Search results
Jump to navigation
Jump to search
Page title matches
- ==Personnel Security== ...rs grant legitimate users system access necessary to perform their duties; security personnel enforce access rights in accordance with institution standards. B ...10 KB (1,327 words) - 12:54, 10 April 2007
- ==Security Management== ...ITIL Security Management is based on the code of practice for information security management also known as ISO/IEC 17799. ...32 KB (4,804 words) - 14:10, 27 February 2009
- =='''Logical Security'''== ...n a computer network or a computer workstation. It is a subset of computer security.<br> ...7 KB (1,093 words) - 19:00, 5 March 2007
- ==Data Security== The primary objective of information security is to protect the confidentiality, integrity, and availability of the insti ...9 KB (1,246 words) - 18:20, 10 April 2007
- ==Information Security Policy== ...is category is to provide management direction and support for information security in accordance with business requirements and all relevant laws, regulations ...8 KB (1,063 words) - 13:25, 23 May 2007
- ...tackers are unlikely to find them. The technique stands in contrast with [[security by design]], although many real-world projects include elements of both str ...aphy was disturbing to the US government, which seems to have been using a security through obscurity analysis to support its opposition to such work. ...11 KB (1,798 words) - 14:44, 14 June 2007
- ...years of testing and debugging, and while they may provide a great deal of security, they typically have no way to guarantee that a new bug or exploit won't be ...ty through obscurity|rely on being secret]]. It is not mandatory, but good security usually means that everyone is allowed to know and understand the design, ' ...2 KB (343 words) - 18:39, 14 June 2007
- ==Organizational Security== ...ogram Charter and supporting policies that are required to comply with ISO Security Policy objectives.<br> ...2 KB (202 words) - 12:40, 15 June 2007
- ...report lock down''', a '''credit lock down''', a '''credit lock''' or a '''security freeze''', allows an individual to control how a U.S. consumer reporting ag * [http://www.consumersunion.org/campaigns/learn_more/003484indiv.html State Security Freeze Laws], ConsumerUnion.org ...4 KB (663 words) - 12:59, 12 November 2011
- ==Security Audit Guidance== For security audit guidance, please refer to [[Audit_Guidance_Examination_Procedures | A ...5 KB (665 words) - 14:40, 11 April 2007
- ==Physical and Environmental Security== '''Physical security''' describes measures that prevent or deter attackers from accessing a faci ...4 KB (592 words) - 19:28, 14 June 2007
- ==Information Security Audit== ...rom auditing the physical security of data centers to the auditing logical security of databases and highlights key components to look for and different method ...21 KB (3,112 words) - 16:52, 15 June 2007
- ==Security Controls Implementation== [[Personnel Security:]]<br> ...431 bytes (45 words) - 13:31, 10 April 2007
- The objective of this category is to manage information security within the organization's overall administrative structure.<br> ===Management commitment to information security=== ...8 KB (996 words) - 12:49, 22 May 2007
- ...e defined and documented in accordance with the organization's information security policy.<br> * Act in accordance with the organization's information security policy, including execution of processes or activities particular to the in ...10 KB (1,387 words) - 14:04, 22 May 2007
- ...ses primarily out of [[ISO/IEC 17799]], a code of practice for information security management published by the [[International Organization for Standardizatio ...pts. ISM3 can be used as a template to make ISO 9001 compliant information security management systems. While ISO 27001 is controls based, ISM3 is process base ...2 KB (257 words) - 17:09, 22 March 2007
- ==Sources of standards for Information Security== ...n Security Management System]]s" are of particular interest to information security professionals.<br> ...2 KB (287 words) - 14:29, 8 March 2007
- ==Sample Security Awareness Standard== ...ation of the [[Sample Information Security Program Charter:|'''Information Security Program Charter''']]. and associated policies, standards, guidelines, and p ...3 KB (418 words) - 19:53, 14 January 2014
- 2 KB (382 words) - 20:24, 27 February 2008
- ...security practices for such systems. It requires the creation of computer security plans, and the appropriate training of system users or owners where the sys It has been superseded by the [[FISMA | Federal Information Security Management Act of 2002]] ...1 KB (168 words) - 11:37, 23 May 2010
- As a career security practitioner and Chief Security Officer to several companies over the years, my significant responsibility ...focused on helping you understanding the core elements of a successful IT security risk management program for a commercial enterprise, the processes of calcu ...23 KB (3,630 words) - 10:19, 27 October 2012
- =='''Best Practices Security Incident Response Program Presentation'''== ::Information Security Staff ...2 KB (315 words) - 18:46, 25 September 2006
- ==Sample Information Security Program Charter== ...tandards provide more measurable guidance in each policy area. Information Security procedures describe how to implement the standards. ...2 KB (316 words) - 15:19, 13 January 2014
- =='''Sample Security Awareness Accessibility Standard'''== ...f the [[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']] and associated policies and standards.<br> ...5 KB (728 words) - 14:07, 1 May 2010
