Search results
Jump to navigation
Jump to search
Page title matches
- The objective of this category is to manage information security within the organization's overall administrative structure.<br> ===Management commitment to information security=== ...8 KB (996 words) - 12:49, 22 May 2007
- ==Security Controls Implementation== [[Personnel Security:]]<br> ...431 bytes (45 words) - 13:31, 10 April 2007
- ==Information Security Audit== ...rom auditing the physical security of data centers to the auditing logical security of databases and highlights key components to look for and different method ...21 KB (3,112 words) - 16:52, 15 June 2007
- ...ses primarily out of [[ISO/IEC 17799]], a code of practice for information security management published by the [[International Organization for Standardizatio ...pts. ISM3 can be used as a template to make ISO 9001 compliant information security management systems. While ISO 27001 is controls based, ISM3 is process base ...2 KB (257 words) - 17:09, 22 March 2007
- ==Sources of standards for Information Security== ...n Security Management System]]s" are of particular interest to information security professionals.<br> ...2 KB (287 words) - 14:29, 8 March 2007
- ==Sample Information Security Program Charter== ...tandards provide more measurable guidance in each policy area. Information Security procedures describe how to implement the standards. ...2 KB (316 words) - 15:19, 13 January 2014
- ==Sample Information Systems and Technology Security Policy== ...protection of the confidentiality, integrity, and availability of Company information assets. ...4 KB (465 words) - 15:46, 13 January 2014
- '''Sustainable Risk Reduction Through Information Security Process Awareness Test Template.'''<br> ...> to gauge and promote end-user awareness of managing risk with the use of security processes.<br> ...2 KB (305 words) - 17:31, 3 August 2006
- '''Sustainable Risk Reduction Through Information Security Process Awareness Test Template.'''<br> ...> to gauge and promote end-user awareness of managing risk with the use of security processes.<br> ...2 KB (309 words) - 17:34, 3 August 2006
Page text matches
- ==Organizational Security== ...ogram Charter and supporting policies that are required to comply with ISO Security Policy objectives.<br> ...2 KB (202 words) - 12:40, 15 June 2007
- :Pointers to informative books on information security.<br> :Frequently asked questions and answers about security-related topics.<br> ...1,015 bytes (132 words) - 14:09, 8 March 2007
- ==Federal information security incident center== ...— The Director shall ensure the operation of a central Federal information security incident center to—<br> ...1 KB (196 words) - 19:07, 3 June 2010
- ==Sources of standards for Information Security== ...n Security Management System]]s" are of particular interest to information security professionals.<br> ...2 KB (287 words) - 14:29, 8 March 2007
- ...ses primarily out of [[ISO/IEC 17799]], a code of practice for information security management published by the [[International Organization for Standardizatio ...pts. ISM3 can be used as a template to make ISO 9001 compliant information security management systems. While ISO 27001 is controls based, ISM3 is process base ...2 KB (257 words) - 17:09, 22 March 2007
- ...ework for ensuring the effectiveness of information security controls over information resources that support Federal operations and assets;<br> ...dination of information security efforts throughout the civilian, national security, and law enforcement communities;<br> ...1 KB (192 words) - 10:33, 1 June 2010
- ...ework for ensuring the effectiveness of information security controls over information resources that support Federal operations and assets;<br> ...dination of information security efforts throughout the civilian, national security, and law enforcement communities;<br> ...1 KB (192 words) - 10:36, 1 June 2010
- :'''Assign to an individual or team the following information security management responsibilities:'''<br> ...security policies and procedures to verify that the following information security responsibilities are specifically and formally assigned: ...2 KB (303 words) - 16:00, 2 March 2007
- =='''Information Security Research Resources'''== ...-leading published articles, research reports, and presentations from many security professionals. Topics include public key infrastructure (PKI), incident res ...978 bytes (124 words) - 00:00, 26 March 2007
- ...ded to create, implement, and maintain a risk management-based Information Security Program that complies with SOX Section 404.<br> ...andards) that are needed to create, implement, and maintain an Information Security Program that complies with SOX Section 404.<br> ...1 KB (204 words) - 13:03, 14 July 2006
