
Does this program include training or awareness of the consequences of not respecting the legal provisions relating to
Communication of financial data?
E2
13B02-07
Is the level of knowledge of members of staff concerning the Communication of financial data periodically evaluated by survey or
other mechanism?
E3
13B02-09
R1
13B02-10
C1
13B03
13B03-01
Have the conditions necessary for implementing the Communication of financial data policy been analyzed?
13B03-02
Have the corresponding resources (technical and human) been put in place?
E2
13B03-03
Is the level of resource necessary for the application of Communication of financial data audited regularly?
E2
13B04
C1
13B04-01
C1
13B04-02
E2
13B04-03
E2
13C
ISO 27002
13C01
13C01-01
Is there a list of the types of recordings to preserve and of the procedures and protections to apply until their end of life?
This list should consider media like : paper, microfiches, files and their protection during the requested retention durations.
13C01-02
Are the basic accounting data preserved in compliance with the VCA regulations?
The elementary data are individual, not yet aggregated, data considered since their origin, for example: historic files of movements
(orders, bills, stocks...), written evidences, statements, permanent data, operations of files' updates...
E2
13C01-03
Are files which contain long term or reference information (accounting schemas, client files, suppliers, tariffs,
products) kept in compliance with the VCA?
E2
13C01-04
E2
13C01-05
Are operational systems which have a direct or indirect link with the accounting system kept in compliance with
VCA regulations?
E2
13C01-06
Are all accounting applications and applications which feed the accounting system, via intermediate or interface
files, kept?
E2
13C01-07
Are analytical or budgetary applications used to determine expenses and incomes kept?
E3
13C01-08
C1
E2
13C02
341702815.xls ! 13 Man
page 332
1 variant
R-V1 R-V2 R-V3 R-V4
Question
Max
Min
Typ
13C02-01
Is an inventory of applications and documentation likely to be checked as parts of a VCA audit kept up-to-date?
E2
13C02-02
E2
13C02-03
E2
13C02-04
Is this documentation updated using a precise system of follow up of documents version numbers?
E2
13C02-05
E2
13C02-06
Are all documents, data and transactions, subject to legal control, preserved and accessible in the host country
itself?
E2
13C02-07
Is the retention plan for data and information, including documentation, compliant with the rules in force (duration
and nature of support media)?
E2
13C02-08
Do IT contracts with third parties contain a specific legal clause taking into account VCA regulations such as the availability of
source code, documentation and technical assistance in the case of a VCA audit?
Such third parties include outsourcing, software editors, suppliers, etc.
E2
13C02-09
Does the documentation, issued from application developments and updates, comply to VCA regulation (for all
applications within the scope of VCA regulations)?
E2
13C02-10
In the case of company acquisitions is there a clause which guarantees the respect of obligations related to VCA?
E2
13C02-11
Is there a control procedure related to VCA elements covering backup plan, operations technical documents, data,
processing, version of the saved elements, etc. ?
C1
13C03
13C03-01
E1
13C03-02
E2
13C03-03
Is this program offered to the staff who process information covered by the legal provisions related to VCA?
E2
13C03-04
E2
13C03-05
Does this program take into account VCA issues relating to the use of IT and telecommunications systems?
E2
13C03-06
Does this program include training or awareness of the consequences of not respecting the legal provisions relating to VCA?
E2
13C03-07
Is the level of knowledge of members of staff concerning VCA periodically evaluated by survey or other mechanism?
E3
13C03-09
R1
13C03-10
C1
13C04
13C04-01
Have the conditions necessary for implementing the VCA policy been analyzed?
13C04-02
Have the corresponding resources (technical and human) been put in place?
E2
13C04-03
Is the level of resource necessary for the application of VCA audited regularly?
E2
C1
13C05
13C05-01
ISO 27002
C1
341702815.xls ! 13 Man
page 333
1 variant
R-V1 R-V2 R-V3 R-V4
Max
13C05-02
E2
13C05-03
E2
13D
Question
Min
Typ
ISO 27002
13D01
13D01-01
Is there a collection of all applicable legal and regulatory rules and measures regarding the protection of intellectual property
rights?
E2
13D01-02
E2
13D01-03
Is there a policy and are there precise directives concerning intellectual property rights?
13D01-04
Are these directives explicitly forbidding the use of software without a proper license and limitation of copies of software,
commercial recordings (video, audio) and documents ?
13D01-05
13D01-06
Does the policy concerning the protection of intellectual property rights encompass all the legal requirements in that matter?
E2
13D01-07
Has the adequacy of the directives with respect to all the relevant laws and regulations been verified by independent audit?
E2
13D01-08
E2
13D01-09
E2
13D01-10
Does the IPR policy (or the management framework) clearly define the responsibilities of the various stakeholders?
E1
13D01-11
Is there a committee related to the governing bodies that is charged with developing IPR directions and with periodically studying
any related problems?
E2
13D01-12
13D02
E1
2
E2
E2
E2
13D02-01
E1
13D02-02
E2
13D02-03
E2
13D02-04
Does this program take into account IPR issues relating to the use of IT and telecommunications systems?
E2
13D02-05
Does this program include training or awareness of the consequences of not respecting the legal provisions relating to IPR?
E2
13D02-06
Is the level of knowledge of members of staff concerning IPR periodically evaluated by survey or other mechanism?
E3
13D02-07
R1
13D02-08
C1
13D03
13D03-01
Have the conditions necessary for implementing the IPR policy been analyzed?
13D03-02
Have the corresponding resources (technical and human) been put in place?
E2
13D03-03
Is the level of resource necessary for the application of IPR audited regularly?
E2
13D04
C1
13D04-01
C1
13D04-02
E2
13D04-03
E2
341702815.xls ! 13 Man
page 334
13E
1 variant
R-V1 R-V2 R-V3 R-V4
Question
Max
Min
Typ
ISO 27002
13E01
13E01-01
Is there a collection of all applicable legal and regulatory rules and measures regarding the protection of computerized systems?
E2
13E01-02
E2
13E01-03
Is there a policy and are there precise directives concerning the protection of computerized systems?
E1
13E01-04
13E01-05
Does the policy concerning the protection of computerized systems encompass all the legal requirements in that matter?
E2
13E01-06
Has the adequacy of the directives with respect to all the relevant laws and regulations been verified by independent audit?
E2
13E01-07
Has a manager responsible for the protection of computerized systems been appointed?
E2
13E01-08
Is the protection of computerized systems responsible manager known to all members of staff?
E2
13E01-09
Does the protection of computerized systems policy (or the management framework) clearly define the responsibilities of the
various stakeholders?
E1
13E01-10
Is there a committee related to the governing bodies that is charged with developing directions for the protection of computerized
systems and with periodically studying any related problems?
E2
13E01-11
13E02
E2
E2
13E02-01
E1
13E02-02
E2
13E02-03
E2
13E02-04
Does this program include training or awareness of the consequences of not respecting the legal provisions relating to the
protection of computerized systems?
E2
13E02-05
Is the level of knowledge of members of staff concerning the protection of computerized systems periodically evaluated by survey
or other mechanism?
E3
13E02-06
R1
13E02-07
C1
13E03
13E03-01
Have the conditions necessary for implementing the protection of computerized systems policy been analyzed?
13E03-02
Have the corresponding resources (technical and human) been put in place?
E2
13E03-03
Is the level of resource necessary for the application of the protection of computerized systems audited regularly?
E2
13E04
C1
13E04-01
C1
13E04-02
E2
13E04-03
E2
13F
13F01
13F01-01
Policy and instructions relative to Human safety and protection of the environment
Is there a collection of all applicable legal and regulatory rules and measures relative to the human safety and protection of the
environment?
341702815.xls ! 13 Man
E2
page 335
1 variant
R-V1 R-V2 R-V3 R-V4
Number
Question
13F01-02
E2
13F01-03
Is there a policy and are there precise directives relative to the human safety and protection of the environment?
E1
13F01-05
13F01-06
Does the policy relative to the human safety and protection of the environment encompass all the legal requirements in that
matter?
E2
13F01-07
Has the adequacy of the directives with respect to all the relevant laws and regulations been verified by independent audit?
E2
13F01-08
Has a manager responsible for human safety and protection of the environment been appointed?
E2
13F01-09
Is the responsible manager relative to the human safety and protection of the environment known to all members of staff?
E2
13F01-10
Does the policy (or the management framework) relative to human safety and protection of the environment clearly define the
responsibilities of the various stakeholders?
E1
13F01-11
Is there a committee related to the governing bodies that is charged with developing directions for relative to the human safety and
protection of the environment and with periodically studying any related problems?
E2
13F01-12
Is the policy relative to the human safety and protection of the environment revised regularly?
13F02
Max
Min
Typ
E2
E2
Human safety and protection of the environment training and awareness program
13F02-01
Is there a Human safety and protection of the environment awareness and training program?
E1
13F02-02
Is this program approved by the Human safety and protection of the environment manager or respondent?
E2
13F02-03
E2
13F02-04
Does this program include training or awareness of the consequences of not respecting the legal provisions relating to the Human
safety and protection of the environment?
E2
13F02-05
Is the level of knowledge of members of staff concerning the Human safety and protection of the environment periodically
evaluated by survey or other mechanism?
E3
13F02-06
R1
13F02-07
C1
13F03
13F03-01
Have the conditions necessary for implementing the Human safety and protection of the environment policy been analyzed?
13F03-02
Have the corresponding resources (technical and human) been put in place?
E2
13F03-03
Is the level of resource necessary for the application of the Human safety and protection of the environment audited regularly?
E2
13F04
C1
Monitoring the implementation of the Human safety and protection of the environment policy
13F04-01
Is the implementation of the Human safety and protection of the environment policy audited regularly?
C1
13F04-02
E2
13F04-03
E2
13G
ISO 27002
13G01
13G01-01
Is there a collection of all applicable legal and regulatory rules and measures regarding the use of encryption?
E2
13G01-02
E2
13G01-03
Is there a policy and are there precise directives concerning the use of encryption?
E1
341702815.xls ! 13 Man
page 336
1 variant
R-V1 R-V2 R-V3 R-V4
Question
Max
Min
Typ
13G01-04
13G01-05
Does the policy concerning the use of encryption encompass all the legal requirements in that matter?
E2
13G01-06
Has the adequacy of the directives with respect to all the relevant laws and regulations been verified by independent audit?
E2
13G02
13G02-01
E1
13G02-02
E2
13G03
ISO 27002
E2
13G03-01
C1
13G03-02
E2
13G03-03
E2
341702815.xls ! 13 Man
page 337
Comments
341702815.xls ! 13 Man
page 338
Comments
341702815.xls ! 13 Man
page 339
Comments
341702815.xls ! 13 Man
page 340
Comments
341702815.xls ! 13 Man
page 341
Comments
341702815.xls ! 13 Man
page 342
Comments
341702815.xls ! 13 Man
page 343
Comments
341702815.xls ! 13 Man
page 344
Comments
341702815.xls ! 13 Man
page 345
341702815.xls ! 13 Man
page 346
341702815.xls ! 13 Man
page 347
341702815.xls ! 13 Man
page 348
341702815.xls ! 13 Man
page 349
341702815.xls ! 13 Man
page 350
341702815.xls ! 13 Man
page 351
341702815.xls ! 13 Man
page 352
341702815.xls ! 13 Man
page 353
1 variant
This questionnaire controls whether the organisation realises effectively a continuous process of management and reduction of the
risks also called ISMS .
It is recommanded to integrate this questionnaire into MEHARI complete process of risk treatment, preferrably associated
together with domain 01 (Organisation), which corresponds to the management responsibility and audits parts of the standard.
Number
14A
Question
Max
Min
Comments
14A01
14A01-01
Are the boundaries and scope of the ISMS resulting from a preliminary study of the expectations of the top management and the
stakeholders?
14A01-02
Do the boundaries contain the processes and assets of vital value for the organization?
They should specify the sites, organizational units and business activities as well as external interfaces.
Any exclusions from the scope must be documented and justified.
14A02
14A02-01
Does the ISMS policy result from a preliminary study of the expectations of the stakeholders?
14A02-02
Does this policy state clearly and precisely the commitments of the management relative to information security?
14A02-03
Does this policy take into account the requirements of the organization towards criteria such as Availability, Integrity and non
disclosure?
14A02-04
Does this policy take into account legal and regulatory requirements?
14A02-05
Does this policy take into account the commitment to use precise evaluation of risks?
14A02-06
14A02-07
Has this policy been approved by the top management of the organization?
14A02-08
Has the management of the organization reserved the necessary resources and funding over the long term?
14A03
14A03-01
Has a risk assessment method that fits to the requirements of the organization been selected?
14A03-02
Does the method permit to analyze the information security requirements for each asset in accordance to the business, laws and
regulations?
14A03-03
Does the method permit to classify the feared dysfunctions on a scale applicable to the entire organization?
14A03-04
Does the method provide precise metrics allowing a rational and reproducible risk assessment?
The seriousness of each risk being classified within a previously defined scale.
14A04
14A04-01
Does this risk analysis method used allow to identify the supporting assets attached to each operational process and to each
primary asset?
14A04-02
Does the method permit to identify the threats and their consequences relative to the security objectives ( e.g. Availability, integrity,
Confidentiality)?
14A04-03
Does the method permit to identify, in a precise way, the vulnerabilities according to the security measures in place?
14A04-04
Does the method permit to describe finely the scenarios that may exploit the threats and vulnerabilities?
14A04-05
Does the method permit to identify the impacts on the activity for each scenario (through a precise criteria and asset)?
14A04-06
Does the method permit to identify the links between each asset and the owners of data and processes?
14A05
341702815.xls ! 14 ISM
page 354
14A05-01
Does the risk analysis method permit to assess the levels of risk reduction resulting from the security measures in place or
planned?
14A05-02
Does the method provide the elements allowing to assess the likelihood of each risk scenario?
14A05-03
Does the method permit to reduce the likelihood of the scenarios resulting from the current (and planned) security measures (or
controls)?
14A05-04
Is it possible to adapt the likelihood levels resulting from changes in the organization?
14A05-05
Is the risk seriousness level clearly related to the impact and likelihood values for each scenario ?
14A05-06
Does the method provide the elements allowing to classify the seriousness level for each risk scenario?
His level should be used to determine whether each risk is acceptable or require further treatment
14A06
14A06-01
Does the method permit to figure out the risk treatment options appropriate for the organization ?
Based on the possible options (Accept, Avoid, Transfer or Reduce lye risk) and the criteria of acceptance already established.
14A06-02
Does the method permit to analyze the risk acceptance criteria for each scenario?
14A07
14A07-01
Does the organization have at its disposal the elements allowing to select the most efficient security measures required?
The method used must permit to propose improvement directions for each risk situation and to optimize the selection based on the
objectives and constraints of the organization.
14A07-02
Does the method permit to identify the residual risks after treatment of these risks?
14A07-03
14A08
Are the residual risks, either after treatment or acceptance, presented to the management for validation?
Selection of the security measures in accordance to the statement of applicability (SOA)
14A08-01
Is a list of decisions and security measures applicable to the organization formally established?
14A08-02
Does the statement of applicability describe the security measures already in place?
14A08-03
14B
14B01
14B01-01
14B01-02
Does this plan identify the actions to be taken including the appropriate resources, responsibilities, deadlines, and priorities?
14B01-03
2
1
14B02
14B02-01
14B02-02
14B02-03
Does the implementation effectively cover all the goals and security measures that were defined during the establishment phase
(risk assessment) of the Information Security Management System (ISMS)?
14B02-04
Does this plan define goals for achieving the measures decided (dates, level of risk reduction achieved)?
14B02-05
14B03
14B03-01
Have evaluation methods been defined for effectiveness of the selected measures (indicator, audit, etc)?
14B03-02
Has the manner in which the results of these evaluations will be interpreted been defined (scale, maximum or minimum
thresholds, quality of service objective, etc)?
14B03-03
341702815.xls ! 14 ISM
page 355
14B03-04
14B03-05
14B03-06
14B04
14B04-01
Has a program of training and awareness raising been implemented for the various security staff within the organization?
14B04-02
Is this program based on an analysis of the security skills and competences required by the various actors of the organization?
14B05-03
14B04-04
14B04-05
Is the documentation associated with this program stored and used?
For example, yearly programs, attendance records and participant evaluations, course content, skills acquired, etc.
14B05
14B05-01
14C
14C01
14C01-01
Has the organization put in place procedures for review and monitoring of the ISMS?
14C01-02
Are these procedures intended to rapidly detect anomalies in the output of data processing?
14C01-03
14C01-04
Do these procedures enable the responsible managers to determine whether the procedures or delegated security measures have
been carried out in conformance with the system?
14C01-05
Are there indicators in place that enable detection or prevention of security incidents?
14C01-06
Are reviews of the efficiency and application of the ISMS regularly planned and carried out?
14C01-07
Do the conclusions of these reviews take into account the experiences and suggestions of the parties concerned?
14C02
3
2
14C02-01
Do the implementation of the organization requirements of the ISMS, and the implementation of various action plans, fall within the
scope of the Audit program?
For example, concerning organization requirements: risk enumeration from a risk analysis, Information Security Policy or
documented ISMS plan, etc.
Concerning the various action plans: the actions agreed upon following a risk analysis, the implementation of an Information
Security Policy, or other audits.
14C02-02
14C02-03
Are all audit findings the subject of a proposal for risk reduction presented to management?
14C02-04
Is the audit program monitored by a set of indicators presented during management reviews?
14C03
14C03-01
14C03-02
Do these risk evaluation reviews enable validation of the effectiveness of the security measures put in place?
Such measures may be organizational or technical.
14C03-03
Do these reviews lead to revision of the security plans whenever this is necessary?
14C03-04
Are the boundaries and goals of the security management policy reviewed regularly?
14C03-05
Does the planning for these reviews take account of changes in the information security environment?
For example, changes in the organization, technology, threats, procedures, requirements of activities, and regulations.
14C03-06
341702815.xls ! 14 ISM
page 356
14C03-07
14D
At least once year, is there a management review of the ISMS, covering all aspects of ISMS steering (results of risk analysis,
dashboards, audit results, etc.), enabling management to make decisions about the ISMS implementation policy (evolution of the
Information Security Policy, ISMS scope, audit program, requirements to be taken into account, resources assigned, etc.)?
14D01
Continuous improvement
14D01-01
14D01-02
14D01-03
14D01-04
Has an analysis been carried out to confirm that the actions lead to an improvement in the effectiveness of the ISMS?
14D02
14D02-01
14D02-02
14D02-03
14D02-04
14D02-05
14D02-06
14D02-07
Have the results of the corrective actions been recorded for later review?
14D02-08
Has an analysis been made to confirm that the corrective actions effectively reduce the nonconformities?
14D03
14D03-01
14D03-02
14D03-03
14D03-04
14D03-05
Have the results of the implemented preventative actions been recorded in a log?
14D03-06
14D04
Has an analysis been carried out to confirm that the preventative actions avoided nonconformities?
Communication to stakeholders
14D04-01
Are the corrective actions and improvements communicated to all the parties concerned?
The communication must be sufficiently precise and detailed..
14D04-02
Is agreement obtained from all relevant parties concerning the improvement actions?
14E
Documentation
14E01
Documentation management
14E01-01
14E01-02
14E01-03
Does the procedure indicate that every document must have an owner?
14E01-04
14E02
Document approval
14E02-01
14E02-02
14E03
14E03-01
Updates
Are the people authorized to update the documents clearly identified?
341702815.xls ! 14 ISM
page 357
14E03-02
14E04
14E04-01
Is there a consistent numbering scheme for the documents that takes into account various versions?
14E04-02
14E05
Documentation disposal
14E05-01
Is there a document classification scheme that defines the level of access rights for different users?
14E05-02
Is there a mechanism in place for publishing information according to the users' access rights?
14E06
14E06-01
14E06-02
341702815.xls ! 14 ISM
page 358
341702815.xls ! 14 ISM
page 359
341702815.xls ! 14 ISM
page 360
341702815.xls ! 14 ISM
page 361
341702815.xls ! 14 ISM
page 362
341702815.xls ! 14 ISM
page 363
341702815.xls ! 14 ISM
page 364
341702815.xls ! 14 ISM
page 365
341702815.xls ! 14 ISM
page 366
341702815.xls ! 14 ISM
page 367
341702815.xls ! 14 ISM
page 368
SERVICES
SUB-SERVICES
Theme
01 Organization of security
01A
V1
A1
A1
A1
A1
A1
A2
A2
A2
A2
A2
V4
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
A2
A2
A2
A2
A2
A2
01D
V3
Fin
01C
V2
Obj
01B
Min
Insurance
A1
A1
A1
A1
A1
01E
1.0
1.0
1.0
1.0
1.0
1.0
Business continuity
F1
1.0
1.0
F1
1.0
1.0
F1
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
02 Sites security
02A
V1
B1
B1
B1
B1
02A05 Access to the loading and unloading areas (goods receipt and consignment) or to areas open to
public
B1
02B
V4
B2
B1
B1
B1
B1
B1
02C06 Control of movement of visitors and occasional service providers required to work in the offices
B1
02D
V3
V2
E3
E3
E3
E3
E3
02D06 Conservation and protection of important documents (to be preserved during a long period)
E3
E3
03 Security of Premises
03A
V1
V3
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
V4
General Maintenance
B2
B2
B2
B2
B2
B2
03B
V2
1.0
B1
1.0
1.0
B1
1.0
1.0
B1
1.0
1.0
B1
1.0
1.0
03B05 Perimeter monitoring (surveillance of entry points and surroundings of sensitive locations)
B1
1.0
1.0
B1
1.0
1.0
B1
1.0
1.0
B1
1.0
1.0
B2
1.0
1.0
B2
1.0
1.0
B2
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
03C
03D
Fire security
B2
B2
B2
V1
V2
V3
V4
C1
F3
04A03 Procedures and Business Contingency Planning following incidents on the extended network
E1
F2
F1
F3
04B
D1
04B02 Authentication of the entity for an incoming access from the extended network
D1
04B03 Authentication of the entity accessed for an outgoing access across the extended network
C2
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
H1
04D02 Offline analysis of traces, log files and event journals on the extended network
H1
H1
V1
V2
V3
V4
C1
C1
F3
05A04 Procedures and Recovery Plans following incidents on the local area network
E1
F2
F1
F3
05B
1.0
05A
1.0
D1
04D
1.0
04C
1.0
D1
D1
05B03 User or entity authentication for access requests to the local area network from an internal access
point
This mechanism corresponds, for example, to the authentication implemented in a Windows
domain controller.
D1
05B04 User or requestor authentication before access to the local area network from a remote site via
the extended network
D1
05B05 User or requestor authentication for outside access to the local area network
(e.g. from the switched telephone network (POTS), X25, ISDN, broadband, Internet, etc.)
D1
05B06 User or requestor authentication for access requests to the local area network from a WiFi subnetwork
D1
D1
D1
05B09 Authentication of the external entity accessed for outgoing access to sensitive sites
05C
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
C2
05C03 Encryption of exchanges in the case of remote access to the local area network
C2
05C04 Protection of the integrity of exchanges in the case of remote access to the local area network
C2
H1
05D02 Offline analysis of traces, log files and event journals on the local area network
H1
H1
06 Network operations
06A
1.0
D1
05D
1.0
V1
V2
V3
V4
06A01 Security in the relationship with operational personnel (employees, suppliers or service providers)
E1
E1
E1
E1
E1
E1
06A07 Taking into account the confidentiality during maintenance operations on network equipment.
