Systems Development and Maintenance:

Systems Development and Maintenance

ISO 17799 defines Systems Development and Maintenance objectives to ensure security is built into operational systems; prevent loss. modification or misuse of user data; protect the confidentiality, authenticity and integrity of information; ensure IT projects and support activities are conducted in a secure manner; and maintain the security of application system software and data. This section provides templates for Information Security standards that are required to comply with ISO Systems Development and Maintenance objectives and support the objectives established in the Asset Protection Policy and Asset Management Policy.

1. Sample ISO Life Cycle Management Standard

The Life Cycle Management Standard is required to comply with ISO Systems Development and Maintenance objectives and builds on the objectives established in the Asset Management Policy by providing specific requirements and instructions for life cycle management of information systems, including hardware and software.

2. Sample ISO Configuration Management Standard

The Configuration Management Standard is required to comply with ISO Systems Development and Maintenance objectives and builds on the objectives established in the Asset Management Policy by providing specific instructions and requirements for establishing and maintaining baseline protection standards for Company network devices, servers, and desktops.

3. Sample ISO Change Control Standard

The Change Control Standard is required to comply with ISO Systems Development and Maintenance objectives and builds on the objectives established in the Asset Management Policy by providing specific instructions and requirements for following approved processes and procedures that ensure only authorized updates and changes are implemented in the production environment.

4. Sample ISO System Development Life Cycle Standard

The System Development Life Cycle Standard is required to comply with ISO Systems Development and Maintenance objectives and builds on the objectives established in the Asset Management Policy by providing specific instructions and requirements for the development of secure enterprise-wide systems.

5. Sample Technical Protection Standards

These technical standards are required to comply with ISO Systems Development and Maintenance objectives and provide detailed best practices for configuring and hardening various technologies in accordance with the Asset Protection Policy.

6. Sample ISO Access Control Standard

The Access Control Standard is required to comply with ISO Systems Development and Maintenance objectives and builds on the objectives established in the Asset Protection Policy by providing specific requirements and instructions for controlling access to information assets.

7. Sample ISO Availability Protection Standard

The Availability Protection Standard is required to comply with ISO Systems Development and Maintenance objectives and builds on the objectives established in the Asset Protection Policy by providing specific requirements for protecting the availability of information assets.

8. Sample ISO Integrity Protection Standard

The Integrity Protection Standard is required to comply with ISO Systems Development and Maintenance objectives and builds on the objectives established in the Asset Protection Policy by providing specific requirements for protecting the integrity of sensitive information.

9. Sample ISO Encryption Standard

The Encryption Standard is required to comply with ISO Systems Development and Maintenance objectives and builds on the objectives established in the Asset Protection Policy by providing specific requirements for encrypting sensitive information.

10. Sample ISO Anti-Virus Standard

This Anti-Virus Standard is required to comply with ISO Systems Development and Maintenance objectives and builds on the objectives established in the Asset Protection Policy by providing specific instructions and requirements for protecting information assets from viruses and malicious code.