Communications and Operations Management:
Communications and Operations Management
ISO 17799 defines Communications and Operations Management objectives to ensure the correct and secure operation of information processing facilities; minimize the risk of systems failures; protect the integrity of software and information; maintain the integrity and availability of information processing and communication; ensure the safeguarding of information in networks and the protection of the supporting infrastructure; prevent damage to assets and interruptions to business activities; and prevent loss, modification or misuse of information exchanged between organizations. This section provides templates for Information Security standards that are required to comply with ISO Communications and Operations Management objectives and support the objectives established in the Asset Protection Policy, Asset Management Policy, Vulnerability Assessment and Management Policy, and Threat Assessment and Monitoring Policy.
- 1. Sample Technical Protection Standards
- These technical standards are required to comply with ISO Communications and Operations Management objectives and provide detailed best practices for configuring and hardening various technologies in accordance with the Asset Protection Policy.
- 2. Sample ISO Availability Protection Standard
- The Availability Protection Standard is required to comply with ISO Communications and Operations Management objectives and builds on the objectives established in the Asset Protection Policy by providing specific requirements for protecting the availability of information assets.
- 3. Sample ISO Integrity Protection Standard
- The Integrity Protection Standard is required to comply with ISO Communications and Operations Management objectives and builds on the objectives established in the Asset Protection Policy by providing specific requirements for protecting the integrity of sensitive information.
- 4. Sample ISO Encryption Standard
- The Encryption Standard is required to comply with ISO Communications and Operations Management objectives and builds on the objectives established in the Asset Protection Policy by providing specific requirements for encrypting sensitive information.
- 5. Sample ISO Information Handling Standard
- This Information Handling Standard is required to comply with ISO Communications and Operations Management objectives and builds on the objectives established in the Asset Protection Policy by providing specific instructions and requirements for handling information assets. These instructions address handling requirements for printed, electronically stored and electronically transmitted information.
- 6. Sample ISO Configuration Management Standard
- The Configuration Management Standard is required to comply with ISO Communications and Operations Management objectives and builds on the objectives established in the Asset Management Policy by providing specific instructions and requirements for establishing and maintaining baseline protection standards for Company network devices, servers, and desktops.
- 7. Sample ISO Change Control Standard
- The Change Control Standard is required to comply with ISO Communications and Operations Management objectives and builds on the objectives established in the Asset Management Policy by providing specific instructions and requirements for following approved processes and procedures that ensure only authorized updates and changes are implemented in the production environment.
- 8. Sample ISO Vulnerability Assessment Standard
- The Vulnerability Assessment Standard is required to comply with ISO Communications and Operations Management objectives and builds on the objectives established in the Vulnerability Assessment and Management Policy by providing specific instructions and requirements for assessing and prioritizing vulnerabilities.
- 9. Sample ISO Vulnerability Management Standard
- The Vulnerability Management Standard is required to comply with ISO Communications and Operations Management objectives and builds on the objectives established in the Vulnerability Assessment and Management Policy by providing specific instructions and requirements for "closed-loop" vulnerability management activities including vulnerability mitigation, information review and analysis, as well as metrics tracking and reporting.
- 10. Sample ISO Threat Assessment Standard
- The Threat Assessment Standard is required to comply with ISO Communications and Operations Management objectives and builds on the objectives established in the Threat Assessment and Monitoring Policy by providing specific requirements for periodically identifying, analyzing and prioritizing threats to information assets.
- 11. Sample ISO Incident Response Standard
- The Incident Response Standard is required to comply with ISO Communications and Operations Management objectives and builds on the objectives established in the Threat Assessment and Monitoring Policy by providing specific requirements for developing and exercising formal plans, and associated metrics, for responding to security incidents and intrusions.