- =='''Sample Third Party Security Awareness Standard'''== ...f the [[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']] and associated policies and standards.<br> ...10 KB (1,206 words) - 14:05, 1 May 2010
- ==Sample Employee Ongoing Security Awareness Standard== ...and provides specific instructions and requirements for providing ongoing security awareness education and training for Company employees. ...2 KB (275 words) - 17:10, 23 January 2014
- =='''Sample Management Security Awareness Standard'''== ...specific standards for the education and communication of the Information Security Program Charter and associated policies and standards.<br> ...5 KB (662 words) - 17:54, 25 July 2006
- ...controls)that are needed to create, implement, and maintain an Information Security Program that complies with ISO 17799.<br> :*'''[[Security Policy:|'''Security Policy''']]<br> ...8 KB (1,023 words) - 17:25, 24 October 2006
- 4 KB (507 words) - 14:58, 21 January 2014
- Users' Security Handbook The Users' Security Handbook is the companion to the Site Security ...75 KB (10,622 words) - 14:38, 3 April 2007
- '''Security Best Practices and Addressing Regulatory Mandates Awareness Testing Templat '''True or False: Security can be communicated, taught, or measured effectively without policy.'''<br> ...2 KB (318 words) - 16:08, 3 August 2006
- ==Sample Information Systems and Technology Security Policy== This Information Systems and Technology Security Policy define Company objectives for establishing specific standards on the ...4 KB (465 words) - 15:46, 13 January 2014
- '''Sustainable Risk Reduction Through Information Security Process Awareness Test Template.'''<br> ...> to gauge and promote end-user awareness of managing risk with the use of security processes.<br> ...2 KB (305 words) - 17:31, 3 August 2006
- '''Security Best Practices and Addressing Regulatory Mandates Awareness Testing Templat '''True or False: Security can be communicated, taught, or measured effectively without policy.'''<br> ...2 KB (322 words) - 16:10, 3 August 2006
- '''Sustainable Risk Reduction Through Information Security Process Awareness Test Template.'''<br> ...> to gauge and promote end-user awareness of managing risk with the use of security processes.<br> ...2 KB (309 words) - 17:34, 3 August 2006
- ==Use of computer security consultants, EDP auditors, and computer professionals== ...ssional organization for security professionals is the Information Systems Security Association.[[FN36]] ...2 KB (298 words) - 15:17, 22 February 2009
Page text matches
- ==Security Controls Implementation== [[Personnel Security:]]<br> ...431 bytes (45 words) - 13:31, 10 April 2007
- ==Organizational Security== ...ogram Charter and supporting policies that are required to comply with ISO Security Policy objectives.<br> ...2 KB (202 words) - 12:40, 15 June 2007
- :Pointers to informative books on information security.<br> :Frequently asked questions and answers about security-related topics.<br> ...1,015 bytes (132 words) - 14:09, 8 March 2007
- ==Sample Employee Ongoing Security Awareness Standard== ...and provides specific instructions and requirements for providing ongoing security awareness education and training for Company employees. ...2 KB (275 words) - 17:10, 23 January 2014
- ==Federal information security incident center== ...— The Director shall ensure the operation of a central Federal information security incident center to—<br> ...1 KB (196 words) - 19:07, 3 June 2010
- =='''Information Security Research Resources'''== ...-leading published articles, research reports, and presentations from many security professionals. Topics include public key infrastructure (PKI), incident res ...978 bytes (124 words) - 00:00, 26 March 2007
- ==Sources of standards for Information Security== ...n Security Management System]]s" are of particular interest to information security professionals.<br> ...2 KB (287 words) - 14:29, 8 March 2007
- ...ver authorization, authentication, nonrepudiation, data classification and security monitoring may result in inaccurate financial reporting.''' ...security standards has been developed that supports the objectives of the security policy. ...3 KB (360 words) - 16:59, 25 June 2006
- ...ses primarily out of [[ISO/IEC 17799]], a code of practice for information security management published by the [[International Organization for Standardizatio ...pts. ISM3 can be used as a template to make ISO 9001 compliant information security management systems. While ISO 27001 is controls based, ISM3 is process base ...2 KB (257 words) - 17:09, 22 March 2007
- ==National security systems== The head of each agency operating or exercising control of a national security system shall be responsible for ensuring that the agency—<br> ...709 bytes (103 words) - 10:41, 2 June 2010
- ==National security systems== The head of each agency operating or exercising control of a national security system shall be responsible for ensuring that the agency—<br> ...709 bytes (103 words) - 21:02, 3 June 2010
- *[[Computer security]] *[[Computer network security]] ...1 KB (168 words) - 18:26, 14 June 2007
- :'''Assign to an individual or team the following information security management responsibilities:'''<br> ...security policies and procedures to verify that the following information security responsibilities are specifically and formally assigned: ...2 KB (303 words) - 16:00, 2 March 2007
