Systems Development and Maintenance:
Systems Development and Maintenance
ISO 17799 defines Systems Development and Maintenance objectives to ensure security is built into operational systems; prevent loss. modification or misuse of user data; protect the confidentiality, authenticity and integrity of information; ensure IT projects and support activities are conducted in a secure manner; and maintain the security of application system software and data. This section provides templates for Information Security standards that are required to comply with ISO Systems Development and Maintenance objectives and support the objectives established in the Asset Protection Policy and Asset Management Policy.
- 1. Sample ISO Life Cycle Management Standard
- The Life Cycle Management Standard is required to comply with ISO Systems Development and Maintenance objectives and builds on the objectives established in the Asset Management Policy by providing specific requirements and instructions for life cycle management of information systems, including hardware and software.
- 2. Sample ISO Configuration Management Standard
- The Configuration Management Standard is required to comply with ISO Systems Development and Maintenance objectives and builds on the objectives established in the Asset Management Policy by providing specific instructions and requirements for establishing and maintaining baseline protection standards for Company network devices, servers, and desktops.
- 3. Sample ISO Change Control Standard
- The Change Control Standard is required to comply with ISO Systems Development and Maintenance objectives and builds on the objectives established in the Asset Management Policy by providing specific instructions and requirements for following approved processes and procedures that ensure only authorized updates and changes are implemented in the production environment.
- 4. Sample ISO System Development Life Cycle Standard
- The System Development Life Cycle Standard is required to comply with ISO Systems Development and Maintenance objectives and builds on the objectives established in the Asset Management Policy by providing specific instructions and requirements for the development of secure enterprise-wide systems.
- 5. Sample Technical Protection Standards
- These technical standards are required to comply with ISO Systems Development and Maintenance objectives and provide detailed best practices for configuring and hardening various technologies in accordance with the Asset Protection Policy.
- 6. Sample ISO Access Control Standard
- The Access Control Standard is required to comply with ISO Systems Development and Maintenance objectives and builds on the objectives established in the Asset Protection Policy by providing specific requirements and instructions for controlling access to information assets.
- 7. Sample ISO Availability Protection Standard
- The Availability Protection Standard is required to comply with ISO Systems Development and Maintenance objectives and builds on the objectives established in the Asset Protection Policy by providing specific requirements for protecting the availability of information assets.
- 8. Sample ISO Integrity Protection Standard
- The Integrity Protection Standard is required to comply with ISO Systems Development and Maintenance objectives and builds on the objectives established in the Asset Protection Policy by providing specific requirements for protecting the integrity of sensitive information.
- 9. Sample ISO Encryption Standard
- The Encryption Standard is required to comply with ISO Systems Development and Maintenance objectives and builds on the objectives established in the Asset Protection Policy by providing specific requirements for encrypting sensitive information.
- 10. Sample ISO Anti-Virus Standard
- This Anti-Virus Standard is required to comply with ISO Systems Development and Maintenance objectives and builds on the objectives established in the Asset Protection Policy by providing specific instructions and requirements for protecting information assets from viruses and malicious code.