- ==National security systems== The head of each agency operating or exercising control of a national security system shall be responsible for ensuring that the agency—<br> ...709 bytes (103 words) - 10:41, 2 June 2010
- ==National security systems== The head of each agency operating or exercising control of a national security system shall be responsible for ensuring that the agency—<br> ...709 bytes (103 words) - 21:02, 3 June 2010
- ==Sample Information Security Program Charter== ...tandards provide more measurable guidance in each policy area. Information Security procedures describe how to implement the standards. ...2 KB (316 words) - 15:19, 13 January 2014
- ==Sample Employee Ongoing Security Awareness Standard== ...and provides specific instructions and requirements for providing ongoing security awareness education and training for Company employees. ...2 KB (275 words) - 17:10, 23 January 2014
- :'''Assign to an individual or team the following information security management responsibilities:'''<br> ...security policies and procedures to verify that the following information security responsibilities are specifically and formally assigned: ...2 KB (293 words) - 15:59, 2 March 2007
- :'''Assign to an individual or team the following information security management responsibilities:'''<br> ...security policies and procedures to verify that the following information security responsibilities are specifically and formally assigned: ...2 KB (296 words) - 16:02, 2 March 2007
- ...sting templates containing questions that can be used to gauge and promote security awareness in specific areas. The testing can be distributed and responses c ...ity Best Practices and Addressing Regulatory Mandates Testing Template:|'''Security Best Practices and Addressing Regulatory Mandates test Template''']]<br> ...2 KB (289 words) - 16:08, 3 August 2006
- :'''Assign to an individual or team the following information security management responsibilities:'''<br> ...security policies and procedures to verify that the following information security responsibilities are specifically and formally assigned: ...2 KB (294 words) - 20:02, 2 March 2007
- :'''Assign to an individual or team the following information security management responsibilities:'''<br> ...security policies and procedures to verify that the following information security responsibilities are specifically and formally assigned: ...2 KB (293 words) - 16:04, 2 March 2007
- ...riate training of system users or owners where the systems house sensitive information. It has been superseded by the [[FISMA | Federal Information Security Management Act of 2002]] ...1 KB (168 words) - 11:37, 23 May 2010
- ...ific objectives required to create, implement, and maintain an Information Security Program that complies with HIPAA (Subpart C Sections 164.308, 164.310, 164. ...[[Sample_Information_Security_Program_Charter:|'''Sample HIPAA Information Security Program Charter''']]<br> ...5 KB (614 words) - 16:46, 25 July 2006
- ==Sample Information Systems and Technology Security Policy== ...protection of the confidentiality, integrity, and availability of Company information assets. ...4 KB (465 words) - 15:46, 13 January 2014
- ...ific objectives required to create, implement, and maintain an Information Security Program that complies with GLBA (Interagency Guidelines). Also, additional ...[[Sample Information Security Program Charter:|'''Sample GLBA Information Security Program Charter''']]<br> ...4 KB (535 words) - 16:51, 25 July 2006
- ...rticular technologies and specific solutions. This section provides sample security policies that an organization can clone and tailor to its unique requiremen :[[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']]<br> ...3 KB (404 words) - 14:53, 25 July 2006
- ==Sample Security Awareness Standard== ...ation of the [[Sample Information Security Program Charter:|'''Information Security Program Charter''']]. and associated policies, standards, guidelines, and p ...3 KB (418 words) - 19:53, 14 January 2014
- ...ontrols) that are needed to create, implement, and maintain an Information Security Program that complies with HIPAA.<br> ...andards) that are needed to create, implement, and maintain an Information Security Program that complies with HIPAA Subpart C Sections 164.308, 164.310, 164.3 ...2 KB (260 words) - 13:17, 15 June 2007
- ==Use of computer security consultants, EDP auditors, and computer professionals== ...ssional organization for security professionals is the Information Systems Security Association.[[FN36]] ...2 KB (298 words) - 15:17, 22 February 2009
