Beruflich Dokumente
Kultur Dokumente
Access Control Policy of systems Security requirements User Access Management Security requirements analysis and specification BusinessRegistration Management User Continuity systems Security in application Privilegeof validation Continuity Management Aspects Management Input data Business User Password Management Business continuityprocessing Control of internal management process Business authentication impact Review of user access rights analysis Message continuity and User Responsibilities Writingdata validation Output and implementing continuity plan Password continuity planning framework Business use controls Cryptographic Testing, maintaining and re- controls Unattended user cryptographicassessing business continuity Policy on use of equipment plan Network Access Control Encryption Policy on use of network services Digital Signatures Enforced path Non- repudiation services User management for external connections Key authentication Node Authentication Security of system files Remote of operational software Control diagnostic port protection Segregation in networks data Protection of system test Network connection protocols Access Control to program source library Network in development and support process Security routing control Security control procedures Change of network services Operating review of operating system changes Technical system access control Automatic review ofidentification Technical terminal operating system changes Terminal log-on and Trojan code Covert channels procedures User identification and authorisation Outsourced software development Password management system Use of system utilities Duress alarm to safeguard users Terminal time-out Limitation of connection time Application Access Control Information access restriction Sensitive system isolation Monitoring system access and use Event logging Monitoring system use Clock synchronisation Mobile computing and teleworking Mobile computing Teleworking
Compliance
Compliance with legal requirements Identification of applicable legislation Intellectual property rights (IPR) Safeguarding of organisational records Data protection and privacy of personal information Prevention of misuse of information processing facility Regulation of cryptographic controls Collection of evidence Reviews of Security Policy and technical compliance Compliance with security policy Technical compliance checking System audit considerations System audit controls Protection of system audit tools
Organisational Security
Information security infrastructure Management information security forum Information security coordination Allocation of information security responsibilities Authorisation process for information processing facilities Specialist information security advice Co- operation between organisations Indep endent review Personnel security of information security Security of third party access Security in job definition and Resourcing Identification of risks from third party access Including security in job responsibilities Security requirements in third party contracts Personnel screening and policy Outsourcing Confidentiality agreements Security requirements in outsourcing contracts Terms and conditions of employment User training Information security education and training Responding to security incidents and malfunctions Reporting security incidents Reporting security weaknesses Reporting software malfunctions Learning from incidents Disciplinary process
IT INFRASTRUCTURE
Software and hardware purchases Programming and script writing Pricing plan setup and configuration
Continuation of IT Infratrusture
Operation System and Database Security Computers, Switches and Routers Application Software Inventory Plans, Policies and procedures Existence of basic Application Security IT Security policy Procedure for assessing IT service delivery Internet and email usage policy Existence and compliance with SLA by vendors IT Organizational Structure Existence and compliance with SLA by Internal IT Governance, Strategic Plans and Budgeting Customers Incidence Management and reporting IT Inventory Controls
Procedure for IT assets movementIS security Awareness Information Dissemination Procedure for IT Purchases User profile and privileges in all application Physical and Environmental IT Controls Logical Access controls to all Application and Software Backup and Recovery Policies and procedures IT Contingency and Business Continuity Plan Access to LAN and WAN and Security Administration Procedure for protecting and monitoring the network from unauthorized access Procedure for modifying or making changes to system Application/Parameters Review of System Administration Controls
3.Personnel Security 4.Physical and Environmental Security 5.Compliance 1.Access Control 2.Asset Classification and Control 3.IT Infrastructure 1.Communication & Operational Management 2.Business Continuity Management
3.