E1
E1
06B
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
E1
E1
D1
D1
H1
1.0
06C
1.0
E1
V1
D1
D1
D1
D1
D1
V4
Containment of environments
V3
07A01 Management of access profiles (rights and privileges granted by functional profile)
07B
V2
D1
H1
C1
08 IT Production environment
1.0
1.0
1.0
V1
V2
V3
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
V4
08A01 Consideration of security in relation with operational personnel (permanent and temporary staff)
E1
E1
E1
E1
D2
E1
E3
E1
E1
E1
E1
08B03
E1
08C
1.0
Security of the architecture
C1
08B
1.0
H1
08A
1.0
E2
E2
E2
E2
E2
08C06 Security of storage networks (SAN : Storage Area Network and NAS)
08C07 Physical Security of Transiting Medias
08D
E2
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
E2
Service continuity
F3
F3
08D03 Application recovery procedures and plans following incidents during operation
E1
F2
F2
1.0
F1
D2
F3
F2
E1
3.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
08E
3.0
3.0
3.0
1.0
1.0
08E01 Online detection and treatment of IT related abnormal events and incidents
H1
1.0
1.0
H1
1.0
1.0
H1
1.0
1.0
D1
1.0
1.0
D1
1.0
1.0
H1
1.0
1.0
I1
1.0
1.0
I1
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
08F
08G
E2
E2
E2
09 Application security
V1
V2
V3
V4
09A
D1
1.0
1.0
D1
1.0
1.0
D1
1.0
1.0
D1
1.0
1.0
D1
1.0
1.0
D2
1.0
1.0
D2
1.0
1.0
D2
1.0
1.0
D2
1.0
1.0
D2
1.0
1.0
D2
1.0
1.0
D2
1.0
1.0
D2
1.0
1.0
D2
1.0
1.0
D2
1.0
C1
1.0
1.0
F1
1.0
1.0
F3
1.0
1.0
D2
1.0
1.0
D2
1.0
1.0
D2
1.0
1.0
H1
1.0
1.0
D2
1.0
1.0
09B
09C
09D
09E
09F
09G
Data availability
3.0
Service continuity
3.0
V1
V2
V3
V4
G1
1.0
1.0
G1
1.0
1.0
G1
1.0
1.0
G1
1.0
1.0
G1
1.0
1.0
G1
1.0
1.0
G1
1.0
1.0
G1
1.0
1.0
G1
1.0
1.0
G1
1.0
1.0
G1
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
10B
V1
E1
E1
E1
11A04 Conformity control of the reference programs (source and executable) for user software
E1
11A05 Management of service suppliers and providers relating to the operation and handling of the user
workstations base
E1
D2
D2
11B03 Use of personal equipment or external equipment (not owned by the organization)
D2
11C01 Protection of the confidentiality of data on the workstation or on a data server (logical disk for the
workstation)
D2
D2
D2
11C04 Protection of the integrity of files stored on workstations or on data servers (logical disk for
workstations)
D2
D2
D2
11D
V4
Protection of workstations
11C
V3
Security of the operational procedures for the whole set of users' equipment
11A01 Control of the installation of new software or system versions on the users' equipment
11B
V2
F3
F3
F2
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
F3
1.0
1.0
F3
1.0
1.0
F2
F2
11D06 Anti virus (malware, unauthorized executable code, etc.) protection for user workstations.
D2
F2
F2
11E
11E01 Management of privileged access rights granted on user workstations (administrative rights)
D1
11E02 Authentication and control of the access rights of administrators and operational personnel
D1
H1
12 Telecommunications operations
12A
V1
V4
E1
E1
E1
E1
E1
E1
E1
E1
12C
V3
12A01 Consideration of security in relation with operational personnel (permanent and temporary staff)
12B
V2
Service continuity
F2
1.0
1.0
F1
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
E1
A2
C2
12E01 Management of privileged access rights granted on equipments and systems (administrative
rights)
D1
12E02 Authentication and control of the access rights of administrators and operational personnel
D1
12E03 Surveillance of system administrators' actions over the equipments and systems
H1
13 Management processes
13A
V1
V2
V3
V4
A2
A2
A1
A1
13B
A2
A1
A1
13C
A2
A2
A2
A1
A1
1.0
13D
13D01 Policy and instructions relative to the Protection of intellectual property rights
1.0
A2
A2
A1
A1
13E
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
A2
1.0
1.0
A2
1.0
1.0
A1
1.0
1.0
A1
1.0
1.0
13F01 Policy and instructions relative to Human safety and protection of the environment
A2
1.0
1.0
13F02 Human safety and protection of the environment training and awareness program
A2
1.0
1.0
13F03 Applicability of the Human safety and protection of the environment policy
A1
1.0
1.0
13F04 Monitoring the implementation of the Human safety and protection of the environment policy
A1
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
13F
13G
A2
A2
A1
V1
V2
V3
V4
14A08 Selection of the security measures in accordance to the statement of applicability (SOA)
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
14E03 Updates
1.0
1.0
1.0
1.0
1.0
1.0
1.0
1.0
14B
Documentation
Referenced Services
01A, 01D
01B, 01C, 12D02
D2 Security of data
E1 Operational procedures
E2 Management of data containers
E3 Protection of documents and written
information
F1 Recovery Plans
F2 Backups
F3 Maintenance
04A02, 04A06, 05A03, 05A07, 08D01, 08D02, 08D08, 09E03, 11D01, 11D02,
12C01, 12C02, 12C05
G1
H1
I1
J1
K1
10A, 10B
04D, 05D, 06C03, 07C, 08E, 08F03, 09G, 11E03, 12E03
06D, 08G
341702815.xls ! Themes
13
14
383
Dcembre 2006
ISO 27002
Score
5 Security policy
5.1
01A02-01
01A02-02
0.0
0.0
Internal organization
6.1.1
Management committment to information security
01A02-09
6.1.2
6.1.3
01A02-03:05
01A02-06:07
0.0
0.0
6.1.4
06A02-13:14;08A03-14:15;11B03-04:05;12A02-14:15
6.1.5
6.1.6
6.1.7
Confidentiality agreements
Contact with authorities
Contact with special interest groups
01C01-01:05
01A02-10
01A02-11
6.1.8
01A02-13
6.2
0.0
0.0
0.0
0.0
0.0
0.0
External parties
6.2.1
Identification of risks related to external parties
01C05-01
6.2.2
6.2.3
01C05-02
01C05-04:05
0.0
0.0
0.0
01B04-01:02
01B04-03
01B04-04
0.0
0.0
0.0
01B03-03;01B03-10
01B02-04;01B03-02
0.0
0.0
01C03-01
01C03-02:04
01C01-01:02
0.0
0.0
0.0
7 Asset management
7.1
7.2
8.2
Prior to employement
8.1.1
Roles and responsibilities
8.1.2
Screening
8.1.3
Terms and conditions of employment
During employement
384
Dcembre 2006
ISO 27002
8.3
8.2.1
Management responsiblities
8.2.2
Information security awareness, education and training
8.2.3
Disciplinary process
Termination or change of employment
8.3.1
Termination responsibilities
8.3.2
Return of assets
8.3.3
Removal of access rights
01C01-06
01C04-01:05
01B01-07
0.0
0.0
0.0
01B01-09
01B04-05
01B01-10
0.0
0.0
0.0
02A03-01:02;02A03-06;02A04-01
02C06-01:04;03B01-01;03B01-07;03B03-01
0.0
0.0
0.0
9.2
Secure areas
9.1.1
Physical security perimeter
9.1.2
Physical entry controls
9.1.3
9.1.4
03B08-01:03
02B01-01:04;03C01-01;03C02-01:03;03D01-01;03D02-01;03D0306
9.1.5
03B02-08;03B03-01;03B06-01
9.1.6
Public access, delivery and loading areas
Equipment security
9.2.1
Equipment siting and protection
9.2.2
Supporting utilities
9.2.3
Cabling security
9.2.4
Equipment maintenance
9.2.5
9.2.6
9.2.7
02A05-01:03
06A02-03;08A01-01;08A03-03;12A01-01;12A02-03
03A01-01:03;03A02-01:02;03A03-01;03A03-03
03A04-01:04
04A02-01;05A03-01;06A03-01;06A07-01:02;08A04-01;08A0501:02;08D01-01;11D01-01;12A03-01;12C01-01
11B02-01;11B02-03
06A07-01;08A05-01:02;08C01-05;11C03-01
01B04-06
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
06A05-01:04;08A08-01:04;12A05-01:04
10.1.2
Change management
06A02-01;08A03-01;11A01-01;12A02-01
10.1.3
Segregation of duties
06C01-03:06;08F01-01:04;11E01-01:04;12E01-01:04
10.1.4
06B01-07:09
0.0
0.0
0.0
0.0
Service delivery
06A06-01:02;08A09-01:02;11A05-01:02;12A06-01:02
10.2.2
06A06-03:05;08A09-03:05;11A05-03:05;12A06-03:05
10.2.3
06A06-06;08A09-06;11A05-06;12A06-06
0.0
0.0
0.0
385
Dcembre 2006
ISO 27002
10.3.1
Capacity management
06A02-02;08A03-02;11A01-01;12A02-01:02
0.0
10.3.2
System acceptance
06A02-04:05;06A02-08:11;08A03-05:06;08A03-09:12;11A0104:06;12A02-05:06;12A02-09:12
0.0
08D07-01:02;11D06-01;11D06-05
10.4.2
11D06-07
0.0
0.0
Information back-up
04A04-01:07;05A05-01:07;08D04-01:07;08D05-01:13;11D0301:04;11D04-01:04;11D05-01:05;12C03-01:06
0.0
10.5 Back-up
10.5.1
Network controls
06C01-03:04;06C03-01:02
10.6.2
06A08-01:03
0.0
0.0
02D02-01;08C01-01:05;08C03-11
10.7.2
Disposal of media
07B01-08;08C01-04
10.7.3
01B02-03:07
10.7.4
08B01-03;08B01-05;08B02-04:05;12B01-04;12B01-06
0.0
0.0
0.0
0.0
01B02-03:05;01B02-07:08
10.8.2
Exchange agreements
01C05-03
10.8.3
08C04-03;08C07-01
10.8.4
Electronic messaging
11C05-01;11C05-05:06
10.8.5
11C05-04
0.0
0.0
0.0
0.0
0.0
09H01-01
09H01-02
09H01-03
0.0
0.0
0.0
04D02-01:02;05D02-01:02;07C01-05:07;07C02-05:07
0.0
04D01-01:03;04D01-08;05D01-01:03;05D01-08;07C0101:02;07C02-01:02
0.0
04D01-09;04D02-06;04D02-08:09;05D01-09;05D02-06;05D0208:09;07C01-07:08;07C02-07:08
06C03-01:07;08F03-01:07;11E03-01:09;12E03-01:09
04D03-01:05;05D03-01:05
386
0.0
0.0
0.0
Dcembre 2006
ISO 27002
10.10.6 CPrek synchronization
06B01-03;08B01-04;12B01-05
0.0
02C01-01;05B01-01;06C01-01;07A01-01;09A01-01
0.0
0.0
11 Access control
11.1 Business requirement for access control
11.1.1
User registration
Privilege management
01C06-01:06
05B01-02;05B02-03;06C01-03;06C01-07;07A01-02;07A0203;08F01-01;08F01-05;09A01-02;09A02-03;11E01-01;11E0105;12E01-01;12E01-05
11.2.3
05B03-02;07A03-02;09A03-02;11B01-02
0.0
0.0
11.2.4
05B01-08;05B02-04:05;05B02-07;06C01-08:09;06C02-07;07A0108;07A02-04:05;07A02-08;08F01-06:07;08F02-06;09A0108;09A02-04:05;09A02-08;11E01-06:07;12E01-06:08
0.0
01B01-02
01B01-03;11B01-08
01B02-07
0.0
0.0
0.0
01B02-05
01B02-01:02;05B05-01:03;05B08-01:03
0.0
0.0
0.0
05B07-08
06A02-09:10;06A04-01:03;06A04-05;08A06-01:03;08A0605;08B01-02;12A02-10:11;12A04-01:04;12B01-03
11.4.5
Segregation in networks
01B02-02;05A01-02:06
11.4.6
04B01-05:06;05A01-06;05A01-08
11.4.7
04B01-14;05A01-12
0.0
0.0
0.0
0.0
07A03-03:07
07A04-01:04;09A04-01:04
11.5.3
07A03-01:09;09A03-01:08
11.5.4
08A02-03:07
11.5.5
Session time-out
07A04-06;09A04-06
11.5.6
07A01-04:05;09A01-04;09A04-05
0.0
0.0
0.0
0.0
0.0
0.0
09A01-02;09A02-01:02;09A04-01:02;09A04-07
11.6.2
07D02-01:03
387
0.0
0.0
Dcembre 2006
ISO 27002
11.7 Mobile computing and teleworking
11.7.1
11.7.2
01B02-08;11C01-01;11B02-01;11B02-03;11D05-01
11B02-01:02;11B02-04;11B03-04
0.0
0.0
Key management
10A01-01:03
0.0
09B03-01:06;09B03-08;09B04-01;09B05-01
10B03-01:04
09B02-01:03
09B04-01;09B05-01
0.0
0.0
0.0
0.0
04C01-01;05C01-01;05C03-01;08C06-05;09C01-01;09C0201;09F01-01;11C01-01
0.0
04C01-03;05C01-03;05C03-03;08D03-10;09C01-03;09C0205;09F01-04
0.0
06A02-04:05;06A02-13:14;08A03-04:06;08A03-13:15;08B0301;10B01-03;11A04-01;12A02-14:15
12.4.2
12.4.3
10B04-01:05
10B02-04
0.0
0.0
0.0
08A03-03:04;10A02-01:03
12.5.2
10A02-05:07
12.5.3
12.5.4
Information leakage
10A01-04
12.5.5
10A03-01:05
0.0
0.0
0.0
0.0
0.0
08B01-03;08B02-04;12B01-04
0.0
10A05-01:04
01A02-12;01A03-01:04
13.1.2
01C04-06
0.0
0.0
01A02-12;01A03-04;04D03-08;05D03-08;08E03-08
01A03-05
0.0
0.0
388
Dcembre 2006
ISO 27002
13.2.3
Collection of evidences
01A03-06;02D06-01:02;08H01-04
0.0
01E01-03
14.1.2
14.1.3
01E01-01:02
01E02-01:05;04A05-01:03;05A06-01:03;08D06-01:06;09E0201:07;11D07-01:06;12C04-01:06
14.1.4
09E02-07
0.0
0.0
14.1.5
01E02-08:11;04A05-04:05;05A06-04:05;08D04-05;08D0509;08D06-07:08;09E02-09;10A02-07;11D03-03;11D0707:08;12C03-04;12C04-07:08
0.0
0.0
0.0
15 Compliance
15.1 Compliance with legal requirements
15.1.1
01B02-10
15.1.2
11A03-01:03;13D01-01:10;13D02-01:04;13D04-01
15.1.3
01B02-09;08H01-04:06
15.1.4
13A01-01:06;13A02-01:04;13A04-01
15.1.5
01B01-05;01C05-05;13E01-01:06;13E02-01:03;13E04-01
15.1.6
13G01-01:06;13G02-01:02;13G03-01
0.0
0.0
0.0
0.0
0.0
0.0
15.2 Compliance with security policies and standards and technical compliance
15.2.1
01B01-12
15.2.2
05B07-10;06B01-06:08;08B01-06:08;08B02-06:08;11A0205:06;12B01-07:09
06D01-01:04;08G01-01:04
15.3.2
06D01-05;06D02-01:03;08G02-01:03
389
0.0
0.0
0.0
0.0
Dcembre 2006
Code
type
AB.P
AB.S
AC.E
Event description
Code
AB.P.Pep
AB.P.Per
AB.S.Cli
AB.S.Ene
AB.S.Loc
AB.S.Maa
AB.S.Mas
Lightning
AC.E.Fou
Fire
AC.E.Inc
Flooding
AC.E.Ino
Equipment breakdown
AC.M.Equ
AC.M.Ser
AV.P.Gre
Hardware accident
AC.M
AV.P
Conceptual error
ER.L
ER.P
IC.E
IF.L
MA.L
MA.P
PR.N
ER.P.Peo
ER.P.Pro
ER.P.Prs
IC.E.Age
Water damage
IC.E.De
Pollution damage
IC.E.Pol
IC.E.Se
Production incident
IF.L.Exp
IF.L.Lsp
IF.L.Ver
Virus
IF.L.Vir
MA.L.Blo
MA.L.Cfg
MA.L.Del
Electromagnetic pick up
MA.L.Ele
MA.L.Fal
MA.L.Fau
MA.L.Rej
MA.L.Sam
MA.L.Tot
MA.L.Vol
MA.P.Fal
Terrorism
MA.P.Ter
Vandalism or hooliganism
MA.P.Van
MA.P.Vol
Inadequate procedures
PR.N.Api
PR.N.Naa
PR.N.Nam
PR.N.Nav
Natural
exposure
(standard
CLUSIF)
Natural
exposure
(decided)
Natural
exposure
(resulting)
Selection
2
2
3
2
2
3
1
1
1
Comments
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
THREAT
Type of
damage
Circumstances
Event
Code
Actor
Type
Sub
Type
Place Time
IF.L
Exp
Exp
ER.P
Pro
Exp
Ain
Ual
Access Process
D01-A
File
erasure
File
erasure
File
erasure
Fic.eff
ER.P
Pro
Exp
Ain
Uai
D01
File
erasure
Fic.eff
ER.P
Pro
Exp
Ain
Una
F01-ER1
D01
File
erasure
Fic.eff
ER.P
Pro
Exp
Ain
F01-ER1
D01
File
erasure
Fic.eff
ER.P
Pro
Exp
Ain
F01-EM1
D01
File
erasure
Fic.eff
MA.L
Del
Exp
Ain
Ual
F01-EM1
D01
File
erasure
MA.L
Del
Exp
Ain
Uai
F01-EM1
D01
File
erasure
MA.L
Del
Exp
Ain
Una
F01-EM1
D01
File
erasure
Fic.eff
MA.L
Del
Exp
Ain
F01-EM1
D01
File
erasure
Fic.eff
MA.L
Del
Exp
Ain
F01-EM1
D01
File
erasure
MA.L
Del
Exp
Atm
Tie
F01-EM3
D01
File
erasure
MA.L
Tot
Atm
F01-PA1
D01
File
Pollution
Fic.pol
ER.P
Pro
Mal
F01-PA1
D01
File
Pollution
Fic.pol
ER.P
Pro
Mac
F01-PA1
D01
File
Pollution
IF.L
Exp
File
Pollution
MA.L
Fal
Exp
Uai
F01-PM1
D01
F01-EA1
D01
F01-ER1
D01
F01-ER1
D01
F01-ER1
Fic.eff
Fic.eff
Fic.eff
Fic.eff
Fic.eff
Fic.eff
Fic.pol
Fic.pol
Ain
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
File
THREAT
Type of
damage
Circumstances
Event
Code
Pollution
Actor
Type
Sub
Type
MA.L
Fal
Ain
Exp
Una
Place Time
Access Process
F01-PM1
D01
F01-PM1
D01
File
Pollution
Fic.pol
MA.L
Fal
Ain
Exp
F01-PM1
D01
File
Pollution
Fic.pol
MA.L
Fal
Ain
Exp
F02-AC1
D01
Media
Destruction
AC.E
Inc
Exp
F02-AC1
D01
Media
Destruction
AC.E
Ino
Exp
F02-AC1
D01
Media
Destruction
Med.des AC.E
Inc
Md.
F02-AC1
D01
Media
Destruction
Med.des AC.E
Ino
Md.
F03-AC1
D01
Media
disappearance
ER.P
Peo
Md.
F03-AC1
D01
Media
disappearance
Med.dis ER.P
Peo
Exp
F03-MA1
D01
Media
disappearance
MA.P
Vol
Exp
Pna
F03-MA1
D01
Media
disappearance
Med.dis MA.P
Vol
Exp
F03-MA1
D01
Media
disappearance
Med.dis MA.P
Vol
Exp
Pse
F03-MA1
D01
Media
disappearance
Med.dis MA.P
Vol
Md.
Pna
F03-MA1
D01
Media
disappearance
Med.dis MA.P
Vol
Md.
F03-MA1
D01
Media
disappearance
Med.dis MA.P
Vol
Md.
Pse
Media
inoperability
AC.M
Equ
Exp
F04-AC1
D01
F04-AC1
D01
IC.E
De
Exp
Fic.pol
Med.des
Med.des
Med.dis
Med.dis
Med.ine
Media
inoperability
Med.ine
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
F04-AC1
D01
F04-AC1
D01
F04-AC1
D01
F04-AC1
D01
F05-ER
D01
F05-MA
D01
THREAT
Type of
damage
Media
inoperability
Media
inoperability
Circumstances
Event
Code
Med.ine
Actor
Type
Sub
Type
Place Time
IC.E
Se
Exp
IF.L
Exp
Exp
IC.E
Pol
Md.
IC.E
De
Md.