- =='''Sample Management Security Awareness Standard'''== ...specific standards for the education and communication of the Information Security Program Charter and associated policies and standards.<br> ...5 KB (662 words) - 17:54, 25 July 2006
- :'''Ensure the security policy and procedures clearly define information security responsibilities for all employees and contractors.'''<br> ...4:''' Verify that information security policies clearly define information security responsibilities for both employees and contractors. ...2 KB (265 words) - 15:58, 2 March 2007
- '''DS 5.1 Management of IT Security'''<br> ...rity at the highest appropriate organizational level, so the management of security actions is in line with business requirements. ...3 KB (394 words) - 17:12, 22 March 2007
- ...c attention to communicating IT security awareness and the message that IT security is everyone’s responsibility.<br> ...f, information asset owners, etc.) are not informed of or trained in their security responsibilities.'''<br> ...3 KB (442 words) - 18:58, 1 May 2006
- '''Security Best Practices and Addressing Regulatory Mandates Awareness Testing Templat '''True or False: Security can be communicated, taught, or measured effectively without policy.'''<br> ...2 KB (318 words) - 16:08, 3 August 2006
- '''Security Best Practices and Addressing Regulatory Mandates Awareness Testing Templat '''True or False: Security can be communicated, taught, or measured effectively without policy.'''<br> ...2 KB (322 words) - 16:10, 3 August 2006
- ...[plaintext]] information '''RED Signals''' from those that carry encrypted information, or [[ciphertext]] '''BLACK signals'''.<br> *[[Security engineering]] ...1 KB (170 words) - 16:06, 14 June 2007
- '''DS 11.6 Security Requirements for Data Management '''<br> Establish arrangements to identify and apply security requirements applicable to the receipt, processing, physical storage and ou ...5 KB (649 words) - 18:23, 5 May 2006
- ...nd prioritization of any reported issue as an incident, service request or information request. Measure end users’ satisfaction with the quality of the service de ::'''1. Risk: Security incidents and incompliance with information security procedures may go overlooked and not addressed. ''' ...2 KB (340 words) - 17:40, 5 May 2006
- ...controls)that are needed to create, implement, and maintain an Information Security Program that complies with ISO 17799.<br> :*'''[[Security Policy:|'''Security Policy''']]<br> ...8 KB (1,023 words) - 17:25, 24 October 2006
- ...ation (HORSE) Project Wiki''' is evolving every day. There are information security practitioners adding content and providing guidance to the end user.<br> ...that one day this will be the most authoritative comprehensive information security wiki on the planet. ...2 KB (280 words) - 11:17, 30 November 2008
- ::'''1. Risk: Security incidents and incompliance with information security procedures may go overlooked and not addressed.''' ...d monitor security incidents and the extent of compliance with information security procedures. ...2 KB (303 words) - 17:36, 5 May 2006
- ...secured by the [http://safetynet-info.com SafetyNET] advanced information security suite of products available only from Lazarus Alliance.<br> '''Contact information:'''<br> ...876 bytes (127 words) - 14:51, 29 February 2008
- ==Information Technology Hardening== *[[Computer security]] ...1 KB (168 words) - 18:26, 14 June 2007
- ==Information Security Policy== ...is category is to provide management direction and support for information security in accordance with business requirements and all relevant laws, regulations ...8 KB (1,063 words) - 13:25, 23 May 2007
- ...andards) that are needed to create, implement, and maintain an Information Security Program that complies with GLBA.<br> ...andards) that are needed to create, implement, and maintain an Information Security Program that complies with GLBA. Additional best practices policies and sta ...2 KB (263 words) - 12:52, 14 July 2006
- ==SUB-CHAPTER I—FEDERAL INFORMATION POLICY== * [[44_USC_3503 | 3503. Office of Information and Regulatory Affairs]] ...2 KB (207 words) - 11:58, 23 May 2010
- ...cilities, technology, and user procedures) and ensure that the information security requirements are met by all components. The test data should be saved for a Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...5 KB (730 words) - 19:05, 17 April 2007
- '''DS 12.2 Physical Security Measures '''<br> ...ilities for monitoring and procedures for reporting and resolving physical security incidents need to be established. ...4 KB (517 words) - 18:12, 21 June 2006
