Access Control:

From HORSE - Holistic Operational Readiness Security Evaluation.
Revision as of 17:12, 25 July 2006 by Mdpeters (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Access Control

ISO 17799 defines Access Control objectives to control access to information; prevent unauthorized access to information systems; ensure the protection of networked services; prevent unauthorized computer access; detect unauthorized activities; and ensure information security when using mobile computing and tele-network facilities. This section provides templates for Information Security standards that are required to comply with ISO Access Control objectives and support the objectives established in the Asset Protection Policy, Acceptable Use Policy, and Threat Assessment and Monitoring Policy.

1. Sample ISO Access Control Standard
The Access Control Standard is required to comply with ISO Access Control objectives and builds on the objectives established in the Asset Protection Policy by providing specific requirements and instructions for controlling access to information assets.


2. Sample ISO Threat Monitoring Standard
The Threat Monitoring Standard is required to comply with ISO Access Control objectives and builds on the objectives established in the Threat Assessment and Monitoring Policy by providing specific requirements for periodically identifying, analyzing, and prioritizing threats to sensitive information. The Threat Monitoring Standard provides specific requirements for performing real-time intrusion detection monitoring and periodic intrusion detection analysis to detect threat and intrusion activity.


3. Sample ISO Auditing Standard
The Audit Standard required to comply with ISO Access Control objectives and builds on the objectives established in the Asset Protection Policy by providing specific auditing and logging requirements including activation, protection, retention, and storage.


4. Sample ISO Telecommunications Acceptable Use Standard
The Telecommunications Acceptable Use Standard is required to comply with ISO Access Control objectives and builds on the objectives established in the Acceptable Use Policy by providing specific instructions and requirements on the proper and appropriate business use of telecommunications resources.


Retrieved from "http://horseproject.wiki/index.php?title=Access_Control:&oldid=2398"