ER.P
Pro
MA.P
Vol
IF.L
Vir
Exp
ER.P
Pro
Exp
Ain
Ual
ER.P
Pro
Exp
Ain
Uai
Access Process
Med.ine
Media
inoperability
Media
inoperability
Access
means
Access
means
disappearance
Med.ine
Med.ine
Cle.dis
disappearance
Cle.dis
D02-A
F01-EA1
D02
File
erasure
File
erasure
File
erasure
Fic.eff
F01-ER1
D02
F01-ER1
D02
F01-ER1
D02
File
erasure
Fic.eff
ER.P
Pro
Exp
Ain
Una
F01-ER1
D02
File
erasure
Fic.eff
ER.P
Pro
Exp
Ain
F01-ER1
D02
File
erasure
ER.P
Pro
Exp
Ain
F01-EM1
D02
File
erasure
MA.L
Del
Exp
Ain
Ual
F01-EM1
D02
File
erasure
MA.L
Del
Exp
Ain
Uai
F01-EM1
D02
File
erasure
MA.L
Del
Exp
Ain
Una
F01-EM1
D02
File
erasure
MA.L
Del
Exp
Ain
F01-EM1
D02
File
erasure
MA.L
Del
Exp
Ain
Fic.eff
Fic.eff
Fic.eff
Fic.eff
Fic.eff
Fic.eff
Fic.eff
Fic.eff
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
F01-EM3
D02
F02-AC1
D02
F02-AC1
D02
F03-MA1
D02
F03-MA1
D02
F03-MA1
D02
F04-AC1
D02
F04-AC1
D02
F04-AC1
D02
F04-AC1
D02
F05-ER
D02
F05-MA
D02
THREAT
Type of
damage
File
erasure
Media
Destruction
Circumstances
Event
Code
Fic.eff
Actor
Type
Sub
Type
MA.L
Tot
AC.E
Inc
Exp
AC.E
Ino
Exp
MA.P
Vol
Exp
Pna
MA.P
Vol
Exp
MA.P
Vol
Exp
Pse
AC.M
Equ
Exp
IC.E
De
Exp
IC.E
Se
Exp
IF.L
Exp
Exp
ER.P
Pro
MA.P
Vol
IF.L
Vir
Bur
ER.P
Pro
Bur
Apc
Ua
ER.P
Pro
Bur
Ain
Place Time
Access Process
Ain
Med.des
Media
Destruction
Media
disappearance
Media
disappearance
Media
disappearance
Media
inoperability
Media
inoperability
Media
inoperability
Media
inoperability
Access
means
disappearance
Access
means
disappearance
Med.des
Med.dis
Med.dis
Med.dis
Med.ine
Med.ine
Med.ine
Med.ine
Cle.dis
Cle.dis
D03-A
F01-EA1
D03
F01-ER1
D03
F01-ER1
D03
File
erasure
File
erasure
File
erasure
Fic.eff
Fic.eff
Fic.eff
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
THREAT
Type of
damage
Circumstances
Event
Code
Type
Sub
Type
Place Time
Actor
Access Process
F01-ER1
D03
File
erasure
Fic.eff
ER.P
Pro
Bur
F01-ER1
D03
File
erasure
Fic.eff
ER.P
Pro
Exp
Abs
Apc
Una
F01-EM1
D03
Files
erasure
Fic.eff
MA.L
Del
Bur
Abs
Apc
Una
F01-EM1
D03
Files
erasure
Fic.eff
MA.L
Del
Bur
Hho
Apc
Una
F01-EM1
D03
Files
erasure
Fic.eff
MA.L
Del
Bur
Ain
F01-EM1
D03
Files
erasure
Fic.eff
MA.L
Del
Bur
F02-AC1
D03
Media
Destruction
Med.des AC.E
Inc
Bur
F02-AC1
D03
Media
Destruction
Med.des AC.E
Ino
Bur
F03-AC1
D03
Media
disappearance
ER.P
Peo
Bur
F03-AC1
D03
Media
disappearance
Med.dis ER.P
Peo
Ext
F03-MA1
D03
PC
disappearance
MA.P
Vol
Bur
Per
F03-MA1
D03
PC
disappearance
MA.P
Vol
Bur
Pse
F03-MA1
D03
PC
disappearance
Med.dis MA.P
Vol
Bur
Vis
F03-MA1
D03
PC
disappearance
Med.dis MA.P
Vol
Ext
F03-MA1
D03
Media
disappearance
MA.P
Vol
Bur
Per
F03-MA1
D03
Media
disappearance
MA.P
Vol
Bur
Pse
F03-MA1
D03
Media
disappearance
Med.dis MA.P
Vol
Bur
Vis
F04-AC1
D03
Media
inoperability
Equ
Bur
F04-AC1
D03
Media
inoperability
De
Bur
Med.dis
Med.dis
Med.dis
Med.dis
Med.dis
Med.ine
AC.M
Med.ine IC.E
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
Media
inoperability
Access
means
disappearance
Access
means
disappearance
F04-AC1
D03
F05-ER
D03
F05-MA
D03
Circumstances
Event
Code
Actor
Type
Sub
Type
Place Time
IC.E
Se
Bur
IC.E
Age
Bur
ER.P
Pro
MA.P
Vol
IC.E
De
AC.E
Inc
AC.E
Ino
ER.P
Peo
ER.P
Peo
MA.P
Vol
Abs
Per
Med.dis MA.P
Vol
Abs
Vis
MA.P
Vol
Hho
Per
MA.P
Vol
Hho
Pse
Med.dis MA.P
Vol
Med.ine
Med.ine
Cle.dis
Access Process
Cle.dis
Loss of documents
F08-AC
D04
F08-AC
D04
F08-AC
D04
F08-ER
D04
F08-ER
D04
F08-MA
D04
F08-MA
D04
F08-MA
D04
F08-MA
D04
F08-MA
D04
Document
inoperability
Document
Destruction
Document
Destruction
Document
disappearance
Document
disappearance
Document
disappearance
Document
disappearance
Document
disappearance
Med.ine
Med.des
Med.des
Med.dis
Med.dis
Med.dis
disappearance
Med.dis
Document
disappearance
Ext
Med.dis
Document
D06-A
damage
inoperability
D03
D04-A
Type of
Media
F04-AC1
THREAT
Ext
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
F07-AC1
D06a
F07-AC1
D06a
F07-AC1
D06a
F07-AC1
D06a
F07-MA1
D06a
F07-MA1
D06a
D07-A
THREAT
Type of
damage
Messages
loss
Messages
loss
Event
Code
Dtr.per
Circumstances
Actor
Type
Sub
Type
IF.L
Exp
AC.M
Equ
AC.E
Inc
AC.E
Ino
MA.L
Del
MA.L
Del
Pna
IF.L
Exp
AC.M
Equ
AC.E
Inc
AC.E
Ino
ER.P
Pro
Tru
Ua
ER.P
Pro
Exp
ER.P
Pro
Mai
MA.L
Del
MA.L
Del
Pna
Place Time
Access Process
Dtr.per
Messages
loss
Messages
loss
data
erasure
data
erasure
Dtr.per
Dtr.per
Dtr.des
Dtr.des
D07
F07-AC1
D07
F07-AC1
D07
F07-AC1
D07
F07-ER1
D07
F07-ER1
D07
F07-ER1
D07
F07-MA1
D07
F07-MA1
D07
e-mails
loss
e-mails
loss
e-mails
loss
e-mails
loss
e-mails
erasure
e-mails
erasure
e-mails
erasure
Dtr.per
Dtr.per
Dtr.per
Dtr.per
Dtr.per
Dtr.per
Dtr.per
e-mails
erasure
e-mails
erasure
Dtr.per
Dtr.per
VULNERABILITY
Supporting
Scenario
Family
Family
Code
D08-A
ASSET
type
AICE Asset
THREAT
Type of
damage
Circumstances
Event
Code
Type
Sub
Type
Place Time
Actor
Access Process
Destruction
fax
Destruction
fax
Destruction
fax
loss
post mail
Destruction
D08
post mail
Destruction
F07-AC2
D08
post mail
Destruction
fax
loss
F07-ER2
D08
F07-ER2
D08
F07-MA2
D08
F07-MA2
D08
F07-MA2
D08
F07-MA2
D08
F07-MA2
D08
F07-AC2
D08
F07-AC2
D08
F07-AC2
D08
F07-AC2
D08
F07-AC2
D08
F07-AC2
D09-A
IC.E
De
Emi
AC.E
Inc
Emi
AC.E
Ino
Emi
AC.M
Equ
Emi
Dtr.per
IC.E
De
Emi
Dtr.per
AC.E
Inc
Emi
AC.E
Ino
Emi
ER.P
Pro
Bur
Tru
ER.P
Pro
Bur
Tru
MA.P
Vol
Lof
Pna
MA.P
Vol
Dis
Per
MA.L
MA.P
Fal
Vol
Loc
Pna
MA.P
Vol
Dis
Per
IC.E
De
Arc
Dtr.per
Dtr.per
Dtr.per
Dtr.per
Dtr.per
Dtr.per
post mail
loss
fax
disappearance
fax
disappearance
fax
post mail
Transfer
disappearance
post mail
disappearance
Dtr.per
Dtr.per
Dtr.per
Dtr.per
Dtr.per
Dtr.per
D09
inoperability
Med.ine
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
Document
F08-AC
D09
F08-AC
D09
F08-MA
D09
F08-MA
D09
F08-MA
D09
F08-MA
D09
Place Time
AC.E
Inc
Arc
AC.E
Ino
Arc
ER.P
Pro
Arc
MA.P
Vol
Arc
Hou
Pa
MA.P
Vol
Arc
Hho
Pse
MA.P
Vol
Arc
Hou
Pna
MA.P
Vol
Arc
Hho
Pna
MA.P
Vol
Dis
MA.P
Ter
Arc
ER.P
Pro
Exp
Access Process
loss of reference
disappearance
disappearance
disappearance
Med.dIs
disappearance
Med.dIs
Document
disappearance
Tran
Pna
Med.dIs
Document
D10-A
Sub
Type
Med.dIs
Document
D09
Destruction
A
Document
F08-MA
Destruction
Type
Med.dIs
Document
D09
Code
Actor
Med.dIs
Document
F08-MA
damage
Circumstances
Event
Med.des
Document
D09
Type of
Med.des
Document
F08-ER
THREAT
Destruction
Tve
Med.dIs
D10
File
erasure
Fic.eff
Ain
Ua
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
THREAT
Type of
damage
Circumstances
Event
Code
Type
Sub
Type
Place Time
Access Process
Actor
F01-ER1
D10
File
erasure
Fic.eff
ER.P
Pro
Exp
Ain
F01-EM1
D10
File
erasure
Fic.eff
MA.L
Del
Exp
Ain
F01-EM1
D10
File
erasure
Fic.eff
MA.L
Del
Exp
Ain
Ual
F01-EM1
D10
File
erasure
Fic.eff
MA.L
Del
Exp
Ain
Uai
F01-EM1
D10
File
erasure
Fic.eff
MA.L
Del
Exp
Ain
Pna
F02-AC1
D10
Media
Destruction
Med.des AC.E
Inc
Md.
F02-AC1
D10
Media
Destruction
Med.des AC.E
Ino
Md.
F03-AC1
D10
Media
disappearance
Med.dis ER.P
Peo
Arc
F03-AC1
D10
Media
disappearance
Med.dis ER.P
Peo
Exp
F03-MA1
D10
Media
disappearance
Med.dis MA.P
Vol
Arc
Pa
F03-MA1
D10
Media
disappearance
Med.dis MA.P
Vol
Arc
Pna
F03-MA1
D10
Media
disappearance
Med.dis MA.P
Vol
Arc
Pse
F03-MA1
D10
Media
disappearance
Med.dis MA.P
Vol
Dis
Pna
F04-AC1
D10
Media
inoperability
Age
Arc
F04-AC1
D10
Media
inoperability
Med.ine IC.E
De
Arc
F05-ER
D10
Media
loss of reference
Cle.dis
ER.P
Pro
Dis
MA.P
Vol
D10
Access
means
disappearance
F05-MA
D11-A
Med.ine
IC.E
Cle.dis
D11
File
erasure
Fic.eff
ER.P
Pro
Exp
Ain
Ual
F01-ER1
D11
File
erasure
Fic.eff
ER.P
Pro
Exp
Ain
Uai
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
THREAT
Type of
damage
Circumstances
Event
Code
Actor
Type
Sub
Type
Place Time
Access Process
F01-ER1
D11
File
erasure
Fic.eff
ER.P
Pro
Exp
Ain
Una
F01-ER1
D11
File
erasure
Fic.eff
ER.P
Pro
Exp
Ain
F01-ER1
D11
File
erasure
Fic.eff
ER.P
Pro
Exp
F01-EM1
D11
File
erasure
Fic.eff
MA.L
Del
Exp
Ain
Una
F01-EM1
D11
File
erasure
Fic.eff
MA.L
Del
Exp
Ain
F01-EM1
D11
File
erasure
Fic.eff
MA.L
Del
Exp
File
Pollution
ER.P
Pro
Mal
F01-PA1
D11
ER.P
Pro
Mac
F01-PA1
D11
F01-PA1
D11
IF.L
Exp
F02-AC1
D11
AC.E
Inc
Exp
AC.E
Ino
Exp
F02-AC1
D11
F02-AC1
D11
AC.E
Inc
Md.
AC.E
Ino
Md.
F02-AC1
D11
F03-AC1
D11
ER.P
Peo
Exp
MA.P
Vol
Exp
F03-MA1
D11
Fic.pol
File
Pollution
Fic.pol
File
Pollution
Media
Destruction
Media
Destruction
Fic.pol
Med.des
Med.des
Media
Destruction
Media
Destruction
Med.des
Med.des
Media
disappearance
Media
disappearance
Med.dis
Med.dis
Pna
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
Media
F03-MA1
D11
F03-MA1
D11
F04-AC1
D11
F04-AC1
D11
F04-AC1
D11
F04-AC1
D11
Type of
damage
Circumstances
Event
Code
disappearance
Actor
Type
Sub
Type
Place Time
MA.P
Vol
Exp
MA.P
Vol
Exp
Pse
AC.M
Equ
Exp
IC.E
De
Exp
IC.E
Se
Exp
IF.L
Exp
Exp
ER.P
Pro
Mal
ER.P
Pro
Mac
IF.L
Exp
ER.P
Pro
Ain
Tru
Ual
ER.P
Pro
Ain
Tru
Uai
ER.P
Pro
Ain
Tru
Una
ER.P
Pro
Mal
Access Process
Med.dis
Media
disappearance
Media
inoperability
Med.dis
Med.ine
Media
inoperability
Med.ine
Media
inoperability
Med.ine
Media
D01-I
THREAT
inoperability
Med.ine
D01
F09-AC1
D01
F09-AC1
D01
F09-ER
D01
F09-ER
D01
F09-ER
D01
F09-AC1
D11
File
tampering
File
tampering
File
tampering
File
tampering
File
tampering
Fic.alt
Fic.alt
Fic.alt
Fic.alt
Fic.alt
File
tampering
File
tampering
Fic.alt
Fic.alt
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
THREAT
Type of
damage
Event
Code
Circumstances
Actor
Type
Sub
Type
MA.L
Fal
Ain
Exp
Uai
MA.L
Fal
Ain
Exp
Una
Ain
Exp
Exp
Exp
Tie
Place Time
Access Process
File
tampering
File
tampering
File
tampering
Fic.alt
MA.L
Fal
D01
File
tampering
Fic.alt
MA.L
Fal
F09-MA1
D01
File
tampering
MA.L
Fal
F09-MA1
D01
Media
tampering
MA.L
Fal
Tran
Pa
Media
swap
MA.P
Fal
Exp
Pa
F09-ME1
D01
MA.P
Fal
Exp
Pna
F09-ME1
D01
MA.P
Fal
Tran
Pa
F09-ME1
D01
ER.P
Pro
Ain
Tru
Ual
ER.P
Pro
Ain
Tru
Uai
ER.P
Pro
Ain
Tru
Una
MA.L
Fal
Ain
Exp
Uai
F09-MA1
D01
F09-MA1
D01
F09-MA1
D01
F09-MA1
Fic.alt
Fic.alt
Fic.alt
Atm
Med.ech
Media
swap
Med.ech
Media
D02-I
Fic.alt
swap
Med.ech
D02
F09-ER
D02
F09-ER
D02
F09-MA1
D02
Fic.alt
File
tampering
Fic.alt
File
tampering
Fic.alt
File
tampering
tampering
Fic.alt
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
File
F09-MA1
D02
F09-MA1
D02
F09-MA1
D02
F09-ME1
D02
F09-ME1
D02
Type of
damage
Event
Code
tampering
Circumstances
Actor
Type
Sub
Type
MA.L
Fal
Ain
Exp
Una
MA.L
Fal
Ain
Exp
MA.L
Fal
Ain
Exp
MA.P
Fal
Ain
Exp
Pa
MA.P
Fal
Ain
Exp
Pna
ER.P
Pro
Apc
Tru
Ual
ER.P
Pro
Apc
Tru
Una
MA.L
Fal
Ain
Stp
MA.L
Fal
Stp
MA.L
Fal
Stm
Pa
MA.L
Fal
Act
Una
MA.P
Fal
Stm
Pa
Place Time
Access Process
Fic.alt
File
tampering
Fic.alt
File
tampering
Fic.alt
Media
swap
Med.ech
Media
D03-I
THREAT
swap
Med.ech
D03
F09-ER
D03
F09-MA1
D03
F09-MA1
D03
F09-MA1
D03
F09-MA1
D03
F09-ME1
D03
Fic.alt
File
tampering
Fic.alt
File
tampering
Fic.alt
File
tampering
Media
tampering
File
tampering
Fic.alt
Fic.alt
Abs
Apc
Fic.alt
Media
tampering
swap
Med.ech
VULNERABILITY
Supporting
Scenario
Family
Family
Code
D06-I
ASSET
type
AICE Asset
THREAT
Type of
damage
Circumstances
Event
Code
Type
Sub
Type
Place Time
Actor
Access Process
D06b
F10-MA
D06b
F10-MA
D06b
F10-MA
D06b
F10-MA
D06b
F10-MA
data
tampering
data
tampering
data
tampering
Fic.alt
Fic.alt
ER.P
Prs
MA.L
Fal
Ain
Exp
Ual
MA.L
Fal
Ain
Exp
Pna
MA.L
Fal
Ain
Exp
Uai
Fic.alt
data
tampering
data
tampering
Fic.alt
MA.L
Fal
Exp
D06b
data
tampering
Fic.alt
MA.L
Fal
Exp
data
tampering
MA.L
Fal
Ere
Tie
F10-MA
D06c
F10-MA
D06c
MA.L
Fal
Ere
F10-MA
D06c
MA.L
Fal
Aerl
Are
Pna
F10-MA
D06c
MA.L
Fal
Aerl
Are
MA.L
Fal
Erl
Pna
F10-MA
D06c
MA.L
Fal
Erl
F10-MA
D06c
F10-MA
D06c
MA.L
Rej
Una
F10-MA
D06c
MA.L
Fal
Una
Ext
Are
Dtr.alt
data
tampering
data
tampering
data
tampering
data
tampering
Dtr.alt
Dtr.alt
Dtr.alt
Dtr.alt
data
Fic.alt
tampering
Dtr.alt
Transaction
replay
Message
Usurpation
Dtr.alt
Dtr.alt
VULNERABILITY
Supporting
Scenario
Family
Family
Code
D07-I
ASSET
type
AICE Asset
THREAT
Type of
damage
Event
Code
Type
Sub
Type
Circumstances
Place Time
Actor
Access Process
D07
F10-MA
D07
F10-FA1
D07
D08-I
tampering
tampering
tampering
Fic.alt
Fic.alt
Fic.alt
MA.L
Fal
Tie
MA.L
Fal
MA.L
Fau
Exp
Tie
D10-I
D08
fax
tampering
Fic.alt
MA.L
Fal
Tie
MA.L
Fal
MA.L
Fal
Ain
Pna
MA.P
Fal
Ain
Pa
MA.P
Fal
Ain
Pna
MA.P
Fal
Ain
D10
F09-MA1
D10
F09-ME1
D10
F09-ME1
D10
F09-ME1
D10
D11-I
File
tampering
File
tampering
Media
swap
Media
swap
Media
swap
Fic.alt
Fic.alt
Med.ech
Med.ech
Med.ech
Tran
Tie
Mac
D11
F09-AC1
D11
F09-ER
D11
F09-ER
D11
F09-ER
D11
ER.P
Pro
IF.L
Exp
ER.P
Pro
Ain
Tru
Ual
ER.P
Pro
Ain
Tru
Uai
ER.P
Pro
Ain
Tru
Una
Fic.alt
File
tampering
File
tampering
File
tampering
Fic.alt
Fic.alt
Fic.alt
File
tampering
tampering
Fic.alt
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
File
F09-MA1
D11
F09-MA1
D11
F09-MA1
D11
F09-MA1
D11
THREAT
Type of
damage
Event
Code
tampering
Circumstances
Actor
Type
Sub
Type
MA.L
Fal
Ain
Exp
Uai
MA.L
Fal
Ain
Exp
Una
MA.L
Fal
Exp
MA.L
Fal
Exp
Place Time
Access Process
Fic.alt
File
tampering
File
tampering
File
tampering
Fic.alt
Fic.alt
Fic.alt
D01-C
F11-ER1
D01
data
disclosure
Fic.dif
ER.P
Pro
Exp
F11-ER1
D01
data
disclosure
Fic.dif
ER.P
Pro
Mam
F11-ER1
D01
data
disclosure
Fic.dif
ER.P
Pro
Tde
F11-ER1
D01
data
disclosure
ER.P
Pro
Mal
F11-MA1
D01
File
disclosure
MA.L
Vol
Ain
Tru
Ual
F11-MA1
D01
data file
disclosure
MA.L
Vol
Ain
Tru
Uai
F11-MA1
D01
data file
disclosure
MA.L
Vol
Ain
Tru
Una
F11-MA1
D01
data file
disclosure
MA.L
Vol
Exp
data file
disclosure
MA.L
Vol
Ain
Exp
Tie
F11-MA1
D01
F11-MA1
D01
MA.L
Vol
Aerl
Exp
Tie
F11-MA1
D01
MA.L
Vol
Atm
Exp
Tie
Fic.dif
Fic.dif
Fic.dif
Fic.dif
Fic.dif
Fic.dif
data file
disclosure
data file
disclosure
Fic.dif
Fic.dif
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
data file
F11-MA1
D01
F11-MA1
D01
F12-MA1
D01
F12-MA1
D01
F12-MA1
D01
F12-MA1
D01
F12-MA1
D01
F12-MA1
D01
F12-MA1
D01
THREAT
Type of
damage
Event
Code
disclosure
Type
Sub
Type
MA.L
Vol
MA.L
Circumstances
Place Time
Actor
Access Process
Asan
Exp
Tie
Vol
Mai
MA.P
Vol
Tran
Pa
MA.P
Vol
Sti
Pa
MA.P
Vol
Ste
Pa
MA.P
Vol
Exp
Pna
MA.P
Vol
Tran
Pna
MA.P
Vol
Sti
Pna
MA.P
Vol
Ste
Pna
ER.P
Pro
Exp
ER.P
Pro
Mam
MA.L
Vol
Ain
Tru
Ual
MA.L
Vol
Ain
Tru
Uai
MA.L
Vol
Ain
Tru
Una
Fic.dif
data file
disclosure
Media
disappearance
Fic.dif
Med.dis
Media
disappearance
Media
disappearance
Med.dis
Med.dis
Media
disappearance
Med.dis
Media
disappearance
Med.dis
Media
disappearance
Med.dis
Media
disappearance
Med.dis
D02-C
F11-ER1
D02
F11-ER1
D02
F11-MA1
D02
F11-MA1
D02
F11-MA1
D02
File
disclosure
File
disclosure
data file
disclosure
data file
disclosure
data file
disclosure
Fic.dif
Fic.dif
Fic.dif
Fic.dif
Fic.dif
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
F11-MA1
D02
F11-MA1
D02
F11-MA1
D02
D02
F11-MA1
D02
F12-MA1
D02
F12-MA1
D02
F12-MA1
D02
F12-MA1
D02
F12-MA1
D02
F12-MA1
D02
F12-MA1
D02
F12-MA1
D02
damage
disclosure
data file
disclosure
data file
disclosure
Event
Code
Fic.dif
Fic.dif
Circumstances
Actor
Type
Sub
Type
MA.L
Vol
Exp
MA.L
Vol
Mai
MA.L
Vol
Ain
Exp
Tie
MA.L
Vol
Aerl
Exp
Tie
MA.L
Vol
Asan
Exp
Tie
MA.P
Vol
Exp
Pa
MA.P
Vol
Tran
Pa
MA.P
Vol
Sti
Pa
MA.P
Vol
Ste
Pa
MA.P
Vol
Exp
Pna
MA.P
Vol
Tran
Pna
MA.P
Vol
Sti
Pna
MA.P
Vol
Ste
Pna
Place Time
Access Process
Fic.dif
disclosure
Fic.dif
data file
Type of
data file
data file
F11-MA1
THREAT
disclosure
Fic.dif
Media
disappearance
Media
disappearance
Media
disappearance
Media
disappearance
Media
disappearance
Media
disappearance
Media
disappearance
Media
disappearance
Med.dis
Med.dis
Med.dis
Med.dis
Med.dis
Med.dis
Med.dis
Med.dis
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
THREAT
Type of
damage
Circumstances
Event
Code
Actor
Type
Sub
Type
ER.P
Pro
Tru
ER.P
Pro
Mam
MA.L
Vol
Abs
Apc
Pna
MA.L
Vol
Hho
Apc
Pna
MA.L
Vol
Exp
MA.L
Vol
Mai
ER.P
Peo
Ext
MA.P
Vol
Bur
Abs
Per
MA.P
Vol
Bur
Abs
Vis
MA.P
Vol
Bur
Hho
Per
MA.P
Vol
Bur
Hho
Ser
MA.P
Vol
Ext
MA.P
Vol
Bur
Abs
Per
Place Time
Access Process
D03-C
F11-ER1
D03
F11-ER1
D03
F11-MA1
D03
F11-MA1
D03
F11-MA1
D03
F11-MA1
D03
F12-ER
D03
F12-MA1
D03
F12-MA1
D03
F12-MA1
D03
F12-MA1
D03
F12-MA1
D03
F12-MA2
D03
File
disclosure
File
disclosure
data file
disclosure
data file
disclosure
data file
disclosure
data file
disclosure
Media
disappearance
Media
disappearance
Fic.dif
Fic.dif
Fic.dif
Fic.dif
Fic.dif
Med-dis
Med.dis
Media
disappearance
Med.dis
Media
disappearance
Med.dis
Media
Fic.dif
disappearance
Med.dis
Media
disappearance
PC
disappearance
Med.dis
Med.dis
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
PC
F12-MA2
D03
F12-MA2
D03
F12-MA2
D03
F12-MA2
D03
THREAT
Type of
damage
Circumstances
Event
Code
Actor
Type
Sub
Type
Place Time
MA.P
Vol
Bur
Abs
Vis
MA.P
Vol
Bur
Hho
Per
MA.P
Vol
Bur
Hho
Ser
MA.P
Vol
Ext
ER.P
Pro
Ext
MA.P
Vol
Bur
Hho
Per
MA.P
Vol
Bur
Abs
Uai
MA.P
Vol
Bur
MA.P
Vol
Bur
Abs
Per
MA.P
Vol
Bur
Abs
Vis
Med.dis MA.P
Vol
Ext
MA.P
Vol
Imp
Per
Med.dis MA.P
Vol
Imp
Vis
MA.P
Vol
Dif
Per
disappearance
Access Process
Med.dis
PC
disappearance
Med.dis
PC
disappearance
Med.dis
PC
disappearance
Med.dis
Disclosure of documents
D04-C
F14-ER1
D04
F14-MA1
D04
F14-MA1
D04
F14-MA1
D04
F14-MA1
D04
F14-MA1
D04
F14-MA1
D04
F14-MA1
D04
F14-MA1
D04
F14-MA1
D04
Document
disappearance
Document
disappearance
Med.dis
Med.dis
Document
disappearance
Document
disappearance
Document
disappearance
Med.dis
Med.dis
Ser
Med.dis
Document
disappearance