- ...tion, Security Standards for the Protection of Electronic Protected Health Information, and General Administrative Requirements Including, Civil Money Penalties: ...400 bytes (47 words) - 13:15, 15 June 2007
- '''Sustainable Risk Reduction Through Information Security Process Awareness Test Template.'''<br> ...> to gauge and promote end-user awareness of managing risk with the use of security processes.<br> ...2 KB (305 words) - 17:31, 3 August 2006
- '''Sustainable Risk Reduction Through Information Security Process Awareness Test Template.'''<br> ...> to gauge and promote end-user awareness of managing risk with the use of security processes.<br> ...2 KB (309 words) - 17:34, 3 August 2006
- ==Laws and regulations governing Information Security== ...have also been included when they have a significant impact on information security. ...4 KB (556 words) - 14:03, 8 March 2007
- ...and responsibilities for all personnel in the organization in relation to information systems to allow sufficient authority to exercise the role and responsibili ...Security roles are not defined leading to an ineffective implementation of security responsibilities within the organization.'''<br> ...3 KB (427 words) - 17:58, 1 May 2006
- '''DS 5.6 Security Incident Definition'''<br> ...ent process. Characteristics include a description of what is considered a security incident and its impact level. A limited number of impact levels are define ...4 KB (548 words) - 14:21, 4 May 2006
- '''(a)''' The Director shall oversee agency information security policies and practices, by—<br> :'''(1)''' promulgating information security standards under section 11331 of title 40;<br> ...3 KB (414 words) - 11:45, 4 June 2010
- '''PO 4.8 Responsibility for Risk, Security and Compliance'''<br> ...es may need to be assigned at a system-specific level to deal with related security issues. Obtain direction from senior management on the appetite for IT risk ...3 KB (370 words) - 18:04, 1 May 2006
- ...1:|'''SOX.2.7.1''']] End-user computing policies and procedures concerning security, availability and processing integrity exist and are followed.<br> Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...3 KB (420 words) - 14:06, 8 August 2006
- ...of employment should stress the employee’s responsibility for information security, internal control and regulatory compliance. The level of supervision shoul Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...2 KB (329 words) - 19:26, 1 May 2006
- :'''Make all employees aware of the importance of cardholder information security:'''<br> :* Obtain security awareness program documentation and verify that it contains the following c ...2 KB (278 words) - 20:07, 2 March 2007
- ::'''1. Risk: Security incidents and incompliance with information security procedures may go overlooked and not addressed.'''<br> ...d monitor security incidents and the extent of compliance with information security procedures.<br> ...2 KB (327 words) - 13:18, 4 May 2006
- ==Physical and Environmental Security== ...es that prevent or deter attackers from accessing a facility, resource, or information stored on physical media. It can be as simple as a locked door or as elabor ...4 KB (592 words) - 19:28, 14 June 2007
- ..., known as '''DITSCAP''' ('''Department of Defense Information Technology Security Certification and Accreditation Process'''), in 2006. ...at will maintain the [[Information Assurance]] (IA) posture of the Defense Information Infrastructure (DII) throughout the [[Systems Development Life Cycle|system ...2 KB (229 words) - 10:14, 15 April 2012
- ::'''1. Risk: Security and business continuity risks are introduced by technical designs incompati ::'''2. Risk: IT security measures are not aligned with business requirements.''' ...3 KB (436 words) - 14:30, 4 May 2006
- Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> '''Supplemental Information:'''<br> ...3 KB (470 words) - 13:39, 6 March 2007
- ...SO/IEC 17799]], "Information Technology - Code of practice for information security management." in 2000. [[ISO/IEC 17799]] was then revised in June 2005 and ...ormation security management system]] (ISMS), referring to the information security management structure and controls identified in BS 7799-2, which later beca ...2 KB (249 words) - 10:56, 27 October 2012
- ::'''1. Risk: Security incidents and incompliance with information security procedures may go overlooked and not addressed.''' ...d monitor security incidents and the extent of compliance with information security procedures. ...2 KB (351 words) - 13:57, 4 May 2006
