Beruflich Dokumente
Kultur Dokumente
By: Joanna
IT SECURITY and
CONTROL
SECURITY
Merriam: Measures taken to guard
against crime, attack, sabotage.
CONTROL
Merriam: to direct the actions or
function of (something) : to cause
(something) to act or function in a
certain way.
IT SECURITY and
CONTROL
Informationsecurity INFOSEC
a practice
Defend information from unauthorized
access, recording, disruption, modification or
destruction.
CIA TRIAD
PRIVAC
Y
N
E
T
IS
S
N
CO CY
U
C
C
A
CY
A
R
TRUSTWORTHI
NESS
INDUSTRY STANDARDS
REGULATORY
REQUIREMENTS
2. Telephone Consumer
Protection Act
Before 8:00 am or After 9:00 pm
Must disclose information to the recipient
COMPANY
NAME
TELEPHONE NUMBER
Do-not-call registry
SCENARIO
INPUT
S
SCENARIO
RECEI
VE
T
U
P
IN
S
What POLICIES
should be in place
to secure record
of sales?
1. Physical Security
Physically protected from unauthorized access,
damage and interference by a defined security
perimeter with appropriate entry controls and
security barriers.
Security Guard
Badges
ID
2. PERSONAL
MANAGEMENT
2. PERSONAL
MANAGEMENT
Selection of the right type and number of persons
required to the organization
Proper orientation and introduction of
employees to the organization and their jobs
new
Suitable
training
facilities
for
better
job
performance and to prepare the man to accept the
challenge of higher job.
To give a good impression to the man who is
leaving the organisation.
Maintain good relationship with the employees
3. Access Management
4. Logging and
Monitoring
Systems, devices and applications must generate
usable and informative security audit and event
logs in order to effectively respond to potential
security incidents or faults which may affect
confidentiality, integrity or availability. Personnel
must be available to respond to security alerts on
a 24/7 basis and review critical logs on a daily
basis. Log information must be backed up and
retained.
5. System Backup
Adequate and appropriate backup of critical
systems and data must be in place to ensure
essential business information and software can
be recovered in the event of a critical failure or
natural disaster.
6. Vulnerability
Management
Anti-malware protection and critical systems will
be tested using scanning tools and penetration
testing in order to actively discover new
vulnerabilities. In order to minimize exposure to
security flaws, all systems and hardware must
follow a patch management process to ensure
software and operating systems are protected.
8. Software Development
Documented software development standards
must be maintained which include processes for
designing,
developing,
testing
and
implementation. Development standards must
include details on developing software using
security best practices in addition to testing for
common security vulnerabilities.
9. Incident Management
A
comprehensive
incident
handling
process must be in place to respond to
security breaches, fraud, faults and other
disruptions
to
business
processes,
contractual agreements, or privacy.
WHO CAN
ACCESS THE
DATA?
THANK YOU!