Document
disappearance
Document
disappearance
Document
disappearance
Document
disappearance
Med.dis
Med.dis
Med.dis
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
THREAT
Type of
damage
Circumstances
Event
Code
Type
Sub
Type
Place Time
Actor
Access Process
F14-MA1
D04
Document
disappearance
Med.dis MA.P
Vol
Dif
Vis
F14-MA3
D04
Document
disappearance
Med.dis MA.P
Vol
Crc
ER.P
Pro
Dif
MA.P
Vol
Exp
Pa
Med.dis MA.P
Vol
Exp
Ser
MA.P
Vol
Exp
Pna
MA.P
Vol
Med.dis MA.P
MA.P
Med.dis
Vol
Vol
Exp
MA.L
Vol
Bur
Ain
Uai
MA.L
Vol
Bur
Ain
Tie
MA.L
Vol
Bur
Ain
MA.L
Vol
Ext
Aerl
Tie
MA.L
Ele
Ext
Aem
Tie
MA.L
Vol
Aru
D05-C
printouts
F14-ER2
D05
F14-MA2
D05
F14-MA2
D05
F14-MA2
D05
F14-MA2
D05
F14-MA2
D05
F14-MA2
D05
disclosure
Med.dis
printouts
disappearance
printouts
disappearance
printouts
disappearance
printouts
disappearance
printouts
scrapped
printouts
disappearance
disappearance
Med.dis
Med.dis
Med.dis
Dif
Per
Dif
Crc
Vis
D06-C
F13-MA1
D06
F13-MA1
D06
F13-MA1
D06
F13-MA1
D06
F13-MA1
D06
F13-MA1
D06
screen
disclosure
screen
disclosure
Dtr.div
Dtr.div
screen
disclosure
screen
disclosure
screen
harnessing
Rsidu
disclosure
Dtr.div
Dtr.div
Dtr.div
Dtr.div
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
THREAT
Type of
damage
F13-MA2
D06
data
transferred
harnessing
F13-MA2
D06
data
transferred
harnessing
D06
data
transferred
harnessing
F13-MA2
F13-MA2
D06
data
transferred
harnessing
D06
data
transferred
harnessing
F13-MA2
F13-MA2
D06
data
transferred
harnessing
F13-MA2
D06
data
transferred
disclosure
F13-MA2
D06
data
transferred
disclosure
Circumstances
Event
Code
Dtr.div
Dtr.div
Actor
Type
Sub
Type
Place Time
Access Process
MA.L
Vol
Ext
Are
Pna
MA.L
Vol
Ain
Per
MA.L
Fal
Amer
Per
MA.L
Fal
Amer
MA.L
Fal
Amdertm
Tie
MA.L
Vol
Amderuf Main
Tie
MA.L
Vol
Ext
Auie
Tie
MA.L
Vol
Ext
Auis
Dtr.div
Dtr.div
Ext
Dtr.div
Dtr.div
Dtr.div
Dtr.div
D07-C
F19-ER1
D07
e-mails
disclosure
e-mails
disclosure
Dtr.div
Dtr.div
ER.P
Pro
Ua
MA.L
Vol
F19-MA
D07
F19-MA
D07
e-mails
disclosure
Dtr.div
MA.L
Vol
F19-MA
D07
e-mails
disclosure
Dtr.div
MA.L
Vol
Pna
D08-C
F19-ER2
D08
post mail
disclosure
Dtr.div
ER.P
Pro
F19-ER3
D08
fax
disclosure
Dtr.div
ER.P
Pro
F19-MA1
D08
post mail
disappearance
MA.P
Vol
Dtr.div
Loc
Col
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
F19-MA1
D08
F19-MA2
D08
F19-MA2
D08
F19-MA3
D08
THREAT
Type of
damage
post mail
disappearance
fax
disappearance
fax
disappearance
fax
disclosure
Circumstances
Event
Code
Dtr.div
Dtr.div
Dtr.div
Dtr.div
Type
Sub
Type
Place Time
MA.P
Vol
Bur
MA.P
Vol
Lof
MA.P
Vol
MA.L
Fal
Actor
Access Process
Col
Col
D09-C
F16-MA
D09
Document
disappearance
Med.dis MA.P
Vol
Arc
Pa
F16-MA
D09
Document
disappearance
Med.dis MA.P
Vol
Arc
Pna
F16-MA
D09
Document
disappearance
MA.P
Vol
F16-MA2
D09
Document
disclosure
MA.P
Vol
Arc
Pna
MA.P
Vol
Arc
Pa
MA.P
Vol
Arc
Pna
MA.P
Vol
Dis
Pna
Med.dis
Med.dis
Tran
Pna
D10-C
Media
F12-MA1
D10
F12-MA1
D10
F12-MA1
D10
Med.dis
Media
disappearance
Med.dis
Media
G01-A
disappearance
disappearance
Med.dis
G01
F17-AC
G01
F17-AC
G01
F17-AC
G01
premises
unavailability
Loc.ina AC.E
Inc
premises
unavailability
Loc.ina
AC.E
Ino
premises
unavailability
AB.S
Ene
premises
unavailability
Loc.ina AB.S
Loc
Loc.ina
VULNERABILITY
Supporting
Scenario
Family
Family
Code
G02-A
ASSET
type
AICE Asset
THREAT
Type of
damage
Circumstances
Event
Code
Type
Sub
Type
Place Time
Actor
Access Process
erasure
File
erasure
F01-EA2
G02
F01-ER4
G02
F01-EM2
G02
F01-EM2
G02
G02
telecom
equipment
damaging
F06-AC1
G02
telecom
equipment
damaging
F06-AC1
telecom
equipment
Destruction
telecom
equipment
Destruction
telecom
equipment
Destruction
unavailability
unavailability
F06-AC2
G02
F06-AC2
G02
Exp
ER.P
Pro
Exp
erasure
MA.L
Del
Exp
erasure
MA.L
Del
Exp
IC.E
De
Exp
IC.E
Se
Exp
AC.E
Fou
Exp
AC.E
Inc
Exp
AC.E
Ino
Exp
AC.M
Equ
AC.M
Ser
Cfl.eff
F06-AC3
G02
telecom
equipment
F06-AC3
G02
auxiliary
elements
Exp
Cfl.eff
File
G02
IF.L
Cfl.eff
File
F06-AC2
Cfl.eff
Eq.hs
Eq.hs
Eq.des
Eq.des
Eq.des
Eq.hs
Eq.hs
VULNERABILITY
Supporting
Scenario
Family
Family
Code
F06-AC3
F06-MA1
F06-MA1
F06-MA1
ASSET
type
G02
G02
G02
G02
AICE Asset
Type of
damage
auxiliary
elements
unavailability
telecom
equipment
damaging
telecom
equipment
damaging
telecom
equipment
damaging
telecom
equipment
damaging
Circumstances
Event
Code
Actor
Type
Sub
Type
AB.S
Ene
MA.P
Van
Exp
Pa
MA.P
Van
Exp
Pna
MA.P
Van
Tve
MA.P
Van
Tvi
MA.P
Ter
Tve
AB.S
Mas
IF.L
Exp
Exp
ER.P
Pro
Exp
ER.P
Pro
Exp
MA.L
Del
Exp
Una
Place Time
Access Process
Eq.hs
Eq.hs
Eq.hs
Eq.hs
F06-MA1
G02
G02
telecom
equipment
Destruction
F06-MA2
F18-AR
G02
telecom
equipment
unavailability
R01-A
THREAT
Eq.hs
Eq.des
Eq.hs
R01
software
erasure
configuration
Cfl.eff
F01-ER4
R01
software
erasure
configuration
Cfl.eff
F01-ER4
R01
software
erasure
configuration
Cfl.eff
F01-EM4
R01
software
erasure
configuration
Cfl.eff
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
THREAT
Type of
damage
Code
F01-EM4
R01
software
erasure
configuration
Cfl.eff
F01-EM4
R01
software
erasure
configuration
Cfl.eff
F01-EM5
R01
software
erasure
configuration
Cfl.eff
F06-AC1
R01
network
equipment
damaging
Eq.hs
F06-AC1
R01
network
equipment
damaging
F06-AC2
R01
network
equipment
Destruction
R01
network
equipment
Destruction
F06-AC2
R01
network
equipment
Destruction
F06-AC2
R01
network
equipment
unavailability
F06-AC3
R01
auxiliary
elements
unavailability
F06-AC3
R01
auxiliary
elements
unavailability
F06-AC3
R01
network
equipment
damaging
F06-MA1
R01
network
equipment
damaging
F06-MA1
Circumstances
Event
Eq.hs
Eq.des
Actor
Type
Sub
Type
Place Time
MA.L
Del
Exp
MA.L
Del
Exp
MA.L
Tot
IC.E
De
Exp
IC.E
Se
Exp
AC.E
Fou
Exp
AC.E
Inc
Exp
AC.E
Ino
Exp
AC.M
Equ
AC.M
Ser
AB.S
Ene
MA.P
Van
Exp
Pa
MA.P
Van
Exp
Pna
Access Process
Eq.des
Eq.des
Eq.hs
Eq.hs
Eq.hs
Eq.hs
Eq.hs
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
Type of
damage
R01
network
equipment
damaging
F06-MA1
R01
network
equipment
damaging
F06-MA1
R01
network
equipment
Destruction
F06-MA2
R01
network
equipment
unavailability
F06-MA4
R01
network
equipment
unavailability
F06-MA4
F18-AR
R01
network
equipment
unavailability
F18-AR
R01
network
equipment
unavailability
F18-AR
R01
network
equipment
unavailability
F18-AR
R01
network
equipment
unavailability
F18-AR
R01
network
lock
R02-A
THREAT
Circumstances
Event
Code
Actor
Type
Sub
Type
MA.P
Van
Tve
MA.P
Van
Tvi
MA.P
Ter
Tve
MA.L
Cfg
MA.L
Cfg
AB.S
Mas
AV.P
Gre
AB.P
Per
AB.P
Pep
IF.L
Ver
IF.L
Exp
Exp
ER.P
Pro
Exp
ER.P
Pro
Exp
Place Time
Access Process
Eq.hs
Eq.hs
Eq.des
Eq.hs
Eq.hs
Eq.hs
Eq.mo
Eq.mo
Eq.mo
Eq.hs
R02
software
erasure
configuration
Cfl.eff
F01-ER4
R02
software
erasure
configuration
Cfl.eff
F01-ER4
R02
software
erasure
configuration
Cfl.eff
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
THREAT
Type of
damage
Code
F01-EM4
R02
software
erasure
configuration
Cfl.eff
F01-EM4
R02
software
erasure
configuration
Cfl.eff
F01-EM4
R02
software
erasure
configuration
Cfl.eff
F01-EM5
R02
software
erasure
configuration
Cfl.eff
F06-AC1
R02
network
equipment
damaging
Eq.hs
F06-AC1
R02
network
equipment
damaging
F06-AC2
R02
network
equipment
Destruction
R02
network
equipment
Destruction
F06-AC2
R02
network
equipment
Destruction
F06-AC2
R02
network
equipment
unavailability
F06-AC3
R02
auxiliary
elements
unavailability
F06-AC3
R02
auxiliary
elements
unavailability
F06-AC3
R02
network
equipment
damaging
F06-MA1
Circumstances
Event
Eq.hs
Eq.des
Actor
Type
Sub
Type
Place Time
MA.L
Del
Exp
Una
MA.L
Del
Exp
MA.L
Del
Exp
MA.L
Tot
IC.E
De
Exp
IC.E
Se
Exp
AC.E
Fou
Exp
AC.E
Inc
Exp
AC.E
Ino
Exp
AC.M
Equ
AC.M
Ser
AB.S
Ene
MA.P
Van
Access Process
Eq.des
Eq.des
Eq.hs
Eq.hs
Eq.hs
Eq.hs
Exp
Pa
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
THREAT
Type of
damage
R02
network
equipment
damaging
F06-MA1
R02
network
equipment
damaging
F06-MA1
R02
network
equipment
damaging
F06-MA1
R02
network
equipment
Destruction
F06-MA2
R02
network
equipment
unavailability
F06-MA4
R02
network
equipment
unavailability
F06-MA4
F18-AR
R02
network
equipment
unavailability
F18-AR
R02
network
equipment
unavailability
F18-AR
R02
network
equipment
unavailability
F18-AR
R02
network
equipment
unavailability
F18-AR
R02
network
lock
Circumstances
Event
Code
Actor
Type
Sub
Type
Place Time
MA.P
Van
Exp
MA.P
Van
Tve
MA.P
Van
Tvi
MA.P
Ter
Tve
MA.L
Cfg
MA.L
Cfg
AB.S
Mas
AV.P
Gre
AB.P
Per
AB.P
Pep
IF.L
Ver
IF.L
Exp
Exp
ER.P
Pro
Exp
Access Process
Pna
Eq.hs
Eq.hs
Eq.hs
Eq.des
Eq.hs
Eq.hs
Eq.hs
Eq.mo
Eq.mo
Eq.mo
Eq.hs
S01-A
F01-EA2
S01
F01-ER2
S01
program file
erasure
program file
erasure
Cfl.eff
Cfl.eff
Ual
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
THREAT
Type of
damage
Circumstances
Event
Code
Type
Sub
Type
Place Time
Actor
Access Process
F01-ER2
S01
program file
erasure
Cfl.eff
ER.P
Pro
Exp
Uai
F01-ER2
S01
program file
erasure
Cfl.eff
ER.P
Pro
Exp
Una
F01-ER2
S01
program file
erasure
Cfl.eff
ER.P
Pro
Exp
F01-ER2
S01
program file
erasure
Cfl.eff
ER.P
Pro
Exp
F01-EM2
S01
program file
erasure
Cfl.eff
MA.L
Del
Exp
Ual
F01-EM2
S01
program file
erasure
MA.L
Del
Exp
Uai
F01-EM2
S01
program file
erasure
MA.L
Del
Exp
Una
F01-EM2
S01
program file
erasure
Cfl.eff
MA.L
Del
Exp
F01-EM2
S01
program file
erasure
Cfl.eff
MA.L
Del
Exp
F01-EM3
S01
program file
erasure
MA.L
Tot
F01-PA2
S01
program file
Pollution
ER.P
Pro
Mal
F01-PA2
S01
program file
Pollution
ER.P
Pro
Mac
F01-PA2
S01
program file
Pollution
IF.L
Exp
program file
Pollution
MA.L
Fal
Exp
Uai
F01-PM2
S01
F01-PM2
S01
MA.L
Fal
Exp
Una
F01-PM2
S01
F01-PM2
S01
Cfl.eff
Cfl.eff
Fic.eff
Cfl.pol
Cfl.pol
Cfl.pol
Cfl.pol
program file
Pollution
program file
Pollution
Cfl.pol
MA.L
Fal
Exp
program file
Pollution
Cfl.pol
MA.L
Fal
Exp
Cfl.pol
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
media
storing
program
media
storing
program
media
storing
program
media
storing
program
media
F02-AC2
S01
F02-AC2
S01
F02-AC2
S01
F02-AC2
S01
F03-AC2
S01
F03-AC2
S01
F03-MA2
S01
F03-MA2
S01
F03-MA2
S01
F03-MA2
S01
F03-MA2
S01
storing
program
media
F03-MA2
S01
F04-AC2
S01
F04-AC2
S01
F04-AC2
S01
F04-AC2
S01
storing
program
media
storing
program
media
storing
program
media
storing
program
media
storing
program
storing
program
media
storing
program
media
storing
program
media
storing
program
media
storing
program
media
storing
program
media
THREAT
Type of
Circumstances
Event
Code
Actor
Type
Sub
Type
Place Time
AC.E
Inc
Exp
AC.E
Ino
Exp
Destruction
Med.des AC.E
Inc
Md.
Destruction
Med.des AC.E
Ino
Md.
ER.P
Peo
Md.
ER.P
Peo
Exp
MA.P
Vol
Exp
Pna
MA.P
Vol
Exp
MA.P
Vol
Exp
Pse
Med.dis MA.P
Vol
Md.
Pna
MA.P
Vol
Md.
Med.dis MA.P
Vol
Md.
Pse
AC.M
Equ
Exp
IC.E
De
Exp
IC.E
Se
Exp
IF.L
Exp
Exp
damage
Destruction
Destruction
disappearance
disappearance
disappearance
disappearance
disappearance
disappearance
disappearance
disappearance
Med.des
Med.des
Med.dis
Med.dis
Med.dis
Med.dis
Med.dis
Med.dis
inoperability
Med.ine
inoperability
inoperability
Med.ine
Med.ine
inoperability
Med.ine
Access Process
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
Type of
damage
inoperability
media
storing
program
media
storing
program
media
storing
program
application
server
application
server
damaging
S01
F06-AC2
S01
application
server
Destruction
S01
application
server
Destruction
F06-AC2
S01
application
server
Destruction
F06-AC2
S01
application
server
unavailability
F06-AC3
S01
auxiliary
elements
unavailability
F06-AC3
F06-AC3
S01
auxiliary
elements
unavailability
S01
auxiliary
elements
unavailability
F06-AC3
S01
application
server
damaging
F06-MA1
F04-AC2
S01
F04-AC2
S01
F04-AC2
S01
F06-AC1
S01
F06-AC1
THREAT
inoperability
inoperability
damaging
Circumstances
Event
Code
Med.ine
Med.ine
Med.ine
Eq.hs
Type
Sub
Type
Place Time
IC.E
Pol
Md.
IC.E
De
Md.
IC.E
Age
Md.
IC.E
De
Exp
IC.E
Se
Exp
AC.E
Fou
Exp
AC.E
Inc
Exp
AC.E
Ino
Exp
AC.M
Equ
AC.M
Ser
AB.S
Ene
AB.S
Cli
MA.P
Van
Actor
Access Process
Eq.hs
Eq.des
Eq.des
Eq.des
Eq.hs
Eq.hs
Eq.hs
Eq.hs
Eq.hs
Exp
Pa
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
THREAT
Type of
damage
Circumstances
Event
Code
Actor
Type
Sub
Type
Place Time
MA.P
Van
Exp
MA.P
Van
Tve
MA.P
Van
Tvi
MA.P
Ter
Tve
MA.L
Cfg
MA.L
Cfg
AB.S
Mas
AB.S
Maa
AV.P
Gre
AB.P
Per
AB.P
Pep
Access Process
S01
application
server
damaging
F06-MA1
S01
application
server
damaging
F06-MA1
S01
application
server
damaging
F06-MA1
S01
application
server
Destruction
F06-MA2
S01
application
server
unavailability
F06-MA4
S01
application
server
unavailability
F06-MA4
F18-AR
S01
application
server
unavailability
Application
lock
F18-AR
S01
F18-AR
S01
application
server
unavailability
F18-AR
S01
application
server
unavailability
F18-AR
S01
application
server
unavailability
F18-BL
S01
application
lock
Cfl.bug
IF.L
Lsp
Exp
F18-BL
S01
application
lock
Cfl.bug
ER.L
Lin
Exp
F18-BL
S01
application
lock
Cfl.bug
IF.L
Exp
Exp
Pna
Eq.hs
Eq.hs
Eq.hs
Eq.des
Eq.hs
Eq.hs
Eq.hs
Exp
Eq.hs
Eq.mo
Eq.mo
Eq.mo
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
THREAT
Type of
damage
Circumstances
Event
Code
Type
Sub
Type
Place Time
Actor
Access Process
F18-BL
S01
application
lock
Cfl.bug
MA.L
Sam
Exp
F18-BC
S01
account
lock
Cpt.blo
MA.L
Blo
IF.L
Exp
Exp
ER.P
Pro
Exp
Ual
S02-A
File
erasure
File
erasure
File
erasure
Cfl.eff
ER.P
Pro
Exp
Uai
S02
File
erasure
Cfl.eff
ER.P
Pro
Exp
Una
F01-ER2
S02
File
erasure
Cfl.eff
ER.P
Pro
Exp
F01-ER2
S02
File
erasure
Cfl.eff
ER.P
Pro
Exp
F01-EM2
S02
File
erasure
Cfl.eff
MA.L
Del
Exp
Ual
F01-EM2
S02
File
erasure
MA.L
Del
Exp
Uai
F01-EM2
S02
File
erasure
MA.L
Del
Exp
Una
F01-EM2
S02
File
erasure
Cfl.eff
MA.L
Del
Exp
F01-EM2
S02
File
erasure
Cfl.eff
MA.L
Del
Exp
F01-EM3
S02
Files
erasure
MA.L
Tot
F01-PA2
S02
File
Pollution
Cfl.pol
ER.P
Pro
Mal
F01-PA2
S02
File
Pollution
Cfl.pol
ER.P
Pro
Mac
F01-PA2
S02
File
Pollution
IF.L
Exp
F01-EA2
S02
F01-ER2
S02
F01-ER2
S02
F01-ER2
Cfl.eff
Cfl.eff
Cfl.eff
Cfl.eff
Fic.eff
Cfl.pol
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
THREAT
Type of
damage
Circumstances
Event
Code
Actor
Type
Sub
Type
MA.L
Fal
Exp
Uai
MA.L
Fal
Exp
Una
Place Time
Access Process
File
Pollution
File
Pollution
File
Pollution
Cfl.pol
MA.L
Fal
Exp
S02
File
Pollution
Cfl.pol
MA.L
Fal
Exp
F02-AC2
S02
Destruction
AC.E
Inc
Exp
F02-AC2
S02
AC.E
Ino
Exp
F02-AC2
S02
Destruction
Med.des AC.E
Inc
Md.
F02-AC2
S02
media
storing
program
media
storing
program
media
storing
program
media
storing
program
media
Destruction
Med.des AC.E
Ino
Md.
F03-AC2
S02
ER.P
Peo
Md.
F03-AC2
S02
ER.P
Peo
Exp
MA.P
Vol
Exp
Pna
F03-MA2
S02
MA.P
Vol
Exp
F03-MA2
S02
F03-MA2
S02
MA.P
Vol
Exp
Pse
F03-MA2
S02
Med.dis MA.P
Vol
Md.
Pna
F03-MA2
S02
MA.P
Vol
Md.
F03-MA2
S02
Med.dis MA.P
Vol
Md.
Pse
F01-PM2
S02
F01-PM2
S02
F01-PM2
S02
F01-PM2
storing
program
media
storing
program
media
storing
program
media
storing
program
media
storing
program
media
storing
program
media
storing
program
media
storing
program
Destruction
disappearance
disappearance
Cfl.pol
Cfl.pol
Med.des
Med.des
Med.dis
Med.dis
disappearance
Med.dis
disappearance
Med.dis
disappearance
disappearance
disappearance
disappearance
Med.dis
Med.dis
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
F04-AC2
S02
F04-AC2
S02
F04-AC2
S02
F04-AC2
S02
F04-AC2
S02
F04-AC2
S02
F04-AC2
S02
F06-AC1
S02
F06-AC1
S02
F06-AC2
S02
F06-AC2
S02
F06-AC2
S02
F06-AC3
S02
Type of
damage
media
storing
program
inoperability
media
storing
program
media
storing
program
media
storing
program
media
storing
program
media
storing
program
media
storing
program
Server
inoperability
Server
damaging
Server
Destruction
Server
Destruction
Circumstances
Event
Code
Type
Sub
Type
Place Time
AC.M
Equ
Exp
IC.E
De
Exp
IC.E
Se
Exp
IF.L
Exp
Exp
IC.E
Pol
Md.
IC.E
De
Md.
IC.E
Age
Md.
IC.E
De
Exp
IC.E
Se
Exp
AC.E
Fou
Exp
AC.E
Inc
Exp
AC.E
Ino
Exp
AC.M
Equ
Med.ine
inoperability
Med.ine
Med.ine
inoperability
Med.ine
inoperability
inoperability
inoperability
damaging
Med.ine
Med.ine
Med.ine
Eq.hs
Eq.hs
Eq.des
Eq.des
Server
Destruction
Eq.des
Server
THREAT
unavailability
Eq.hs
Access Process
Actor
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
Type of
damage
S02
auxiliary
elements
unavailability
F06-AC3
F06-AC3
S02
auxiliary
elements
unavailability
Server
damaging
F06-MA1
S02
F06-MA1
S02
F06-MA1
S02
F06-MA1
S02
F06-MA2
S02
F06-MA4
S02
F06-MA4
S02
F18-AR
S02
F18-AR
S02
F18-AR
S02
Circumstances
Event
Code
Actor
Type
Sub
Type
AC.M
Ser
AB.S
Ene
MA.P
Van
Exp
Pa
MA.P
Van
Exp
Pna
MA.P
Van
Tve
MA.P
Van
Tvi
MA.P
Ter
Tve
MA.L
Cfg
MA.L
Cfg
AB.S
Mas
AB.S
Maa
AV.P
Gre
Place Time
Access Process
Ser.hs
Ser.hs
Eq.hs
Server
damaging
Eq.hs
Server
damaging
Eq.hs
Server
damaging
Eq.hs
Server
Destruction
Eq.des
Server
unavailability
Eq.hs
Server
THREAT
unavailability
Eq.hs
Server
unavailability
application
lock
Eq.hs
Eq.mo
Server
unavailability
Eq.mo
Exp
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
THREAT
Type of
damage
Circumstances
Event
Code
Type
Sub
Type
AB.P
Per
AB.P
Pep
Place Time
Actor
Access Process
Server
unavailability
Server
unavailability
application
lock
Cfl.bug
IF.L
Lsp
Exp
S02
application
lock
Cfl.bug
MA.L
Sam
Exp
S02
account
lock
Cpt.blo
MA.L
Blo
F18-AR
S02
F18-AR
S02
F18-BL
S02
F18-BL
F18-BC
Eq.mo
Eq.mo
Unavailability of interface services or terminals for users (PC, local printers, peripherals, specific interfaces, etc.)