- '''DS 5.7 Protection of Security Technology '''<br> ...ow profile. However, do not make security of systems reliant on secrecy of security specifications. ...3 KB (377 words) - 18:52, 4 May 2006
- ...esting templates containing questions that can be used to gage and promote security awareness in specific areas. The tests may be distributed and responses can :[[Information Technology Auditor's Glossary:|'''Information Technology Auditor's Glossary''']]<br> ...1 KB (141 words) - 20:07, 13 June 2009
- ...mation technology - Security techniques - Code of practice for information security management''. The current standard is a revision of the version published i ...ining [[ISMS|Information Security Management Systems]] (ISMS). Information security is defined within the standard in the context of the [[CIA triad|C-I-A tria ...6 KB (847 words) - 16:57, 26 March 2007
- =='''Information Security Presentation Samples'''== ...anization can use and tailor these presentation samples to support ongoing security awareness and training efforts.<br> ...5 KB (653 words) - 12:45, 25 April 2007
- The objective of this category is to manage information security within the organization's overall administrative structure.<br> ===Management commitment to information security=== ...8 KB (996 words) - 12:49, 22 May 2007
- ...ver authorization, authentication, nonrepudiation, data classification and security monitoring may result in inaccurate financial reporting.''' :::a. [[SOX.2.0.17:|'''SOX.2.0.17''']] An information security policy exists and has been approved by an appropriate level of executive ma ...3 KB (351 words) - 16:49, 25 June 2006
- :'''Establish, publish, maintain, and disseminate a security policy that:'''<br> :* Read the information security policy, and verify the policy is published and disseminated to all relevant ...2 KB (296 words) - 14:47, 2 March 2007
- ...rticular technologies and specific solutions. This section provides sample security policies that an organization can clone and tailor to its unique requiremen ...rticular technologies and specific solutions. This section provides sample security standards that an organization can clone and tailor to its unique requireme ...4 KB (581 words) - 17:06, 30 December 2013
- ...op and maintain a risk response to ensure that cost-effective controls and security measures mitigate exposure to risks on a continuing basis. The risk respons Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...5 KB (738 words) - 20:24, 1 May 2006
- ::'''1. Risk: Information security and business requirements may be compromised. Inaccurate results are produc ...bility study through maintenance of the completed application. Verify that security, availability, and process integrity requirements are included.<br> ...3 KB (369 words) - 16:09, 21 June 2006
- ::'''1. Risk: Information security and business requirements may be compromised. Inaccurate results are produc ...bility study through maintenance of the completed application. Verify that security, availability, and process integrity requirements are included.<br> ...3 KB (368 words) - 11:58, 22 June 2006
- =='''Sample Security Awareness Accessibility Standard'''== ...f the [[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']] and associated policies and standards.<br> ...5 KB (728 words) - 14:07, 1 May 2010
- ::'''1. Risk: Security incidents and incompliance with information security procedures may go overlooked and not addressed.''' ...d monitor security incidents and the extent of compliance with information security procedures. ...3 KB (451 words) - 17:52, 5 May 2006
- ...riate level of protection. This section provides templates for Information Security standards that are required to comply with ISO Asset Classification and Con :1. [[Sample Information Classification Standard:|'''Sample ISO Information Classification Standard''']]<br> ...1 KB (159 words) - 17:08, 25 July 2006
- :'''Establish, publish, maintain, and disseminate a security policy that:'''<br> :* Read the information security policy, and verify the policy is published and disseminated to all relevant ...2 KB (294 words) - 14:46, 2 March 2007
- ...atal, Public Key Cryptography, in Comtemporary Crypt ology: The Science of Information Integrity 179, 199-202 (Gustavas Simmons ed. 1991); Schneier, supra note 18 ...363 bytes (43 words) - 12:40, 16 October 2014
- ...h agency shall have performed an independent evaluation of the information security program and practices of that agency to determine the effectiveness of such ...cies, procedures, and practices of a representative subset of the agency’s information systems;<br> ...4 KB (634 words) - 13:00, 4 June 2010
- Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> '''Supplemental Information:'''<br> ...2 KB (270 words) - 14:54, 5 May 2006
- ...h management and upgrade strategies, risks, vulnerabilities assessment and security requirements.<br> Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...6 KB (819 words) - 13:54, 23 June 2006
- ...h agency shall have performed an independent evaluation of the information security program and practices of that agency to determine the effectiveness of such ...cies, procedures, and practices of a representative subset of the agency’s information systems;<br> ...4 KB (682 words) - 19:17, 3 June 2010
- ...nsurance carriers. Coverage is increasingly available to cover risks from security breaches or denial of service attacks. Several insurance companies offer e '''When evaluating the need for insurance to cover information security threats, financial institutions should understand the following points:''' ...3 KB (469 words) - 13:30, 10 April 2007
- ...performed and appropriately approved (including account management and IT security). Obtain and examine documents associated with requirements analysis from t ...1:|'''SOX.2.7.1''']] End-user computing policies and procedures concerning security, availability and processing integrity exist and are followed.<br> ...4 KB (580 words) - 18:00, 23 June 2006
- ...is scheme includes details about data ownership, definition of appropriate security levels and protection controls, and a brief description of data retention a Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...3 KB (363 words) - 16:53, 9 April 2007
- ...ication]] and [[accreditation]] (C&A) of a DoD IS that will maintain the [[information assurance]] (IA) posture throughout the [[Systems Development Life Cycle|sy DIACAP is the result of a [[NSA]] directed shift in underlying security paradigm and succeeds its predecessor: [[DITSCAP]]. ...2 KB (322 words) - 10:16, 15 April 2012
- ...ort issues and upgrades, periodic review against business needs, risks and security requirements.<br> Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...6 KB (878 words) - 13:34, 23 June 2006
- =='''Sample Management Security Awareness Standard'''== ...f the [[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']] and associated policies and standards.<br> ...6 KB (752 words) - 14:02, 1 May 2010
- ...r Crime Legislation pp IS80-300-101 to 118, Datapro reports on Information Security (Delran NJ 1985). ...730 bytes (96 words) - 11:09, 26 February 2009
- Information Systems Security Association, 401 Michigan Ave, Chicago, IL 60611, (312) 644-6610. ...348 bytes (46 words) - 12:17, 28 February 2009
- ...ext of the system development life cycle and the organizational enterprise information technology architecture: :Categorize the information system and the information resident within that system based on impact. ...4 KB (528 words) - 16:58, 28 March 2010
- ...e system audit process. This section provides templates for an Information Security Program Charter and supporting policies that are required to comply with IS ==Compliance with organizational security policies and technical standards== ...6 KB (774 words) - 12:41, 25 May 2007
- ...he security service of message integrity which provides assurance that the information signed has not been altered. See Guideline 35 (authentication). ...205 bytes (26 words) - 12:28, 16 October 2014
- ...ts (NDA), escrow contracts, continued supplier viability, conformance with security requirements, alternative suppliers, penalties and rewards, etc.<br> ...service contracts address the risks, security controls and procedures for information systems and networks in the contract between the parties. .<br> ...7 KB (958 words) - 16:01, 25 June 2006
- ...be aimed at maximizing success of value delivery while minimizing risks to information assets through preventive measures, timely identification of irregularities Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...2 KB (331 words) - 18:47, 1 May 2006
- Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> '''Supplemental Information:'''<br> ...2 KB (338 words) - 19:03, 17 April 2007
- '''AI 2.4 Application Security and Availability'''<br> ...er include access rights and privilege management, protection of sensitive information at all stages, authentication and transaction integrity, and automatic reco ...3 KB (374 words) - 15:05, 3 May 2006
- ...1)''' The term '''information security''' means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification ...st improper information modification or destruction, and includes ensuring information non-repudiation and authenticity; ...2 KB (327 words) - 00:58, 1 June 2010