S03-A
F01-EA5
S03
software
erasure
configuration
Cfl.eff
F01-ER5
S03
software
erasure
configuration
Cfl.eff
F01-ER5
S03
software
erasure
configuration
Cfl.eff
F01-EM6
S03
software
erasure
configuration
Cfl.eff
F06-AC4
S03
F06-AC4
S03
F06-AC4
S03
F06-AC4
S03
F06-AC4
S03
Eq.hs
Eq.hs
Eq.hs
Eq.hs
Eq.hs
IF.L
Exp
Exp
ER.P
Pro
Exp
ER.P
Pro
Exp
ER.P
Pro
Exp
IF.L
Vir
Exp
AC.E
Fou
Exp
AC.E
Inc
Exp
AC.E
Ino
Exp
AB.S
Ene
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
THREAT
Type of
damage
Code
S03
F06-MA3
S03
F06-AC5
S03
Circumstances
Event
Actor
Type
Sub
Type
Place Time
MA.P
Van
Exp
Pa
MA.P
Van
Exp
Tie
AC.M
Equ
Access Process
Eq.des
work stations damaging
Eq.des
shared
equipment
unavailability
Eq.hs
S04-A
program file
erasure
IF.L
Exp
Exp
program file
erasure
ER.P
Pro
Exp
Ual
program file
erasure
Cfl.eff
ER.P
Pro
Exp
Uai
S04
program file
erasure
Cfl.eff
ER.P
Pro
Exp
Una
F01-ER2
S04
program file
erasure
Cfl.eff
ER.P
Pro
Exp
F01-ER2
S04
program file
erasure
Cfl.eff
ER.P
Pro
Exp
F01-EM2
S04
program file
erasure
Cfl.eff
MA.L
Del
Exp
Ual
F01-EM2
S04
program file
erasure
MA.L
Del
Exp
Uai
F01-EM2
S04
program file
erasure
MA.L
Del
Exp
Una
F01-EM2
S04
program file
erasure
Cfl.eff
MA.L
Del
Exp
F01-EM2
S04
program file
erasure
Cfl.eff
MA.L
Del
Exp
F01-EM3
S04
program file
erasure
MA.L
Tot
F01-EA2
S04
F01-ER2
S04
F01-ER2
S04
F01-ER2
Cfl.eff
Cfl.eff
Cfl.eff
Cfl.eff
Fic.eff
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
THREAT
Type of
damage
Circumstances
Event
Code
Type
Sub
Type
Place Time
Actor
Access Process
F01-PA2
S04
program file
Pollution
Cfl.pol
ER.P
Pro
Mal
F01-PA2
S04
program file
Pollution
Cfl.pol
ER.P
Pro
Mac
F01-PA2
S04
program file
Pollution
IF.L
Exp
F01-PM2
S04
program file
Pollution
MA.L
Fal
Exp
Uai
F01-PM2
S04
program file
Pollution
MA.L
Fal
Exp
Una
F01-PM2
S04
program file
Pollution
Cfl.pol
MA.L
Fal
Exp
F01-PM2
S04
program file
Pollution
Cfl.pol
MA.L
Fal
Exp
F02-AC2
S04
Destruction
AC.E
Inc
Exp
F02-AC2
S04
AC.E
Ino
Exp
F02-AC2
S04
Destruction
Med.des AC.E
Inc
Md.
F02-AC2
S04
media
storing
program
media
storing
program
media
storing
program
media
storing
program
media
Destruction
Med.des AC.E
Ino
Md.
F03-AC2
S04
ER.P
Peo
Md.
F03-AC2
S04
ER.P
Peo
Exp
MA.P
Vol
Exp
Pna
F03-MA2
S04
MA.P
Vol
Exp
F03-MA2
S04
F03-MA2
S04
Med.dis MA.P
Vol
Exp
Pse
storing
program
media
storing
program
media
storing
program
media
storing
program
media
storing
program
Destruction
disappearance
disappearance
Cfl.pol
Cfl.pol
Cfl.pol
Med.des
Med.des
Med.dis
Med.dis
disappearance
Med.dis
disappearance
Med.dis
disappearance
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
F03-MA2
S04
F03-MA2
S04
F03-MA2
S04
F04-AC2
S04
F04-AC2
S04
F04-AC2
S04
F04-AC2
S04
F04-AC2
S04
F04-AC2
S04
F04-AC2
S04
F06-AC1
S04
F06-AC1
S04
F06-AC2
S04
F06-AC2
S04
media
storing
program
media
storing
program
media
storing
program
media
storing
program
THREAT
Type of
damage
disappearance
disappearance
disappearance
Circumstances
Event
Code
Sub
Type
Place Time
Med.dis MA.P
Vol
Md.
Pna
MA.P
Vol
Md.
Med.dis MA.P
Vol
Md.
Pse
AC.M
Equ
Exp
IC.E
De
Exp
IC.E
Se
Exp
IF.L
Exp
Exp
IC.E
Pol
Md.
IC.E
De
Md.
IC.E
Age
Md.
IC.E
De
Exp
IC.E
Se
Exp
AC.E
Fou
Exp
AC.E
Inc
Exp
Type
Med.dis
inoperability
Med.ine
media
storing
program
inoperability
media
storing
program
media
storing
program
media
storing
program
media
storing
program
media
storing
program
Server
inoperability
Server
damaging
Server
Destruction
Server
Destruction
Med.ine
Med.ine
inoperability
Med.ine
inoperability
inoperability
inoperability
damaging
Actor
Med.ine
Med.ine
Med.ine
Eq.hs
Eq.hs
Eq.des
Eq.des
Access Process
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
Server
Type of
damage
S04
F06-AC3
S04
S04
auxiliary
elements
unavailability
F06-AC3
F06-AC3
S04
auxiliary
elements
unavailability
F06-AC3
S04
auxiliary
elements
unavailability
Server
damaging
F06-MA1
S04
F06-MA1
S04
F06-MA1
S04
F06-MA1
S04
F06-MA2
S04
F18-AR
S04
F18-AR
S04
Circumstances
Event
Code
Destruction
F06-AC2
Actor
Type
Sub
Type
Place Time
AC.E
Ino
Exp
AC.M
Equ
AC.M
Ser
AB.S
Ene
AB.S
Cli
MA.P
Van
Exp
Pa
MA.P
Van
Exp
Pna
MA.P
Van
Tve
MA.P
Van
Tvi
MA.P
Ter
Tve
AB.S
Mas
AB.S
Maa
Access Process
Eq.des
Server
unavailability
Eq.hs
Ser.hs
Ser.hs
Ser.hs
Eq.hs
Server
damaging
Eq.hs
Server
damaging
Eq.hs
Server
damaging
Eq.hs
Server
THREAT
Destruction
Eq.des
Server
unavailability
application
lock
Eq.hs
Eq.hs
Exp
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
THREAT
Type of
damage
Circumstances
Event
Code
Type
Sub
Type
AV.P
Gre
AB.P
Per
AB.P
Pep
Place Time
Actor
Access Process
Server
unavailability
Server
unavailability
Server
unavailability
application
lock
Cfl.bug
IF.L
Lsp
Exp
S04
application
lock
Cfl.bug
ER.L
Lin
Exp
F18-BL
S04
application
lock
Cfl.bug
IF.L
Exp
Exp
F18-BL
S04
application
lock
Cfl.bug
MA.L
Sam
Exp
F18-BC
S04
account
lock
Cpt.blo
MA.L
Blo
F18-AR
S04
F18-AR
S04
F18-AR
S04
F18-BL
S04
F18-BL
Eq.mo
Eq.mo
Eq.mo
S05-A
program file
F01-EA2
S05
F01-ER2
S05
F01-ER2
S05
F01-ER2
S05
F01-ER2
S05
F01-ER2
S05
IF.L
Exp
Exp
ER.P
Pro
Exp
Ual
ER.P
Pro
Exp
Uai
ER.P
Pro
Exp
Una
ER.P
Pro
Exp
ER.P
Pro
Exp
Cfl.eff
program file
erasure
Cfl.eff
program file
erasure
Cfl.eff
program file
erasure
erasure
Cfl.eff
program file
erasure
program file
erasure
Cfl.eff
Cfl.eff
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
program file
F01-EM2
S05
F01-EM2
S05
F01-EM2
S05
F01-EM2
S05
F01-EM2
S05
F01-EM3
S05
F01-PA2
S05
F01-PA2
S05
F01-PA2
S05
F01-PM2
S05
F01-PM2
S05
Type of
damage
Circumstances
Event
Code
erasure
Actor
Type
Sub
Type
Place Time
MA.L
Del
Exp
Ual
MA.L
Del
Exp
Uai
MA.L
Del
Exp
Una
MA.L
Del
Exp
MA.L
Del
Exp
MA.L
Tot
ER.P
Pro
Mal
ER.P
Pro
Mac
IF.L
Exp
MA.L
Fal
Exp
Uai
MA.L
Fal
Exp
Una
Access Process
Cfl.eff
program file
erasure
Cfl.eff
program file
erasure
Cfl.eff
program file
erasure
Cfl.eff
program file
erasure
Cfl.eff
program file
erasure
Fic.eff
program file
Pollution
Cfl.pol
program file
Pollution
Cfl.pol
program file
Pollution
Cfl.pol
program file
Pollution
Cfl.pol
program file
THREAT
Pollution
Cfl.pol
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
program file
F01-PM2
S05
F01-PM2
S05
F02-AC2
S05
F02-AC2
S05
F02-AC2
S05
F02-AC2
S05
F03-AC2
Type of
damage
Circumstances
Event
Code
Pollution
Actor
Type
Sub
Type
MA.L
Fal
Exp
MA.L
Fal
Exp
AC.E
Inc
Exp
AC.E
Ino
Exp
AC.E
Inc
Md.
AC.E
Ino
Md.
ER.P
Peo
Md.
ER.P
Peo
Exp
MA.P
Vol
Exp
Pna
MA.P
Vol
Exp
MA.P
Vol
Exp
Pse
MA.P
Vol
Md.
Pna
Place Time
Access Process
Cfl.pol
program file
Pollution
Cfl.pol
media
storing
program
media
storing
program
media
storing
program
Destruction
media
storing
program
Destruction
media
storing
program
disappearance
S05
S05
media
storing
program
disappearance
F03-AC2
S05
media
storing
program
disappearance
F03-MA2
S05
media
storing
program
disappearance
F03-MA2
S05
media
storing
program
disappearance
F03-MA2
S05
media
storing
program
disappearance
F03-MA2
THREAT
Destruction
Med.des
Med.des
Destruction
Med.des
Med.des
Med.dis
Med.dis
Med.dis
Med.dis
Med.dis
Med.dis
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
Type of
damage
S05
media
storing
program
disappearance
F03-MA2
S05
media
storing
program
disappearance
F03-MA2
S05
media
storing
program
inoperability
F04-AC2
S05
F04-AC2
S05
F04-AC2
S05
media
storing
program
media
storing
program
media
storing
program
inoperability
F04-AC2
S05
media
storing
program
inoperability
F04-AC2
S05
media
storing
program
inoperability
F04-AC2
S05
media
storing
program
inoperability
F04-AC2
F06-AC1
S05
Server
damaging
Server
damaging
F06-AC1
S05
F06-AC2
S05
Circumstances
Event
Code
Actor
Type
Sub
Type
Place Time
MA.P
Vol
Md.
MA.P
Vol
Md.
Pse
AC.M
Equ
Exp
IC.E
De
Exp
IC.E
Se
Exp
IF.L
Exp
Exp
IC.E
Pol
Md.
IC.E
De
Md.
IC.E
Age
Md.
IC.E
De
Exp
IC.E
Se
Exp
AC.E
Fou
Exp
Access Process
Med.dis
Med.dis
Med.ine
Med.ine
inoperability
Med.ine
inoperability
Med.ine
Med.ine
Med.ine
Med.ine
Eq.hs
Eq.hs
Server
THREAT
Destruction
Eq.des
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
Server
Type of
damage
S05
F06-AC2
S05
F06-AC3
S05
S05
auxiliary
elements
unavailability
F06-AC3
S05
auxiliary
elements
unavailability
F06-AC3
Server
damaging
F06-MA1
S05
S05
F06-MA1
S05
F06-MA4
S05
Exp
Destruction
AC.E
Ino
Exp
unavailability
AC.M
Equ
AC.M
Ser
AB.S
Ene
MA.P
Van
Exp
Pa
MA.P
Van
Exp
Pna
MA.P
Van
Tve
MA.P
Van
Tvi
MA.L
Cfg
MA.L
Cfg
Ser.hs
Ser.hs
damaging
damaging
damaging
Eq.hs
unavailability
Eq.hs
Server
Inc
Eq.hs
Server
AC.E
Access Process
Eq.hs
Server
S05
Place Time
Eq.hs
Server
F06-MA4
Sub
Type
Eq.hs
Server
F06-MA1
Type
Eq.des
Server
Code
Actor
Eq.des
Server
S05
Circumstances
Event
Destruction
F06-AC2
F06-MA1
THREAT
unavailability
Eq.hs
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
Server
F06-MA2
S05
F18-AR
S05
F18-AR
S05
F18-AR
S05
F18-AR
S05
F18-AR
S05
F18-BL
S05
F18-BL
S05
F18-BL
S05
F18-BL
S05
THREAT
Type of
damage
Event
Code
Destruction
Circumstances
Actor
Type
Sub
Type
MA.P
Ter
AB.S
Mas
AB.S
Maa
AV.P
Gre
AB.P
Per
AB.P
Pep
IF.L
Lsp
Exp
ER.L
Lin
Exp
IF.L
Exp
Exp
MA.L
Sam
Exp
ER.P
Pro
ER.P
Pro
Place Time
Access Process
Tve
Eq.des
Server
unavailability
application
lock
Eq.hs
Exp
Eq.hs
Server
unavailability
Eq.mo
Server
unavailability
Eq.mo
Server
unavailability
Eq.mo
application
lock
application
lock
application
lock
application
lock
Cfl.bug
Cfl.bug
Cfl.bug
Cfl.bug
G02-I
F09-ER
G02
equipment
tampering
configuration
Cfl.alt
F09-ER
G02
equipment
tampering
configuration
Cfl.alt
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
THREAT
Type of
damage
Event
Code
F09-MA4
G02
equipment
tampering
configuration
Cfl.alt
F09-MA4
G02
equipment
tampering
configuration
Cfl.alt
F09-MA4
G02
equipment
tampering
configuration
Cfl.alt
F09-MA4
G02
equipment
tampering
configuration
Circumstances
Actor
Type
Sub
Type
MA.L
Fal
MA.L
Fal
MA.L
Fal
Ain
Una
MA.L
Fal
Atm
Tie
ER.P
Pro
ER.P
Pro
MA.L
Fal
MA.L
Fal
MA.L
Fal
Una
ER.P
Pro
ER.P
Pro
MA.L
Fal
Place Time
Access Process
Cfl.alt
R01-I
F09-ER
R01
equipment
tampering
configuration
Cfl.alt
F09-ER
R01
equipment
tampering
configuration
Cfl.alt
F09-MA4
R01
equipment
tampering
configuration
Cfl.alt
F09-MA4
R01
equipment
tampering
configuration
Cfl.alt
F09-MA4
R01
equipment
tampering
configuration
Cfl.alt
R02-I
F09-ER
R02
equipment
tampering
configuration
Cfl.alt
F09-ER
R02
equipment
tampering
configuration
Cfl.alt
F09-MA4
R02
equipment
tampering
configuration
Cfl.alt
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
THREAT
Type of
damage
Event
Code
F09-MA4
R02
equipment
tampering
configuration
Cfl.alt
F09-MA4
R02
equipment
tampering
configuration
Cfl.alt
Circumstances
Actor
Type
Sub
Type
MA.L
Fal
MA.L
Fal
Una
ER.P
Pro
ER.P
Pro
ER.P
Pro
MA.L
Fal
MA.L
Fal
MA.L
Fal
MA.L
Fal
Una
MA.P
Fal
Exp
Pa
MA.P
Fal
Exp
Pna
MA.P
Fal
Tran
Pa
MA.L
Fal
Con
MA.L
Fal
Con
Place Time
Access Process
S01-I
F09-AC2
S01
F09-AC2
S01
F09-AC2
S01
F09-MA2
S01
F09-MA2
S01
F09-MA2
S01
F09-MA2
S01
F09-ME2
S01
F09-ME2
S01
F09-ME2
S01
F09-FC
S01
F09-FC
S01
program file
tampering
program file
tampering
program file
tampering
program file
tampering
program file
tampering
program file
tampering
program file
tampering
media
storing
program
media
storing
program
swap
Cfl.alt
Cfl.alt
Cfl.alt
Cfl.alt
Cfl.alt
Cfl.alt
Cfl.alt
Med.ech
swap
Med.ech
media
storing
program
swap
connection
process
tampering
connection
process
tampering
Med.ech
Cfl.alt
Cfl.alt
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
THREAT
Type of
damage
tampering
Event
Code
F09-FC
S01
connection
process
F09-AC3
S01
security
tampering
configuration
Cfl.alt
F09-AC3
S01
security
tampering
configuration
Cfl.alt
F09-MA3
S01
security
tampering
configuration
Cfl.alt
F09-MA3
S01
security
tampering
configuration
Cfl.alt
F09-MA3
S01
security
tampering
configuration
Cfl.alt
Cfl.alt
Circumstances
Actor
Type
Sub
Type
MA.L
Fal
Con
ER.P
Pro
Res
ER.P
Pro
Res
MA.L
Fal
Res
MA.L
Fal
Res
MA.L
Fal
Res
Pna
ER.P
Pro
ER.P
Pro
MA.L
Fal
MA.L
Fal
MA.L
Fal
Una
Place Time
Access Process
S02-I
F09-ER
S02
software
tampering
configuration
Cfl.alt
F09-ER
S02
software
tampering
configuration
Cfl.alt
F09-MA4
S02
software
tampering
configuration
Cfl.alt
F09-MA4
S02
software
tampering
configuration
Cfl.alt
F09-MA4
S02
software
tampering
configuration
Cfl.alt
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
THREAT
Type of
damage
Event
Code
F09-AC3
S02
security
tampering
configuration
Cfl.alt
F09-AC3
S02
security
tampering
configuration
Cfl.alt
F09-MA3
S02
security
tampering
configuration
Cfl.alt
F09-MA3
S02
security
tampering
configuration
Cfl.alt
Circumstances
Actor
Type
Sub
Type
ER.P
Pro
Res
ER.P
Pro
Res
MA.L
Fal
Res
MA.L
Fal
Res
Pna
ER.P
Pro
ER.P
Pro
MA.L
Fal
MA.L
Fal
MA.L
Fal
Una
ER.P
Pro
Res
ER.P
Pro
Res
MA.L
Fal
Res
Place Time
Access Process
S04-I
F09-ER
S04
software
tampering
configuration
Cfl.alt
F09-ER
S04
software
tampering
configuration
Cfl.alt
F09-MA4
S04
software
tampering
configuration
Cfl.alt
F09-MA4
S04
software
tampering
configuration
Cfl.alt
F09-MA4
S04
software
tampering
configuration
Cfl.alt
F09-AC3
S04
security
tampering
configuration
Cfl.alt
F09-AC3
S04
security
tampering
configuration
Cfl.alt
F09-MA3
S04
security
tampering
configuration
Cfl.alt
VULNERABILITY
Supporting
Scenario
Family
Family
Code
F09-MA3
ASSET
type
S04
AICE Asset
THREAT
Type of
damage
security
tampering
configuration
Circumstances
Event
Code
Type
Sub
Type
MA.L
Fal
Place Time
Actor
Access Process
Res
Pna
Cfl.alt
S05-I
program file
tampering
F09-AC2
S05
F09-AC2
S05
F09-AC2
S05
F09-MA2
S05
F09-MA2
S05
F09-MA2
S05
F09-MA2
S05
S05
media
storing
program
swap
F09-ME2
S05
media
storing
program
swap
F09-ME2
S05
media
storing
program
swap
F09-ME2
program file
Pro
tampering
ER.P
Pro
ER.P
Pro
MA.L
Fal
MA.L
Fal
MA.L
Fal
MA.L
Fal
Una
MA.P
Fal
Exp
Pa
MA.P
Fal
Exp
Pna
MA.P
Fal
Tran
Pa
Cfl.alt
program file
tampering
Cfl.alt
program file
tampering
Cfl.alt
program file
tampering
Cfl.alt
program file
tampering
Cfl.alt
program file
ER.P
Cfl.alt
tampering
Cfl.alt
Med.ech
Med.ech
Med.ech
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
F09-FC
S05
F09-FC
S05
F09-FC
F09-AC3
F09-AC3
F09-MA3
F09-MA3
F09-MA3
S05
S05
S05
S05
S05
S05
THREAT
Type of
damage
connection
process
tampering
connection
process
tampering
connection
process
tampering
Event
Code
Circumstances
Actor
Type
Sub
Type
MA.L
Fal
Con
MA.L
Fal
Con
MA.L
Fal
Con
ER.P
Pro
Res
ER.P
Pro
Res
MA.L
Fal
Res
MA.L
Fal
Res
MA.L
Fal
Res
Pna
ER.P
Pro
Exp
Place Time
Access Process
Cfl.alt
Cfl.alt
Cfl.alt
security
tampering
configuration
security
tampering
configuration
security
tampering
configuration
security
tampering
configuration
security
tampering
configuration
Cfl.alt
Cfl.alt
Cfl.alt
Cfl.alt
Cfl.alt
S01-C
F11-ER2
S01
File
Programme
disclosure
Cfl.dif
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
Type of
damage
F11-ER2
S01
File
Programme
disclosure
F11-ER2
S01
File
Programme
disclosure
F11-ER2
S01
File
Programme
disclosure
F11-MA2
S01
File
Programme
disclosure
F11-MA2
S01
File
Programme
disclosure
F11-MA2
S01
File
Programme
disclosure
F11-MA2
S01
File
Programme
disclosure
F11-MA2
S01
File
Programme
disclosure
Media
disappearance
F12-MA1
S01
F12-MA3
S01
F12-MA3
S01
F12-MA3
S01
F12-MA3
S01
F12-MA3
S01
Event
Code
Cfl.dif
Cfl.dif
Cfl.dif
Cfl.dif
Cfl.dif
Cfl.dif
Cfl.dif
Cfl.dif
Circumstances
Actor
Type
Sub
Type
ER.P
Pro
Mam
ER.P
Pro
Tde
ER.P
Pro
Mal
MA.L
Vol
Tru
Ual
MA.L
Vol
Tru
Uai
MA.L
Vol
Tru
Una
MA.L
Vol
Exp
MA.L
Vol
Mai
MA.P
Vol
Tran
Pa
MA.P
Vol
Sti
Pa
MA.P
Vol
Ste
Pa
MA.P
Vol
Exp
Pna
MA.P
Vol
Tran
Pna
MA.P
Vol
Sti
Pna
Place Time
Access Process
Med.dis
Media
disappearance
Media
disappearance
Med.dis
Med.dis
Media
disappearance
Med.dis
Media
disappearance
Med.dis
Media
THREAT
disappearance
Med.dis
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
Media
F12-MA3
S01
THREAT
Type of
damage
Code
disappearance
Circumstances
Event
Type
Sub
Type
MA.P
Vol
Place Time
Actor
Access Process
Ste
Med.dis
C01-E
F20-NC
C01
Pro.inf
F20-NC
C01
Pro.inf
F20-NC
C01
Pro.inf
F20-NC
C01
Pro.inf
PR.N
Api
Exp
PR.N
Naa
Exp
PR.N
Nam
Exp
PR.N
Nav
Exp
C02-E
F20-NC
C02
Pro.inf
F20-NC
C02
Pro.inf
F20-NC
C02
Pro.inf
F20-NC
C02
Pro.inf
PR.N
Api
Exp
PR.N
Naa
Exp
PR.N
Nam
Exp
PR.N
Nav
Exp
C03-E
F20-NC
C03
PR.N
Pro.inf
Api
Exp
Pna
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
THREAT
Type of
damage
Event
Code
F20-NC
C03
Pro.inf
F20-NC
C03
Pro.inf
F20-NC
C03
Pro.inf
Circumstances
Actor
Type
Sub
Type
PR.N
Naa
Exp
PR.N
Nam
Exp
PR.N
Nav
Exp
Place Time
Access Process
C04-E
F20-NC
C04
Pro.inf
F20-NC
C04
Pro.inf
F20-NC
C04
Pro.inf
F20-NC
C04
Pro.inf
PR.N
Api
Exp
PR.N
Naa
Exp
PR.N
Nam
Exp
PR.N
Nav
Exp
C05-E
F20-NC
C05
Pro.inf
F20-NC
C05
Pro.inf
F20-NC
C05
Pro.inf
F20-NC
C05
Pro.inf
PR.N
Api
Exp
PR.N
Naa
Exp
PR.N
Nam
Exp
PR.N
Nav
Exp
VULNERABILITY
Supporting
Scenario
Family
Family
Code
ASSET
type
AICE Asset
THREAT
Type of
damage
Event
Code
Type
Sub
Type
Circumstances
Place Time
Actor
Access Process
Non compliance of processes attached to the protection of human beings and environment
C06-E
F20-NC
C06
Pro.inf
F20-NC
C06
Pro.inf
F20-NC
C06
Pro.inf
F20-NC
C06
Pro.inf
PR.N
Api
Exp
PR.N
Naa
Exp
PR.N
Nam
Exp
PR.N
Nav
Exp
1 1 1 3 1
1 1 1 3 0
1 1 1 3 0
max(07A02;09A02)
1 1 1 3 0
min(07A03;07A04)
1 1 1 3 0
1 1 1 3 0
1 1 1 3 0
1 1 1 3 0
1 1 1 3 0
1 1 1 3 0
min(08F02;08F03)
1 1 1 3 0
max(08A05;08E02)
1 1 1 3 0
1 1 1 1 0
1 1 1 3 0
10B05
1 1 1 3 0
10B06
1 1 1 3 0
1 1 1 3 0
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
08A03
Confining
EFF-CONF
08E03
min(07C01;08E02)
min(07C01;08E02)
max(07A02;09A02)
min(07A03;07A04)
08A06
min(08F02;08F03)
08D03
max(min(07A01;07A0
2;08F01);min(09A01;0
9A02))
08E02
1 1 1 3 0
1 1 1 3 0
09C02
1 1 1 3 0
max(09C02;10B05)
Loss, due to accidental destruction, of media supporting files of data, within the
production premises, due to a fire
1 1 1 3 0
Loss, due to accidental destruction, of media supporting files of data, within the
production premises, due to flooding
1 1 1 3 0
1 1 1 3 0
1 1 1 3 0
1 1 1 3 0
1 1 1 3 0
1 1 1 3 0
03B06
1 1 1 3 0
03B06
1 1 1 3 0
03B06
1 1 1 3 0
03B06
1 1 1 3 0
03B06
1 1 1 3 0
03B06
1 1 1 3 0
1 1 1 3 0
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
max(min(07A03;07A0
4;08F02);min(09A03;0
9A04);09C02)
03D01
03D01
min(03B03;03B04)
08C03
09D01
03C01
Confining
EFF-CONF
1 1 1 3 0
1 1 1 3 0
1 1 1 3 0
1 1 1 3 0
1 1 1 3 0
1 1 1 3 0
1 1 1 1 0
Erasure, due to an error, of files shared for office work, by a user authorized
legitimately, connected from the internal network
1 1 1 1 0
Erasure, due to an error, of files shared for office work, by a user authorized
illegitimately, connected from the internal network
1 1 1 1 0
Erasure, due to an error, of files shared for office work, by a user not
authorized, connected from the internal network
1 1 1 1 0
Erasure, due to an error, of files shared for office work, by a member of the
production team, connected from the internal network
1 1 1 1 0
Erasure, due to an error, of files shared for office work, by a member of the
maintenance team , connected from the internal network
1 1 1 1 0
Malicious erasure of files and backups shared for office work, by a user
authorized legitimately, connected from the internal network
1 1 1 1 0
Malicious erasure of files and backups shared for office work, by a user
authorized illegitimately, connected from the internal network
1 1 1 1 0
Malicious erasure of files and backups shared for office work, by a user not
authorized, connected from the internal network
1 1 1 1 0
Malicious erasure of files and backups shared for office work, by a member of
the production team, connected from the internal network
1 1 1 1 0
Malicious erasure of files and backups shared for office work, by a member of
the maintenance team , connected from the internal network
1 1 1 1 0
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
Confining
EFF-CONF
min(03A01;03A04)
08A03
08C03
min(08D07;11D06)
07A02
min(07A03;07A04)
min(08F02;08F03)
08E03
1 1 1 1 0
Loss, due to accidental destruction, of media supporting files shared for office
work, within the production premises, due to a fire
1 1 1 1 0
Loss, due to accidental destruction, of media supporting files shared for office
work, within the production premises, due to flooding
1 1 1 1 0
Theft of media supporting files shared for office work, within the production
premises, by a member of the staff not authorized
1 1 1 1 0
03B06
Theft of media supporting files shared for office work, within the production
premises, by a member of the production team
1 1 1 1 0
03B06
Theft of media supporting files shared for office work, within the production
premises, by a member of the services team
1 1 1 1 0
03B06
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
Theft or malicious destruction of means required for accessing files shared for
office work
1 1 1 1 0
Accidental erasure of files used for personal office activity, due to a virus
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
Dissuasion
EFF-DISS
Prevention
EFF-PREV
Confining
EFF-CONF
min(08F02;08F03)
03D01
Erasure, due to an error, of files used for personal office activity, by a member
of the production team, connected from the internal network
seriousness
Likelihood
Impact
Impact
Malicious erasure of files and backups shared for office work, by a member of
the production team, connected from the internal network
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
min(03B03;03B04)
03C01
min(03A01;03A04)
08A03
min(08D07;11D06)
08E03
1 1 1 1 0
Erasure, due to an error, of files used for personal office activity, by a user not
authorized, directly connected to the workstation, while the user is absent
Malicious erasure of files and backups used for personal office activity, by a
user not authorized, directly connected to the workstation, while the user is
absent
Malicious erasure of files and backups used for personal office activity, by a
user not authorized, directly connected to the workstation, outside working
hours
Malicious erasure of files and backups used for personal office activity, by a
member of the production team, connected from the internal network
1 1 1 1 0
1 1 1 1 0
11B01
1 1 1 1 0
11B01
1 1 1 1 0
Malicious erasure of files and backups used for personal office activity, by a
member of the maintenance team
1 1 1 1 0
Loss, due to accidental destruction, of media supporting files used for personal
office activity, in the offices, due to a fire
1 1 1 1 0
Loss, due to accidental destruction, of media supporting files used for personal
office activity, in the offices, due to flooding
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
Vol of PC portable contenant des fichiers used for personal office activity, in the
offices, by a member of the enterprise staff
1 1 1 1 0
Vol of PC portable contenant des fichiers used for personal office activity, in the
offices, by a member of the services team
1 1 1 1 0
Vol of PC portable contenant des fichiers used for personal office activity, in the
offices, by a visitor
1 1 1 1 0
Vol of PC portable contenant des fichiers used for personal office activity,
outside the company
1 1 1 1 0
Theft of media supporting files used for personal office activity, in the offices, by
a member of the enterprise staff
1 1 1 1 0
Theft of media supporting files used for personal office activity, in the offices, by
a member of the services team
1 1 1 1 0
Theft of media supporting files used for personal office activity, in the offices, by
a visitor
Impossibility, due to an accident, to use a media supporting files used for
personal office activity, in the offices, caused by the breakdown of an
equipment
Impossibility, due to an accident, to use a media supporting files used for
personal office activity, in the offices, due a liquid (water) damage
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1
1
seriousness
Likelihood
Impact
Impact
Erasure, due to an error, of files used for personal office activity, by a member
of the maintenance team
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
min(08F02;08F03)
02C05
02D02
02C05
02D02
02C05
max(02C03;02D02)
02C05
02D02
02C05
02D02
02C05
max(02C03;02D02)
Confining
EFF-CONF
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
calculated
values
Type AICE
security decided
measures values
Type AEM
Direct Selection
Intrinsic
values
DESCRIPTION
Theft or malicious destruction of means required for accessing files used for
personal office activity
Dissuasion
EFF-DISS
Prevention
EFF-PREV
min(03A01;03A04)
min(02D01;02D06)
min(02D01;02D06)
min(02D01;02D06)
min(02D01;02D06)
11B02
02C05
min(02D01;02D06)
02C05
min(02D01;02D06)
02C05
min(02D01;02D06)
min(02D01;02D06)
11B02
Confining
EFF-CONF
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
08A03
03D01
03C01
min(08F02;08F03)
min(08F02;07A03;07A
04)
08A03
03D01
03C01
min(08F02;08F03)
min(08F02;07A03;07A
04)
Confining
EFF-CONF
1 1 1 1
1 1 1 1
02D05
1 1 1 1
02D05
1 1 1 1
1 1 1 1
02D04
1 1 1 1
02D04
1 1 1 1
02D04
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
02D05
02D05
02D05
02D04
02D04
min(02D06;02D07)
1 1 1 1
Confining
EFF-CONF
1 1 1 1
min(02D06;02D07)
1 1 1 1
3
min(02D06;02D07)
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
min(02D06;02D07)
min(02D06;02D07)
min(02D06;02D07)
min(02D06;02D07)
min(02D06;02D07)
min(02D06;02D07)
min(02D06;02D07)
min(02D06;02D07)
min(02D06;02D07)
min(02D06;02D07)
min(02D06;02D07)
min(02D06;02D07)
1 1 1 1
1 1 1 1 0
Prevention
EFF-PREV
Dissuasion
EFF-DISS
min(02D06;02D07)
seriousness
Likelihood
calculated
values
Impact
Type AICE
Impact
Type AEM
security decided
measures values
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Direct Selection
Intrinsic
values
DESCRIPTION
Confining
EFF-CONF
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
08H02
1 1 1 1 0
08H02
1 1 1 1 0
08H03
1 1 1 1 0
08H03
1 1 1 1 0
08H01
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
08H03
1 1 1 1 0
08H03
1 1 1 1 0
08H02
1 1 1 1 0
1 1 1 1 0
1 1 1 3
1 1 1 3
1 1 1 3 0
1 1 1 3 0
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
Confining
EFF-CONF
08H02
08H03
08H03
08H03
08C05
1 1 1 3 0
1 1 1 3 0
1 1 1 3 0
Malicious erasure of files and backups of data posted on public or internal sites
, by a user not authorized, connected from the internal network
1 1 1 3 0
Malicious erasure of files and backups of data posted on public or internal sites
, by a member of the production team, connected from the internal network
1 1 1 3 0
min(08F02;08F03)
Malicious erasure of files and backups of data posted on public or internal sites
, by a member of the maintenance team
1 1 1 3 0
max(08A05;08E02)
1 1 1 3
1 1 1 3
1 1 1 3
1 1 1 3 0
1 1 1 3 0
1 1 1 3 0
1 1 1 3 0
1 1 1 3 0
Theft of media supporting files of data posted on public or internal sites , within
the production premises, by a member of the staff not authorized
1 1 1 3 0
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
Confining
EFF-CONF
min(07A03;07A04)
10B05
10B06
08D03
03D01
03D01
03B06
min(03B03;03B04)
08E02
1 1 1 3 0
03B06
Theft of media supporting files of data posted on public or internal sites , within
the production premises, by a member of the services team
1 1 1 3 0
03B06
1 1 1 3 0
1 1 1 3 0
1 1 1 3 0
1 1 1 3 0
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
max(09B05;min(07A0 09B04
1;07A02;08F01);min(0
9A01;09A02))
1 1 1 1 1
max(09B05;min(07A0 09B04
3;07A04;08F02);min(0
9A03;09A04))
1 1 1 1 1
seriousness
Likelihood
Impact
Impact
Theft of media supporting files of data posted on public or internal sites , within
the production premises, by a member of the production team
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
Confining
EFF-CONF
03C01
min(03A01;03A04)
08A03
08E03
max(09B05;10B05)
09B04
max(09B05;10B06)
09B04
max(09B05;08D03)
09B04
09B05
09B04
max(09B05;10B05)
09B04
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
Malicious (and undetected) swap of media containing files of data during the
transportation between sites by an authorized staff member
1 1 1 1 1
1 1 1 1
Dissuasion
EFF-DISS
Prevention
EFF-PREV
Confining
EFF-CONF
max(09B05;min(07A0 09B04
1;07A02;08F01);min(0
9A01;09A02))
max(09B05;min(07A0 09B04
3;07A04;08F02);min(0
9A03;09A04);09B01;0
max(09B01;09C02)
09B04
9C02)
max(09B01;09C02)
09B04
08A06
09B04
max(09B01;09C02)
09B04
09B04
11C04
1 1 1 1
1 1 1 1
Malicious (and undetected) tampering of files shared for office work during
production, by a user authorized illegitimately, connected from the internal
network
1 1 1 1
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
min(07A01;07A02;08F
01)
max(min(08F02;07A0
3;07A04);11C01;11C0
4)
min(07A01;07A02;08F
01)
09B04
1 1 1 1
Malicious (and undetected) tampering of files shared for office work during
production, by a member of the production team, connected from the internal
network
1 1 1 1
Malicious (and undetected) tampering of files shared for office work during
production, by a member of the maintenance team , connected from the
internal network
1 1 1 1
Malicious (and undetected) swap of media containing files shared for office
work during production, by an authorized staff member, connected from the
internal network
1 1 1 1
Malicious (and undetected) swap of media containing files shared for office
work during production, by a member of the staff not authorized, connected
from the internal network
1 1 1 1
1 1 1 1
1 1 1 1
Malicious (and undetected) tampering of files used for personal office activity
stored on the work station, by a member of the production team, connected
from the internal network
1 1 1 1
Malicious (and undetected) tampering of files used for personal office activity
stored on the work station by a member of the maintenance team
1 1 1 1
Malicious (and undetected) tampering of files used for personal office activity
stored on a removable media by an authorized staff member
1 1 1 1
Malicious (and undetected) tampering of files used for personal office activity
open on the workstation, by a user not authorized, directly connected to the
workstation
1 1 1 1
1 1 1 1
Malicious (and undetected) swap of media containing files used for personal
office activity stored on a removable media by an authorized staff member
seriousness
Likelihood
Impact
Impact
Malicious (and undetected) tampering of files shared for office work during
production, by a user not authorized, connected from the internal network
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
max(min(08F02;07A0
3;07A04);11C01;11C0
4)
max(11C011;11C04)
max(11C01;11C03;11
C04)
max(11C01;11C04)
max(03B04;03B05;03 max(min(03B01;03B0
B06)
2;03B03);08C02;11C0
1;11C04)
11C04
max(11B01;11C04)
max(11C01;11C04)
max(11C01;11C03;11
C04)
11C02
max(11B01;11C01;11
C04)
11C02
Confining
EFF-CONF
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
max(09B01;09C02)
09B04
1 1 1 1 1
max(09B01;09C02)
09B04
1 1 1 1 1
max(04C01;04C02;09 09B04
B02;09C01)
1 1 1 1 1
max(04C01;04C02;09 09B04
B02;09C01)
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
Replay of transaction
1 1 1 1 1
1 1 1 1
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
09B03
Prevention
EFF-PREV
Confining
EFF-CONF
09B03
09B04
09B03
09B04
max(min(07A03;07A0 09B04
4;08F02);min(09A03;0
9A04;08F02);09B01;0
9C02)
max(min(07A01;07A0 09B04
2);min(09A01;09A02))
max(05C03;05C04)
09B04
max(05C03;05C04)
09B04
max(05C01;05C02;09 09B04
B02;09C01)
max(05C01;05C02;09 09B04
B02;09C01)
max(04C01;09C01;09 09F03
F02)
09F01
1 1 1 1
1 1 1 1
1 1 1 1
11C05
1 1 1 1
02D05
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1 0
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
max(09B05;min(07A0 09B04
1;07A02;08F01);min(0
9A01;09A02))
1 1 1 1 1
max(09B05;min(07A0 09B04
3;07A04;08F02);min(0
9A03;09A04))
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
Confining
EFF-CONF
11C05
11C05
08H02
08H02
08H03
08H02
08H02
max(09B05;10B06)
09B04
max(09B05;08D03)
09B04
09B05
09B04
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1
09C02
1 1 1 1
max(08A05;09C02)
1 1 1 1
max(10B04;09C02)
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
Confining
EFF-CONF
max(09B05;min(07A0 09B04
1;07A02;08F01);min(0
9A01;09A02))
max(09B05;min(07A0 09B04
3;07A04;08F02);min(0
9A03;09A04))
max(09B01;09C02)
09B04
max(09B01;09C02)
max(08A05;09C02)
07C01
07C01
max(min(07A01;07A0
2);min(09A01;09A02))
max(min(07A03;07A0
4;08F02;08C06);min(0
9A03;09A04))
09C02
max(05B03;min(07A0
3;07A04))
max(min(05B04;05B0
5;05B06;05B07;06B0
2);min(07A03;07A04))
08A06
09B04
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
Disclosure, due to an error, of files shared for office work due to a procedure
error during production
1 1 1 1
Disclosure, due to an error, of files shared for office work due to a procedure
error during a hardware maintenance operation
1 1 1 1
Diversion of files shared for office work during user treatments, by a user
authorized legitimately, connected from the internal network
1 1 1 1
Diversion of files shared for office work during user treatments, by a user
authorized illegitimately, connected from the internal network
1 1 1 1
Diversion of files shared for office work during user treatments, by a user not
authorized, connected from the internal network
1 1 1 1
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
min(05B08;05B09)
max(min(07B01;08A0
5);09C02)
09C02
08C03
09C02
08C04
09C02
03B06
max(min(03B03;03B0
4);09C02)
max(08C07;09C02)
08C03
max(08C03;09C02)
08C04
max(08C04;09C02)
11C01
max(11C01;11C03)
min(07A01;07A02)
max(min(07A03;07A0
4;08C06;08F02);11C0
1)
Confining
EFF-CONF
1 1 1 1
11C01
1 1 1 1
max(11C01;11C03)
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
seriousness
Likelihood
Impact
Impact
Diversion of files shared for office work during production, by a member of the
production team
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
max(05B03;min(07A0
3;07A04);11C01)
max(min(05B04;05B0
5;05B06;05B07;06B0
2);min(07A03;07A04);
11C01)
max(min(05B08;05B0
9);11C01)
02C05
11C01
11C01
08C03
11C01
08C04
11C01
max(min(03B03;03B0
4);11C01)
max(08C07;11C01)
08C03
max(08C03;11C01)
08C04
max(08C04;11C01)
Confining
EFF-CONF
1 1 1 1
Disclosure, due to an error, of files used for personal office activity due to a
procedure error, during a hardware maintenance operation
1 1 1 1
Diversion of files used for personal office activity, by a member of the staff not
authorized, directly connected to the workstation, while the user is absent
1 1 1 1
max(min(11B01;11E0
1);11C01)
Diversion of files used for personal office activity, by a member of the staff not
authorized, directly connected to the workstation, outside working hours
1 1 1 1
max(min(11B01;11E0
1);11C01)
1 1 1 1
1 1 1 1
1 1 1 1 0
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
seriousness
Likelihood
Impact
Impact
Disclosure, due to an error, of files used for personal office activity due to a
procedure error, during user treatments
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
11C01
max(11C01;11C03)
min(11E02;11E03)
11C01
max(11C01;11C03)
11C01
02C05
max(min(02C01;02C0
2;02C03);11C02)
02C05
max(02C06;11C02)
max(02C04;02C05)
max(min(02C01;02C0
2;02C03);11C02)
02C05
11C02
11C02
02C05
max(min(02C01;02C0
2;02C03;11B01);11C0
1)
Confining
EFF-CONF
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
02C05
max(02C06;11B01;11
C01)
max(02C04;02C05)
max(min(02C01;02C0
2;02C03;11B01);11C0
1)
02C05
max(11B01;11C01)
max(11B01;11C01)
02D02
02D02
02C05
max(02A02;02C03;02
D02)
02C05
02D02
02C05
max(02D02;min(02C0
1;02C02;02C03))
02C05
max(02D02;min(02C0
1;02C02;02C06))
02D02
max(02D02;11C06)
max(02D02;11C06)
02D02
Confining
EFF-CONF
1 1 1 1
02D02
1 1 1 1
02D03
1 1 1 1
1 1 1 1
03B06
1 1 1 1
03B06
1 1 1 1
03B06
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
08A07
08A07
08A07
08A07
08A07
08A07
08A07
min(08F02;08F03)
max(min(07A01;07A0
2;08F01);min(08F01;0
9A01;09A02))
max(min(05B01;05B0
2;05B03;05B07;06C0
2);min(07A03;07A04;0
8F02);min(09A03;09A
04))
min(08F02;08F03)
max(04B02;min(05B0
4;05B05;05B06;05B0
7);min(07A03;07A04;0
8F02);min(09A03;09A
09C03
04))
07B01
Confining
EFF-CONF
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
max(04B03;04C01;09
C01)
1 1 1 1
max(04B03;04C01;09
C01)
1 1 1 1
11C05
1 1 1 1
1 1 1 1
11C05
1 1 1 1
11C05
1 1 1 1
1 1 1 1
Theft of post mail, during collection or diffusion, in the post mail office
1 1 1 1
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
max(05C03;09C01)
max(03B07;05C01;09
C01)
max(min(06C01;06C0
2);09C01)
min(06A01;06C03)
09C01
max(06A04;09C01)
max(06A02;09C01)
11C05
02D05
02D04
Confining
EFF-CONF
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
02D07
1 1 1 1
02D07
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
1 1 1 1
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
Confining
EFF-CONF
02D04
02D05
02D05
02D05
02D07
02D07
02D07
08H03
max(08H03;09C02)
08H03
max(08H03;09C02)
08H03
max(08H03;09C02)
03D01
min(03D02;03D03)
03C01
min(03C02;03C03)
03A02
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
Dissuasion
EFF-DISS
Prevention
EFF-PREV
Confining
EFF-CONF
12A02
12A03
min(12E02;12E03)
12A03
03C01
min(03A01;03A04)
03A05
1 1 1 1 0
1 1 1 1 1
2
03D01
min(03D02;03D03)
03C01
min(03C02;03C03)
1 1 1 1 1
1 1 1 1 0
1 1 1 1 0
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
1 1 1 1 0
seriousness
Likelihood
calculated
values
Impact
Type AICE
Impact
Type AEM
security decided
measures values
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
1 1 1 1 1
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
Confining
EFF-CONF
3
03B06
Prevention
EFF-PREV
min(03B01;03B02;03
B03)
03B04
min(03B03;03B04;03
B06)
min(02A01;02A02;02
A03;02A05)
02A04
06A02
04D03
06C02
04D02
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 1
1 1 1 1 1
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
Confining
EFF-CONF
min(06C02;06C03)
04D02
min(06C02;06C03)
03C01
min(03A01;03A04)
03A05
03D01
min(03D02;03D03)
03C01
min(03C02;03C03)
min(03B01;03B02;03
B03)
03B04
2
2
min(03B03;03B04;03
B06)
03B06
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 1
1 1 1 1 0
1 1 1 1 0
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
min(02A01;02A02;02
A03;02A05)
Confining
EFF-CONF
02A04
min(06C02;06C03)
04D01
06A02
05D03
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 1
1 1 1 1 1
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 1
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
06C02
Confining
EFF-CONF
05D02
min(06C02;06C03)
05D02
min(06C02;06C03)
03C01
min(03A01;03A04)
03A05
03B06
03D01
min(03D02;03D03)
03C01
min(03C02;03C03)
min(03B01;03B02;03
B03)
03B04
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
Confining
EFF-CONF
min(03B03;03B04;03
B06)
min(02A01;02A02;02
A03;02A05)
02A04
min(06C02;06C03)
05D01
08A03
08E03
1 1 1 1 0
max(07A02;09A02)
1 1 1 1 0
min(07A03;07A04)
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
min(08F02;08F03)
1 1 1 1 0
min(07C02;08E02)
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
max(min(07A01;07A0
2;08F01);min(09A01;0
9A02))
1 1 1 1 0
max(min(07A03;07A0
4;08F02);min(09A03;0
9A04))
1 1 1 1 0
min(08F02;08F03)
1 1 1 1 0
min(08F02;08F03)
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
Confining
EFF-CONF
min(07C01;08E02)
min(07C01;08E02)
max(07A02;09A02)
min(07A03;07A04)
min(08F02;08F03)
10B05
10B06
08E02
10B05
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
03B06
1 1 1 1 0
03B06
1 1 1 1 0
03B06
1 1 1 1 0
03B06
1 1 1 1 0
03B06
1 1 1 1 0
03B06
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
Confining
EFF-CONF
03D01
03D01
min(03B03;03B04)
08C03
03C01
min(03A01;03A04)
08A03
08E03
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
Confining
EFF-CONF
08C03
08C05
03C01
min(03A01;03A04)
03A05
03D01
min(03D02;03D03)
03C01
min(03C02;03C03)
09E01
03B06
min(03B01;03B02;03
B03)
03B04
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
08A03
1 1 1 1 0
08A03
1 1 1 1 0
07D01
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
Confining
EFF-CONF
min(03B03;03B04;03
B06)
min(02A01;02A02;02
A03;02A05)
02A04
min(08F02;08F03)
min(07C02;08E02)
08E01
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
max(07A02;09A02)
1 1 1 1 0
min(07A03;07A04)
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
min(08F02;08F03)
1 1 1 1 0
min(07C02;08E02)
1 1 1 1 0
1 1 1 1
10B05
1 1 1 1
10B06
1 1 1 1
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
min(07C01;07C02)
Prevention
EFF-PREV
Confining
EFF-CONF
08E01
min(08E02;08E03)
08A03
08E03
min(07C01;08E02)
min(07C01;08E02)
max(07A02;09A02)
min(07A03;07A04)
min(08F02;08F03)
08D03
08E02
1 1 1 1
1 1 1 1
1 1 1 1
min(08F02;08F03)
1 1 1 1
min(08F02;08F03)
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
03B06
1 1 1 1 0
03B06
1 1 1 1 0
03B06
1 1 1 1 0
03B06
1 1 1 1 0
03B06
1 1 1 1 0
03B06
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
max(min(07A01;07A0
2;08F01);min(09A01;0
9A02))
max(min(07A03;07A0
4;08F02);min(09A03;0
9A04))
10B05
03D01
03D01
min(03B03;03B04)
08C03
Confining
EFF-CONF
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
Confining
EFF-CONF
03C01
min(03A01;03A04)
08A03
08E03
08C03
08C05
03C01
min(03A01;03A04)
03A05
03D01
min(03D02;03D03)
03C01
min(03C02;03C03)
09E01
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
min(03B01;03B02;03
B03)
1 1 1 1 0
min(03B03;03B04;03
B063)
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1
1 1 1 1 0
1 1 1 1 0
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
03B06
Prevention
EFF-PREV
min(02A01;02A02;02
A03;02A05)
min(08F02;08F03)
min(07C02;08E02)
Confining
EFF-CONF
03B04
02A04
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
Confining
EFF-CONF
11A01
min(07C01;07C02)
08E01
min(08E02;08E03)
c interfaces, etc.)
11A01
min(11E02;11E03)
11D06
03A05
03D01
min(03D02;03D03)
03C01
min(03C02;03C03)
03A02
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
max(07A02;09A02)
1 1 1 1 0
min(07A03;07A04)
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
min(08F02;08F03)
1 1 1 1 0
min(07C02;08E02)
1 1 1 1 0
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
03B06
Prevention
EFF-PREV
min(03B01;03B02;03
B03)
Confining
EFF-CONF
03B04
min(03B03;03B04;03
B063)
08A03
min(07C01;08E02)
min(07C01;08E02)
max(07A02;09A02)
min(07A03;07A04)
min(08F02;08F03)
08E03
1 1 1 1 0
10B05
1 1 1 1 0
10B06
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
min(08F02;08F03)
1 1 1 1 0
min(08F02;08F03)
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
03B06
1 1 1 1 0
03B06
1 1 1 1 0
03B06
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
Confining
EFF-CONF
08E02
max(min(07A01;07A0
2;08F01);min(09A01;0
9A02))
max(min(07A03;07A0
4;08F02);min(09A03;0
9A04))
10B05
03D01
03D01
min(03B03;03B04)
1 1 1 1 0
03B06
1 1 1 1 0
03B06
1 1 1 1 0
03B06
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
Confining
EFF-CONF
08C03
03C01
min(03A01;03A04)
08A03
08E03
08C03
08C05
03C01
min(03A01;03A04)
03A05
03D01
min(03D02;03D03)
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
min(03B01;03B02;03
B03)
1 1 1 1 0
min(03B03;03B04;03
B06)
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
03C01
Confining
EFF-CONF
min(03C02;03C03)
09E01
03B06
min(02A01;02A02;02
A03;02A05)
03B04
02A04
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
08A03
1 1 1 1 0
08A03
1 1 1 1 0
07D01
08E01
1 1 1 1 0
08E01
min(08E02;08E03)
1 1 1 1 0
08A03
08E03
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
min(07C01;07C02)
Prevention
EFF-PREV
max(07A02;09A02)
min(07A03;07A04)
Confining
EFF-CONF
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
max(min(07A01;07A0
2;08F01);min(09A01;0
9A02))
1 1 1 1 0
max(min(07A03;07A0
4;08F02);min(09A03;0
9A04))
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
Confining
EFF-CONF
min(07C01;08E02)
min(07C01;08E02)
max(07A02;09A02)
min(07A03;07A04)
min(08F02;08F03)
min(07C02;08E02)
min(08F02;08F03)
10B05
10B06
08D03
08E02
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
03B06
1 1 1 1 0
03B06
1 1 1 1 0
03B06
1 1 1 1 0
03B06
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
min(08F02;08F03)
min(08F02;08F03)
10B05
03D01
03D01
min(03B03;03B04)
08C03
Confining
EFF-CONF
1 1 1 1 0
03B06
1 1 1 1 0
03B06
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
Confining
EFF-CONF
03C01
min(03A01;03A04)
08A03
08E03
08C03
08C05
03C01
min(03A01;03A04)
03A05
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
03B06
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
Dissuasion
EFF-DISS
Prevention
EFF-PREV
Confining
EFF-CONF
03D01
min(03D02;03D03)
03C01
min(03C02;03C03)
09E01
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
1 1 1 1 0
min(02A01;02A02;02
A03;02A05)
2
min(07C02;08E02)
1 1 1 1 0
03B04
min(03B03;03B04;03
B063)
min(08F02;08F03)
min(03B01;03B02;03
B03)
02A04
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 1
1 1 1 1 0
1 1 1 1 0
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Confining
EFF-CONF
08A03
08A03
min(07C01;07C02)
Prevention
EFF-PREV
07D01
08E01
08E01
min(08E02;08E03)
min(12A02;12B02)
12B01
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
12A03
Prevention
EFF-PREV
12B01
min(12E02;12E03)
min(12E01;12E02)
12A04
06A02
06B01
06A03
06B01
min(06C02;06C03)
min(06C01;06C02)
06A02
06B01
06A03
06B01
Confining
EFF-CONF
1 1 1 1 0
1 1 1 1 0
1 1 1 1 1
max(08A03;08B03;09 09B05
B05;10B01)
1 1 1 1 1
max(08A03;08B03;09 09B05
B05;10B05)
1 1 1 1 1
max(08B02;08B03;09 09B05
B05)
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
Confining
EFF-CONF
min(06C02;06C03)
min(06C01;06C02)
10B01
10B01
10B05
10B05
max(07C02;08F03)
max(08B02;08B03)
07C02
max(min(07A01;07A0 09B04
2;07A03;07A04);08B0
2;08B03;09B05)
max(08B03;09B05)
09B04
09B04
max(07C02;08F03)
max(07A05.09A05)
10B01
max(07A05.09A05)
09B04
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
10B05
Prevention
EFF-PREV
max(07A05.09A05)
08A04
min(07C02;08F03)
10B05
08A04
min(08F01;08F02)
08B01
08B01
08A04
08B01
min(08F02;08F03)
max(min(07A01;07A0
2;07A03;07A04);08B0
1)
Confining
EFF-CONF
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
08B01
08B01
min(07C02;08F03)
min(08F01;08F02)
08B01
08B01
08A04
08B01
min(08F02;08F03)
max(min(07A01;07A0
2;07A03;07A04);08B0
1)
08B01
08B01
min(07C02;08F03)
Confining
EFF-CONF
1 1 1 1 0
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
Confining
EFF-CONF
min(08F01;08F02)
max(08A03;08B03;09 09B05
B05;10B01)
max(08A03;08B03;09 09B05
B05;10B05)
max(08B02;08B03;09 09B05
B05)
10B01
10B01
10B05
10B05
max(07C02;08F03)
max(08B02;08B03)
07C02
max(min(07A01;07A0 09B04
2;07A03;07A04);08B0
2;08B03;09B05)
max(08B03;09B05)
09B04
09B04
09B04
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
Prevention
EFF-PREV
max(07C02;08F03)
max(07A05.09A05)
10B01
max(07A05.09A05)
10B05
max(07A05.09A05)
Dissuasion
EFF-DISS
seriousness
Likelihood
calculated
values
Impact
Type AICE
Impact
Type AEM
security decided
measures values
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Direct Selection
Intrinsic
values
DESCRIPTION
08A04
1 1 1 1 1
3
min(07C02;08F03)
1 1 1 1 1
3
10B05
1 1 1 1 1
08A04
3
min(08F01;08F02)
1 1 1 1 1
1 1 1 1 0
10B02
Confining
EFF-CONF
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
1 1 1 1 0
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
10B02
10B02
10B02
10B02
max(min(07A01;07A0
2);min(09A01;09A02);
10B02)
max(min(07A03;07A0
4;08F02;08C06);min(0
9A03;09A04);10B02)
10B02
10B02
10B02
08C03
10B02
08C04
10B02
03B06
max(min(03B03;03B0
4);10B02)
max(08C07;10B02)
08C03
max(08C03;10B02)
Confining
EFF-CONF
1 1 1 1 0
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 0
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
08C04
Prevention
EFF-PREV
max(08C04;10B02)
13A01
13A03
13A02
13A04
13B01
13B03
13B02
13B04
min(13C01;13C02)
Confining
EFF-CONF
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
13C04
13C03
13C05
min(11A03;13D01)
13D03
13D02
min(11A03;13D04)
13E01
13E03
13E02
13E04
Confining
EFF-CONF
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
1 1 1 1 1
seriousness
Likelihood
Impact
Impact
Exposure
seriousness
Dissuasion
Prevention
Confining
Palliation
Confinability
Impact
Likelihood
Type AICE
calculated
values
Type AEM
security decided
measures values
Direct Selection
Intrinsic
values
DESCRIPTION
Dissuasion
EFF-DISS
Prevention
EFF-PREV
13F01
13F03
13F02
13F04
Confining
EFF-CONF
las)
Palliative
EFF-PALL
08D05
08D05
08D05
08D05
08D05
08D05
08D05
08D05
08D05
08D05
08D05
08D05
08D05
08D05
08D05
08D05
las)
Palliative
EFF-PALL
08D05
08D05
08D05
min(08D05;08D09)
min(08D05;08D09)
min(08D05;08D09)
min(08D05;08D09)
08D05
08D05
08D05
08D05
08D05
08D05
08D05
08D05
08D05
08D05
las)
Palliative
EFF-PALL
08D05
08D05
08D05
08D05
09D02
09D02
11D04
11D04
11D04
11D04
11D04
11D04
11D04
11D04
11D04
11D04
11D04
las)
Palliative
EFF-PALL
min(11D04;08D09)
min(11D04;08D09)
11D04
11D04
11D04
11D04
11D04
11D04
11D04
11D08
11D08
11D05
11D05
11D05
las)
Palliative
EFF-PALL
11D05
11D05
11D05
11D05
11D05
11D05
11D05
11D05
11D05
11D05
11D05
11D05
11D05
11D05
11D05
11D05
11D05
11D05
11D05
las)
Palliative
EFF-PALL
11D05
11D05
11D08
11D08
las)
Palliative
EFF-PALL
09F03
09F03
09F03
09F03
09F03
09F03
11C05
11C05
11C05
11C05
11C05
11C05
11C05
11C05
11C05
las)
Palliative
EFF-PALL
02D05
02D05
02D05
02D05
02D04
02D04
02D04
02D05
02D04
02D05
02D05
02D05
02D04
02D04
las)
Palliative
EFF-PALL
08H02
las)
Palliative
EFF-PALL
08H02
08H02
08H02
08H02
08H02
08H02
08H02
08H02
09D02
09D02
08D05
08D05
las)
Palliative
EFF-PALL
08D05
08D05
08D05
08D05
08D05
08D05
08D05
08D05
08D05
min(08D05;08D09)
min(08D05;08D09)
min(08D05;08D09)
min(08D05;08D09)
08D05
08D05
las)
Palliative
EFF-PALL
08D05
08D05
08D05
08D05
08D05
08D05
las)
Palliative
EFF-PALL
las)
Palliative
EFF-PALL
las)
Palliative
EFF-PALL
las)
Palliative
EFF-PALL
las)
Palliative
EFF-PALL
las)
Palliative
EFF-PALL
las)
Palliative
EFF-PALL
las)
Palliative
EFF-PALL
las)
Palliative
EFF-PALL
las)
Palliative
EFF-PALL
las)
Palliative
EFF-PALL
las)
Palliative
EFF-PALL
01E03
01E03
01E03
01E03
las)
Palliative
EFF-PALL
12C03
12C03
12C03
12C03
12C04
12C04
12C04
12C04
12C04
12C01
03A06
las)
Palliative
EFF-PALL
03A02
12C01
12C01
12C01
12C01
12C04
12C05
04A04
04A04
04A04
04A04
las)
Palliative
EFF-PALL
04A04
04A04
max(04A01;04A05;mi
n(01E01;01E02))
max(04A01;04A05;mi
n(01E01;01E02))
04A05
04A05
04A05
max(04A01;04A02)
03A06
03A02
04A02
04A02
las)
Palliative
EFF-PALL
04A02
04A02
04A05
04A04
04A04
04A06
min(01E01;01E02)
01C02
01C02
04A03
05A05
05A05
05A05
las)
Palliative
EFF-PALL
05A05
05A05
05A05
max(05A02;05A06;mi
n(01E01;01E02))
max(05A02;05A06;mi
n(01E01;01E02))
05A06
05A06
05A06
max(05A02;05A03)
03A06
03A02
05A03
las)
Palliative
EFF-PALL
05A03
05A03
05A03
05A06
05A05
05A05
05A07
min(01E01;01E02)
01C02
01C02
05A04
08D04
08D04
las)
Palliative
EFF-PALL
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
las)
Palliative
EFF-PALL
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
las)
Palliative
EFF-PALL
08D04
08D04
08D04
max(07D01;09E01;mi
n(08D06;09E02);min(
01E01;01E02))
max(07D01;09E01;mi
n(08D06;09E02);min(
01E01;01E02))
min(08D06;09E02)
min(08D06;09E02)
min(08D06;09E02)
max(07D01;08D01)
03A06
03A02
03A03
08D01
las)
Palliative
EFF-PALL
08D01
08D01
08D01
min(08D06;09E02)
08D04
08D04
08D08
09E03
min(01E01;01E02)
01C02
01C02
08D02
10A04
08D03
las)
Palliative
EFF-PALL
08D10
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
las)
Palliative
EFF-PALL
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
las)
Palliative
EFF-PALL
08D04
08D04
08D04
08D04
08D04
08D04
08D04
max(07D01;09E01;mi
n(08D06;09E02);min(
01E01;01E02))
max(07D01;09E01;mi
n(08D06;09E02);min(
01E01;01E02))
min(08D06;09E02)
min(08D06;09E02)
min(08D06;09E02)
max(07D01;08D01)
las)
Palliative
EFF-PALL
03A06
03A02
08D01
08D01
08D01
08D01
min(08D06;09E02)
08D04
08D04
08D08
09E03
min(01E01;01E02)
las)
Palliative
EFF-PALL
01C02
01C02
11D02
08D10
11D03
11D03
11D03
11D03
max(01E03;11D07)
max(01E03;11D07)
max(01E03;11D07)
max(01E03;11D07)
max(01E03;11D07)
las)
Palliative
EFF-PALL
max(01E03;11D07)
max(01E03;11D07)
11D01
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
las)
Palliative
EFF-PALL
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
las)
Palliative
EFF-PALL
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
max(07D01;09E01;mi
n(08D06;09E02);min(
01E01;01E02))
max(07D01;09E01;mi
n(08D06;09E02);min(
01E01;01E02))
min(08D06;09E02)
min(08D06;09E02)
las)
Palliative
EFF-PALL
min(08D06;09E02)
max(07D01;08D01)
03A06
03A02
03A03
08D01
08D01
08D01
08D01
min(08D06;09E02)
08D08
09E03
las)
Palliative
EFF-PALL
min(01E01;01E02)
01C02
01C02
08D02
10A04
08D03
08D10
08D04
08D04
08D04
08D04
08D04
08D04
las)
Palliative
EFF-PALL
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
las)
Palliative
EFF-PALL
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
las)
Palliative
EFF-PALL
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
08D04
max(07D01;09E01;mi
n(08D06;09E02);min(
01E01;01E02))
max(07D01;09E01;mi
n(08D06;09E02);min(
01E01;01E02))
min(08D06;09E02)
las)
Palliative
EFF-PALL
min(08D06;09E02)
min(08D06;09E02)
max(07D01;08D01)
03A06
03A02
08D01
08D01
08D01
08D01
08D04
08D04
las)
Palliative
EFF-PALL
min(08D06;09E02)
08D08
09E03
min(01E01;01E02)
01C02
01C02
08D02
10A04
08D03
las)
Palliative
EFF-PALL
las)
Palliative
EFF-PALL
las)
Palliative
EFF-PALL
las)
Palliative
EFF-PALL
las)
Palliative
EFF-PALL
las)
Palliative
EFF-PALL
las)
Palliative
EFF-PALL
las)
Palliative
EFF-PALL
las)
Palliative
EFF-PALL
las)
Palliative
EFF-PALL
Availability
Integrity
S. 1 S. 2 S. 3 S. 4
Confidentiality
S. 1 S. 2 S. 3 S. 4
S. 1 S. 2 S. 3 S. 4
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
>
>
>
>
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
>
>
>
>
>
>
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 > 0
0 > 0
0 > 0
0
0
0 > 0
0 > 0
0 > 0
0
0 > 0
0 >
0
0
0
0
0
0
0 >
0 >
0 >
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 >
0 >
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 >
>
>
>
>
>
>
>
>
>
>
Service assets
General Services
G01 User workspace and environment
G02 Telecommunication Services (voice, fax, audio & videoconferencing, etc.)
0
0
0
0
0
>
>
>
>
>
>
>
>
>
> 0
>
Efficiency
0
0
0
0
0
341702815.xls ! Risk%asset
569
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
>
>
>
>
>
>
Dcembre 2006
Code
type
AB.P
AB.S
AC.E
Event
Code
AB.P.Pep
AB.P.Per
AB.S.Ene
AB.S.Cli
AB.S.Loc
AB.S.Maa
AB.S.Mas
Lightning
AC.E.Fou
Fire
AC.E.Inc
Flooding
AC.E.Ino
AC.M.Equ
AC.M.Ser
AC.M
AV.P
AV.P.Gre
Design error
ER.L
ER.L.Lin
ER.P.Peo
ER.P.Pro
ER.P.Prs
IC.E.Age
Water damage
IC.E.De
Electrical overloading
IC.E.Pol
IC.E.Se
Production incident
IF.L.Exp
IF.L.Lsp
IF.L.Ver
Virus
IF.L.Vir
MA.L.Blo
MA.L.Cfg
MA.L.Del
Electromagnetic harnessing
MA.L.Ele
MA.L.Fal
MA.L.Fau
Replay of transaction
MA.L.Rej
MA.L.Sam
MA.L.Tot
MA.L.Vol
MA.P.Fal
Terrorism
MA.P.Ter
Vandalism
MA.P.Van
Robbery
MA.P.Vol
Inadequate procedures
PR.N.Api
PR.N.Naa
PR.N.Nam
PR.N.Nav
IC.E
IF.L
MA.L
MA.P
PR.N
S. 2
S. 3
S. 4
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Action plans
Number of scenarios
Family of
scenarios
S1
D01-A
S3
S4
Tot
Measures
needing
improvement
Deterrence :
Deterrence :
Prevention :
Prevention :
Prevention :
Confining :
Palliation :
Plan of type A
Plan of type A
Plan of type A
Plan of type B
Plan of type A
Plan of type A
Plan of type E
1
1
1
1
1
1
1
3
3
4
4
4
3
3
07C02
08E02
07A02
08A06
03A04
08E03
08D09
1
1
1
1
1
4
4
4
3
3
07A03
08C03
03B03
1
1
1
4
4
4
09D02
Deterrence :
Deterrence :
Prevention :
Prevention :
Plan of type A
Plan of type A
Plan of type A
Plan of type A
08F02
03B06
07A02
03A01
1
1
1
1
08F03
4
4
07A03
03A04
1
1
4
4
07A04
03B03
1
1
4
4
Plan of type A
Plan of type E
08E03
08D09
1
1
3
3
11D04
11D08
Deterrence :
Deterrence :
Plan of type A
Plan of type B
08F02
02C05
1
1
4
4
08F03
Prevention :
Prevention :
Confining :
Palliation :
Plan of type A
Plan of type B
08D07
02C03
1
1
4
4
11B01
02D02
1
1
4
4
11D06
03A01
1
1
4
4
Plan of type E
11D05
11D08
Deterrence :
Plan of type B
02C05
Prevention :
Confining :
Palliation :
Plan of type E
02D01
02D06
11B02
Deterrence :
Plan of type A
08F02
08F03
Prevention :
Confining :
Palliation :
Plan of type D
03C01
03D01
07A03
Plan of type E
09F03
Plan of type A
Plan of type C
08F02
03C01
1
1
4
4
08F03
03D01
1
1
4
4
07A03
Loss of documents
0
D07-A
Current
level
D06-A
Services to
improve
07C01
03B06
07A01
08A03
03A01
08E02
08D05
Confining :
Palliation :
D04-A
Decision
D03-A
Type of plan
D02-A
S2
Deterrence :
Prevention :
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Confining :
Palliation :
D08-A
Type of plan
Decision
Plan of type E
Services to
improve
Current
level
11C05
02D04
02D05
D09-A
Prevention :
Confining :
Palliation :
Plan of type E
Deterrence :
Plan of type D
02D06
02D07
Prevention :
Confining :
Plan of type E
02D06
02D07
Deterrence :
Plan of type A
08H03
Prevention :
Confining :
Palliation :
Plan of type B
Plan of type A
Plan of type D
08H01
08C05
08H02
1
1
1
08H03
09D02
08D05
08D09
Plan of type B
Plan of type B
Plan of type B
Plan of type C
Plan of type C
Plan of type E
08D03
07A01
09A01
09B01
09C02
09B04
1
1
1
1
1
1
4
4
4
4
4
3
10B05
07A02
09A02
1
1
1
4
4
4
10B06
07A03
09A03
1
1
1
4
4
4
Plan of type D
Plan of type A
Plan of type D
Plan of type C
11C01
11C03
11C04
07A01
1
1
1
1
4
4
4
4
07A02
07A03
Palliation :
D10-A
D11-A
Prevention :
Confining :
Palliation :
D01-I
D02-I
Plan of type E
Deterrence :
Prevention :
Prevention :
Prevention :
Prevention :
Prevention :
Confining :
Palliation :
Deterrence :
Prevention :
Prevention :
Prevention :
Prevention :
Confining :
Palliation :
Number of scenarios
Family of
scenarios
S1
D03-I
Type of plan
Decision
Services to
improve
Current
level
Deterrence :
Prevention :
Prevention :
Prevention :
Prevention :
Confining :
Palliation :
Plan of type C
Plan of type A
Plan of type D
Plan of type B
11C01
11C03
11C04
11C02
1
1
1
1
4
4
4
4
Deterrence :
Plan of type A
09B03
Prevention :
Prevention :
Prevention :
Plan of type A
Plan of type C
Plan of type C
09B03
09B01
09C01
1
1
1
4
4
4
09B02
09C02
1
1
4
4
09F01
Prevention :
Prevention :
Plan of type C
Plan of type A
04C01
07A01
1
1
4
4
04C02
07A02
1
1
4
4
05C01
07A03
1
1
4
4
Confining :
Plan of type E
09B04
Confining :
Palliation :
Plan of type A
09F03
Plan of type E
11C05
Plan of type E
02D05
Deterrence :
Plan of type B
08H03
Prevention :
Confining :
Palliation :
Plan of type D
08H02
09B05
09B01
09C02
07A01
1
1
1
1
4
4
4
4
07A02
07A03
Deterrence :
Prevention :
Confining :
Palliation :
Deterrence :
Prevention :
Confining :
Palliation :
D11-I
Measures
needing
improvement
D10-I
Tot
D08-I
S4
D07-I
S3
D06-I
S2
Deterrence :
Prevention :
Prevention :
Prevention :
Prevention :
Plan of type D
Plan of type B
Plan of type B
Plan of type C
Number of scenarios
Family of
scenarios
S1
D01-C
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Prevention :
Confining :
Palliation :
Plan of type B
Plan of type E
08D03
09B04
1
1
4
3
10B06
Deterrence :
Prevention :
Prevention :
Prevention :
Plan of type B
Plan of type E
Plan of type B
Plan of type A
03B06
09C02
07B01
07A01
1
1
1
1
3
4
4
4
08C03
08C04
08A05
07A02
1
1
4
4
08A06
07A03
1
1
4
4
Prevention :
Prevention :
Plan of type A
Plan of type B
05B03
03B03
1
1
4
4
05B04
03B04
1
1
4
4
05B05
08C03
1
1
4
4
Deterrence :
Prevention :
Prevention :
Prevention :
Plan of type B
Plan of type E
Plan of type A
Plan of type B
08C03
11C01
07A01
03B03
1
1
1
1
3
4
4
4
08C04
02C05
07A02
03B04
1
1
4
4
07A03
08C03
1
1
4
4
Prevention :
Confining :
Palliation :
Plan of type A
05B03
05B04
05B05
Deterrence :
Prevention :
Prevention :
Prevention :
Confining :
Plan of type C
Plan of type E
Plan of type C
Plan of type B
02C04
11C01
11B01
02C01
1
1
1
1
3
4
4
4
02C05
11C02
11E01
02C02
1
1
1
1
3
4
4
4
11E02
02C03
Deterrence :
Plan of type B
02C05
Prevention :
Plan of type E
02D02
02D03
Prevention :
Confining :
Palliation :
Plan of type B
02C01
02C02
02C03
Deterrence :
Prevention :
Confining :
Palliation :
Plan of type C
Plan of type E
03B06
08A07
1
1
3
4
Confining :
Palliation :
D02-C
D03-C
Palliation :
D04-C
Disclosure of documents
0
D05-C
D06-C
Number of scenarios
Family of
scenarios
D07-C
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Deterrence :
Prevention :
Prevention :
Prevention :
Plan of type B
Plan of type B
Plan of type C
Plan of type B
06A01
09A01
05C01
07A01
1
1
1
1
3
4
4
4
06C03
09A02
05C03
07A02
1
1
1
1
3
4
Prevention :
Prevention :
Prevention :
Confining :
Palliation :
Plan of type B
Plan of type B
Plan of type A
03B07
06A02
09C03
1
1
1
3
3
4
04B02
06A04
1
1
Plan of type E
11C05
02D05
08F02
09A03
09C01
07A03
1
1
1
1
3
4
4
4
3
3
04B03
06C01
1
1
3
3
Prevention :
Confining :
Palliation :
D08-C
D09-C
Deterrence :
Prevention :
Confining :
Palliation :
Plan of type E
02D04
Deterrence :
Plan of type C
02D07
Prevention :
Confining :
Palliation :
Plan of type D
02D07
Deterrence :
Plan of type E
08H03
Prevention :
Confining :
Palliation :
Plan of type E
09C02
03A02
03C02
01E03
1
1
1
4
4
3
03C01
03C03
1
1
4
4
03D01
03D02
1
1
4
4
G01-A
D10-C
0
G02-A
Prevention :
Confining :
Palliation :
Plan of type D
Plan of type C
Plan of type E
Deterrence :
Prevention :
Plan of type A
Plan of type A
03B06
02A01
1
1
3
4
12E02
02A02
1
1
3
4
12E03
02A03
1
1
3
4
Prevention :
Prevention :
Plan of type B
Plan of type A
03A01
12A02
1
1
4
4
03A02
03A04
Number of scenarios
Family of
scenarios
S1
R01-A
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Confining :
Plan of type A
02A04
03B04
03C02
Palliation :
Plan of type E
03A02
03A06
12C01
Plan of type A
Plan of type A
Plan of type A
Plan of type A
Plan of type A
Plan of type E
03B06
02A01
03A01
04D01
02A04
01C02
1
1
1
1
1
1
3
4
4
4
4
3
06C02
02A02
03A02
06A02
03B04
01E02
1
1
1
1
1
1
3
4
4
4
4
3
06C03
02A03
03A04
06C02
03C02
03A02
1
1
1
1
1
1
3
4
4
4
4
3
Plan of type A
Plan of type A
Plan of type A
Plan of type A
Plan of type A
Plan of type E
Plan of type A
03B06
02A01
03A01
05D01
02A04
01C02
03A02
1
1
1
1
1
1
1
3
4
4
4
4
3
3
06C02
02A02
03A02
06A02
03B04
01E01
03A06
1
1
1
1
1
1
1
3
4
4
4
4
3
3
06C03
02A03
03A04
06C02
03C02
01E02
05A02
1
1
1
1
1
1
1
3
4
4
4
4
3
3
Deterrence :
Prevention :
Plan of type B
Plan of type A
03B06
07A01
1
1
3
4
07C01
07A02
1
1
3
4
07C02
07A03
1
1
3
4
Prevention :
Prevention :
Prevention :
Confining :
Palliation :
Palliation :
Plan of type A
Plan of type A
Plan of type A
Plan of type A
Plan of type A
Plan of type D
02A01
03A01
07D01
02A04
01C02
01E01
1
1
1
1
1
1
4
4
4
3
3
3
02A02
03A04
08A03
03B04
08D01
01E02
1
1
1
1
1
1
4
4
4
3
3
3
02A03
03A05
08E01
03C02
08D02
03A02
1
1
1
1
1
1
4
4
4
3
3
3
Deterrence :
Prevention :
Prevention :
Prevention :
Prevention :
Confining :
Palliation :
Plan of type B
Plan of type A
Plan of type A
Plan of type A
Plan of type A
Plan of type A
Plan of type A
03B06
07A01
02A01
03A01
07D01
02A04
01C02
1
1
1
1
1
1
1
3
4
4
4
4
3
3
07C01
07A02
02A02
03A04
08A03
03B04
08D01
1
1
1
1
1
1
1
3
4
4
4
4
3
3
07C02
07A03
02A03
03A05
08E01
03C02
08D02
1
1
1
1
1
1
1
3
4
4
4
4
3
3
Palliation :
Plan of type D
01E01
01E02
03A02
3
4
4
4
3
3
11E03
03B03
03C01
03C03
11D07
1
1
1
1
4
4
3
Deterrence :
Prevention :
Prevention :
Prevention :
Confining :
Palliation :
Deterrence :
Prevention :
Prevention :
Prevention :
Confining :
Palliation :
Palliation :
S03-A
Tot
S02-A
S4
S01-A
S3
R02-A
S2
Unavailability of the interface services or peripherals needed by users (PC, printers, specific interfaces, etc.)
0
Deterrence :
Prevention :
Prevention :
Prevention :
Confining :
Palliation :
Plan of type A
Plan of type A
Plan of type A
Plan of type B
Plan of type B
Plan of type E
03B06
11A01
03B01
03A02
03B04
01E03
1
1
1
1
1
1
3
4
4
4
3
3
11E02
11D06
03B02
03A05
03C02
11D03
1
1
1
1
1
1
Number of scenarios
Family of
scenarios
S1
S04-A
S3
S4
Tot
Measures
needing
improvement
Deterrence :
Prevention :
Prevention :
Prevention :
Prevention :
Confining :
Palliation :
Palliation :
Plan of type B
Plan of type A
Plan of type A
Plan of type A
Plan of type A
Plan of type A
Plan of type B
Plan of type D
03B06
07A01
02A01
03A01
07D01
02A04
01C02
01E01
1
1
1
1
1
1
1
1
3
4
4
4
4
3
3
3
07C01
07A02
02A02
03A04
08A03
03B04
08D01
01E02
1
1
1
1
1
1
1
1
3
4
4
4
4
3
3
3
07C02
07A03
02A03
03A05
08E01
03C02
08D02
03A02
1
1
1
1
1
1
1
1
3
4
4
4
4
3
3
3
Plan of type B
Plan of type A
03B06
07A01
1
1
3
4
07C01
07A02
1
1
3
4
07C02
07A03
1
1
3
4
Prevention :
Prevention :
Prevention :
Confining :
Palliation :
Plan of type A
Plan of type A
Plan of type A
Plan of type A
Plan of type A
02A01
03A01
07D01
02A04
01C02
1
1
1
1
1
4
4
4
3
3
02A02
03A04
08A03
03B04
08D01
1
1
1
1
1
4
4
4
3
3
02A03
03A05
08E01
03C02
08D02
1
1
1
1
1
4
4
4
3
3
Plan of type E
01E01
01E02
03A02
Plan of type C
Plan of type E
12A03
12A02
1
1
3
4
12E02
12B01
1
1
3
4
12E03
12B02
1
1
3
4
Plan of type C
Plan of type E
06A03
06A02
1
1
3
4
06C02
06B01
1
1
3
4
06C03
06C01
1
1
3
4
Plan of type C
Plan of type E
06A03
06A02
1
1
3
4
06C02
06B01
1
1
3
4
06C03
06C01
1
1
3
4
Deterrence :
Prevention :
Prevention :
Confining :
Palliation :
Plan of type C
Plan of type E
Plan of type B
Plan of type C
03B04
08A03
03B01
09B04
1
1
1
1
3
4
4
3
03B05
08A04
03B02
09B05
1
1
1
1
3
4
4
3
03B06
08B01
03B03
1
1
1
3
4
4
Deterrence :
Plan of type B
07C02
08A04
08F02
Deterrence :
Prevention :
Confining :
Palliation :
Deterrence :
Prevention :
Confining :
Palliation :
Deterrence :
Prevention :
Confining :
Palliation :
S02-I
S01-I
Current
level
R02-I
Services to
improve
Deterrence :
Prevention :
Palliation :
R01-I
Decision
G02-I
Type of plan
S05-A
S2
Number of scenarios
Family of
scenarios
S04-I
S1
S2
S3
S4
Tot
Prevention :
Prevention :
Confining :
Palliation :
Plan of type D
07A01
07A02
07A03
Deterrence :
Prevention :
Confining :
Palliation :
Plan of type B
Plan of type D
07C02
07A01
1
1
3
4
08A04
07A02
1
1
3
4
08F02
07A03
1
1
3
4
Deterrence :
Prevention :
Plan of type C
Plan of type E
03B04
08A03
1
1
3
4
03B05
08A04
1
1
3
4
03B06
08B01
1
1
3
4
Prevention :
Confining :
Palliation :
Plan of type B
Plan of type C
03B01
09B04
1
1
4
3
03B02
09B05
1
1
4
3
03B03
Deterrence :
Prevention :
Prevention :
Palliation :
Plan of type B
Plan of type E
Plan of type A
03B06
10B02
07A01
1
1
1
3
4
4
08C03
08C04
07A02
07A03
Deterrence :
Prevention :
Prevention :
Palliation :
Plan of type B
Plan of type D
1
1
4
4
13A02
13A03
Deterrence :
Prevention :
Prevention :
Palliation :
Plan of type B
Plan of type D
4
4
13B02
13B03
Deterrence :
Prevention :
Prevention :
Palliation :
Plan of type B
Plan of type D
1
1
4
4
13C02
13C03
Deterrence :
Prevention :
Prevention :
Palliation :
Plan of type B
Plan of type D
1
1
4
4
13D02
13D03
Deterrence :
Plan of type B
13A04
13A01
13B04
13B01
1
1
13C05
13C01
C05-E
C04-E
C03-E
Current
level
C02-E
Services to
improve
C01-E
Decision
S01-C
Type of plan
S05-I
Measures
needing
improvement
13D04
13D01
Non compliance of processes relating to the protection of computing systems and operations
0
13E04
Number of scenarios
Family of
scenarios
C06-E
S1
S2
S3
S4
Tot
Measures
needing
improvement
Prevention :
Prevention :
Palliation :
Type of plan
Decision
Plan of type D
Services to
improve
13E01
Current
level
13E02
13E03
4
4
13F02
13F03
Deterrence :
Prevention :
Prevention :
Palliation :
Plan of type B
Plan of type D
13F04
13F01
1
1
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
Number of scenarios
Family of
scenarios
S1
S2
S3
S4
Tot
Measures
needing
improvement
Type of plan
Decision
Services to
improve
Current
level
01 Organization of security
01A
01A01
01A02
01A03
01A04
01A05
01B
01B01
01B02
01B03
01B04
01B05
01C
01C01
01C02
01C03
01C04
01C05
01C06
01D
01D01
01D02
01D03
01D04
01D05
01E
01E01
01E02
01E03
02 Sites security
02A
02A01
02A02
02A03
02A04
D03-C
D02-C
D01-C
D11-I
D10-I
D08-I
D07-I
D06-I
D03-I
D02-I
D01-I
D11-A
D10-A
D09-A
D08-A
D07-A
D06-A
D04-A
D03-A
Objectives
from the
action plans
D02-A
SUB-SERVICE
D01-A
SERVICE
02A05
02B
02B01
02C
02C01
02C02
02C03
02C04
02C05
02C06
Access to the loading and unloading areas (goods receipt and consignment) or to areas open to
public
Protection Against Miscellaneous Environmental Risks
Analysis of Miscellaneous Environmental Risks
Control of access to office areas
Partitioning of office areas into protected zones
Physical access control to the protected office zones
Management of access authorizations to protected office area
Detection of intrusions into protected office areas
Monitoring of protected office areas
Control of movement of visitors and occasional service providers required to work in the offices
02D
02D01
02D02
02D03
02D04
02D05
02D06
02D07
0
0
0
0
0
0
0
0
0
0
0
03 Security of Premises
03A
03A01
03A02
03A03
03A04
03A05
03A06
03B
03B01
03B02
03B03
03B04
03B05
03B06
03B07
03B08
03C
03C01
03C02
03C03
03D
03D01
03D02
03D03
General Maintenance
Quality of energy supply
Continuity of energy supply
Air conditioning security
Quality of cabling
Lightning protection
Dependability of service equipment
Control of access to sensitive locations (other than office zones)
Access rights management to sensitive locations
Management of access authorizations granted to sensitive locations
Access control to sensitive locations
Intruder detection in sensitive locations
Perimeter monitoring (surveillance of entry points and surroundings of sensitive locations)
Surveillance of sensitive locations
Cabling access control
Location of sensible premises.
Security against water damage
Prevention of risk of water damage
Detection of water damage
Water evacuation
Fire security
Fire risk prevention
Fire detection
Fire extinguishing
0
0
0
0
0
0
0
0
0
0
0
0
0
04A01
04A02
04A03
04A04
04A05
04A06
04B
04B01
04B02
04B03
04C
04C01
04C02
04D
04D01
04D02
04D03
0
0
05B05 User or requestor authentication for outside access to the local area network
(e.g. from the switched telephone network (POTS), X25, ISDN, broadband, Internet, etc.)
05B06 User or requestor authentication for access requests to the local area network from a WiFi subnetwork
05B07
05B08
05B09
05C
05C01
05C02
05C03
05C04
0
0
0
0
0
0
0
0
0
0
05D
05D01
05D02
05D03
06 Network operations
06A
Security of operations procedures
06A01 Security in the relationship with operational personnel (employees, suppliers or service providers)
06A02 Control of the implementation or upgrade of software or hardware
06A03 Control of maintenance operations
06A04 Control of Remote Maintenance
06A05 Management of Operating Procedures for Network Operation
06A06 Management of service providers relating to networks
06A07 Taking into account the confidentiality during maintenance operations on network equipment.
06A08 Contract Management of Network Services
06B
06B01
06B02
06C
06C01
06C02
06C03
06C04
06D
06D01
06D02
0
0
0
0
0
0
0
0
08 IT Production environment
08A
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
08A01 Consideration of security in relation with operational personnel (permanent and temporary staff)
08A02
08A03
08A04
08A05
08A06
08A07
08A08
08A09
08B
08B01
08B02
08B03
08C
08C01
08C02
08C03
08C04
08C05
08C06
08C07
08D
08D01
08D02
08D03 Application recovery procedures and plans following incidents during operation
08D04 Backup of software configurations (system, applications and configuration parameters)
08D05
08D06
08D07
08D08
08D09
08D10
08E
08E01
08E02
08E03
08F
08F01
08F02
0
0
0
0
0
0
0
0
0
0
0
3.0
0
0
3.0
0
0
0
0
08G01
08G02
08H
08H01
08H02
08H03
0
0
0
0
0
09 Application security
09A
Application access control
09A01 Management of application data access profiles
09A02 Management of access authorizations to application data (granting, delegation, revocation)
09A03
09A04
09A05
09B
09B01
09B02
09B03
09B04
09B05
09C
09C01
09C02
09C03
09D
09D01
09D02
09E
09E01
09E02
09E03
09F
09F01
09F02
09F03
09G
09G01
09H
09H01
0
0
0
0
3.0
0
3
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
10B
10B01
10B02
10B03
10B04
10B05
10B06
0
0
0
0
0
Protection of workstations
0
0
11C04 Protection of the integrity of files stored on workstations or on data servers (logical disk for
workstations)
11D06 Anti virus (malware, unauthorized executable code, etc.) protection for user workstations.
11D07 Recovery Plans for the users' workstations
11D08 Access management to office data and files
0
0
0
0
11E
Control of administrative rights
11E01 Management of privileged access rights granted on user workstations (administrative rights)
11E02 Authentication and control of the access rights of administrators and operational personnel
11E03 Surveillance of system administrators' actions over the users' workstations
12 Telecommunications operations
12A
12A01
12A02
12A03
12A04
12A05
12A06
12B
12B01
12B02
12C
12C01
12C02
12E02 Authentication and control of the access rights of administrators and operational personnel
12E03 Surveillance of system administrators' actions over the equipments and systems
13 Management processes
13A
0
0
0
13C
13C01
13C02
13C03
13C04
13C05
13D
13D01
13D02
13D03
13D04
13E
13E01
13E02
13E03
13E04
13F
13F01
13F02
13F03
13F04
13G
13G01
13G02
13G03
14D
14D01
14D02
14D03
14D04
14E
14E01
14E02
14E03
14E04
14E05
14E06
S02-A
S04-A
S05-A
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
C06-E
C05-E
C04-E
C03-E
C02-E
C01-E
S01-C
S05-I
S04-I
S02-I
S01-I
R02-I
R01-I
G02-I
S03-A
S01-A
G02-A
G01-A
D10-C
D09-C
D08-C
D07-C
D06-C
D05-C
D04-C
R02-A
0
0
0
0
R01-A
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Projects :
Each cell should mention the level of quality (up to 4) expected for the service w
line 4, giving the target date "yy (year), space, mm (month)" (for example 12 06
DOMAINS
01 Organization of security
01A
01A01
01A02
01A03
01A04
01A05
01B
01B01
01B02
01B03
01B04
01B05
01C
01C01
01C02
01C03
01C04
01C05
01C06
01D
01D01
01D02
01D03
01D04
01D05
01E
01E01
01E02
Need
SUB-SERVICES
10 01
P6
P5
P4
P3
P1
SERVICES
P2
Objectives
target date:
02 Sites security
02A
Physical access control to the site and the building
02A01 Management of access rights to the site or building
02A02
02A03
02A04
02A05
02B
02B01
02C
02C01
02C02
02C03
02C04
02C05
02C06
02D
02D01
02D02
02D03
02D04
02D05
02D06
02D07
03 Security of Premises
03A
03A01
03A02
03A03
03A04
03A05
03A06
03B
03B01
03B02
03B03
03B04
03B05
03B06
03B07
03B08
03C
03C01
03C02
General Maintenance
Quality of energy supply
Continuity of energy supply
Air conditioning security
Quality of cabling
Lightning protection
Dependability of service equipment
Control of access to sensitive locations (other than office zones)
Access rights management to sensitive locations
Management of access authorizations granted to sensitive locations
Access control to sensitive locations
Intruder detection in sensitive locations
Perimeter monitoring (surveillance of entry points and surroundings of sensitive locations)
Surveillance of sensitive locations
Cabling access control
Location of sensible premises.
Security against water damage
Prevention of risk of water damage
Detection of water damage
03C03
03D
03D01
03D02
03D03
Water evacuation
Fire security
Fire risk prevention
Fire detection
Fire extinguishing
04C
04C01
04C02
04D
04D01
04D02
04D03
05B08
05B09
05C
05C01
05C02
05C03
05C04
05D
05D01
05D02
05D03
06 Network operations
06A
Security of operations procedures
06A01 Security in the relationship with operational personnel (employees, suppliers or service providers)
06A02 Control of the implementation or upgrade of software or hardware
06A03 Control of maintenance operations
06A04 Control of Remote Maintenance
06A05 Management of Operating Procedures for Network Operation
06A06 Management of service providers relating to networks
06A07 Taking into account the confidentiality during maintenance operations on network equipment.
06A08 Contract Management of Network Services
06B
06B01
06B02
06C
06C01
06C02
06C03
06C04
06D
06D01
06D02
07C02
07D
07D01
07D02
08 IT Production environment
08A
Security of operational procedures
08A01 Consideration of security in relation with operational personnel (permanent and temporary staff)
08A02
08A03
08A04
08A05
08A06
08A07
08A08
08A09
08B
08B01
08B02
08B03
08C
08C01
08C02
08C03
08C04
08C05
08C06
08C07
08D
08D01
08D02
08D03 Application recovery procedures and plans following incidents during operation
08D04 Backup of software configurations (system, applications and configuration parameters)
08D05
08D06
08D07
08D08
08D09
08D10
08E
Management and handling of incidents
08E01 Online detection and treatment of IT related abnormal events and incidents
08E02 Offline management of traces, logs and event journals
09 Application security
09A
Application access control
09A01 Management of application data access profiles
09A02 Management of access authorizations to application data (granting, delegation, revocation)
09A03
09A04
09A05
09B
09B01
09B02
09B03
09B04
09B05
09C
09C01
09C02
09C03
09D
09D01
09D02
09E
09E01
09E02
09E03
09F
09F01
09F02
09F03
09G
09G01
09H
09H01
Protection of workstations
12 Telecommunications operations
12A
12A01
12A02
12A03
12A04
12A05
12A06
12B
12B01
12B02
12C
12C01
12C02
12E02 Authentication and control of the access rights of administrators and operational personnel
12E03 Surveillance of system administrators' actions over the equipments and systems
13 Management processes
13A
13C01
13C02
13C03
13C04
13C05
13D
13D01
13D02
13D03
13D04
13E
13E01
13E02
13E03
13E04
13F
13F01
13F02
13F03
13F04
13G
13G01
13G02
13G03
14B02
14B03
14B04
14B05
14C
14C01
14C02
14C03
14D
14D01
14D02
14D03
14D04
14E
14E01
14E02
14E03
14E04
14E05
14E06
Type of damage
Type of vulnerability
Criteria
AICE
Code
Alteration
Failure
A and I
A
Cfl.alt
Cfl.bug
Disclosure of software
Cfl.dif
Erasure
Unauthorized use
Pollution
Lock
Loss
Destruction
Failure
Not operable
Unavailability
Destruction
Loss
Exchange
Not operable
Unavailability
A
I
I
A
A
A
A
A
A
A
A
I
A
I
Cfl.eff
Cfl.lic
Cfl.pol
Cpt.blo
Cpt.dis
Eq.des
Eq.hs
Eq.mo
Loc.ina
Med.des
Med.dis
Med.ech
Med.ine
Ser.hs
Loss
Alteration
Disclosure
A
I
C
Cle.dis
Dtr.alt
Dtr.div
Loss
A and C
Dtr.per
Alteration
Disclosure
Erasure
Pollution
Destruction
I
C
A
A
A
Fic.alt
Fic.dif
Fic.eff
Fic.pol
Med.des
Loss
A and C
Med.dis
Duplication
A and C
Med.dup
Exchange
A and C
Med.ech
Unavailability
Med.ine
Category: Service
Software Configuration
Category: data
means to access data
Inefficiency
Possibility that procedures observed be inefficient (towards laws, regulations or contractual commitments)
Pro.inf
Selection
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
Comments
341702815.xls ! Seriousness
2
3
4
Likelihood
651
Dcembre 2006
II = 2
II = 3
II = 4
C 4
C 4
C 4
C 4
O 3
O 3
O 3
O 3
N 2
N 2
N 2
N 2
F 1
F 1
F 1
F 1
nc
nc
nc
nc
II = 2
II = 3
II = 4
C 4
C 4
C 4
C 4
O 3
O 3
O 3
O 3
N 2
N 2
N 2
N 2
F 1
F 1
F 1
F 1
nc
nc
nc
nc
II = 2
II = 3
II = 4
C 4
C 4
C 4
C 4
O 3
O 3
O 3
O 3
N 2
N 2
N 2
N 2
F 1
F 1
F 1
F 1
nc
nc
nc
nc
1
P
1
A
1
A
1
A
341702815.xls ! IP_Grids
II = 2
II = 3
II = 4
652
Dcembre 2006
C 4
O 3
N 2
F 1
C 4
O 3
N 2
F 1
1
1
P
2
A
3
L
341702815.xls ! IP_Grids
4
L
C 4
C 4
O 3
O 3
N 2
N 2
F 1
F 1
1
P
2
A
3
L
4
L
1
P
2
A
3
L
4
L
1
P
653
2
A
3
L
4
L
Dcembre 2006
E X P O = 2
E X P O = 3
E X P O = 4
E X P O = 2
E X P O = 3
E X P O = 4
E X P O = 2
E X P O = 3
E X P O = 4
341702815.xls ! IP_Grids
654
Dcembre 2006