- ...sting templates containing questions that can be used to gauge and promote security awareness in specific areas. The testing can be distributed and responses c ...ity Best Practices and Addressing Regulatory Mandates Testing Template:|'''Security Best Practices and Addressing Regulatory Mandates test Template''']]<br> ...2 KB (289 words) - 16:08, 3 August 2006
- :'''Assign to an individual or team the following information security management responsibilities:'''<br> ...security policies and procedures to verify that the following information security responsibilities are specifically and formally assigned: ...2 KB (293 words) - 15:59, 2 March 2007
- :'''Assign to an individual or team the following information security management responsibilities:'''<br> ...security policies and procedures to verify that the following information security responsibilities are specifically and formally assigned: ...2 KB (296 words) - 16:02, 2 March 2007
- ...ver authorization, authentication, nonrepudiation, data classification and security monitoring may result in inaccurate financial reporting.''' ...curity plan is updated to reflect changes in the IT environment as well as security requirements of specific systems. ...2 KB (317 words) - 17:15, 25 June 2006
- ...ate and distinct security service of confidentiality is not central to the security services of signer authentication and document authentication, and is thus ...480 bytes (67 words) - 15:47, 3 April 2007
- ...de a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support Federal operations and ass ...dination of information security efforts throughout the civilian, national security, and law enforcement communities;<br> ...1 KB (192 words) - 10:33, 1 June 2010
- ...de a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support Federal operations and ass ...dination of information security efforts throughout the civilian, national security, and law enforcement communities;<br> ...1 KB (192 words) - 10:36, 1 June 2010
- ==Use of computer security consultants, EDP auditors, and computer professionals== ...ssional organization for security professionals is the Information Systems Security Association.[[FN36]] ...2 KB (298 words) - 15:17, 22 February 2009
- '''10. Risk: Reactive security monitoring results in data compromise and financial loss or liability.'''<b :a. SOX.4.2.1.10: UNIX administration team is notified when security violations occur.<br> ...3 KB (421 words) - 20:20, 12 June 2006
- ...ded to create, implement, and maintain a risk management-based Information Security Program that complies with SOX Section 404.<br> ...andards) that are needed to create, implement, and maintain an Information Security Program that complies with SOX Section 404.<br> ...1 KB (204 words) - 13:03, 14 July 2006
- ==Sample Security Awareness Standard== ...ation of the [[Sample Information Security Program Charter:|'''Information Security Program Charter''']]. and associated policies, standards, guidelines, and p ...3 KB (418 words) - 19:53, 14 January 2014
- :'''Assign to an individual or team the following information security management responsibilities:'''<br> ...security policies and procedures to verify that the following information security responsibilities are specifically and formally assigned: ...2 KB (294 words) - 20:02, 2 March 2007
- ...tion in a Public World 48-56 (1995) (hereinafter "Kaufman, et al., Network Security"). ...230 bytes (29 words) - 12:38, 16 October 2014
- ==Sample Information Security Program Charter== ...tandards provide more measurable guidance in each policy area. Information Security procedures describe how to implement the standards. ...2 KB (316 words) - 15:19, 13 January 2014
- :'''Assign to an individual or team the following information security management responsibilities:'''<br> ...security policies and procedures to verify that the following information security responsibilities are specifically and formally assigned: ...2 KB (293 words) - 16:04, 2 March 2007
- ...licies and procedures and determine that they include procedures to review security logs at least daily, and that follow-up to exceptions is required. ...380 bytes (54 words) - 15:24, 21 February 2007
- ...security practices for such systems. It requires the creation of computer security plans, and the appropriate training of system users or owners where the sys It has been superseded by the [[FISMA | Federal Information Security Management Act of 2002]] ...1 KB (168 words) - 11:37, 23 May 2010
- ...ver authorization, authentication, nonrepudiation, data classification and security monitoring may result in inaccurate financial reporting.''' ...and logs security activity at the application and database, and identified security violations are reported to senior management. ...2 KB (321 words) - 18:06, 25 June 2006
- ...years of testing and debugging, and while they may provide a great deal of security, they typically have no way to guarantee that a new bug or exploit won't be ...ty through obscurity|rely on being secret]]. It is not mandatory, but good security usually means that everyone is allowed to know and understand the design, ' ...2 KB (343 words) - 18:39, 14 June 2007
- ...ver authorization, authentication, nonrepudiation, data classification and security monitoring may result in inaccurate financial reporting.''' :::a. [[SOX.2.0.17:|'''SOX.2.0.17''']] An information security policy exists and has been approved by an appropriate level of executive ma ...3 KB (351 words) - 16:49, 25 June 2006
- *[[Security engineering]] [[Category:Security]] ...1 KB (170 words) - 16:06, 14 June 2007
- '''DS 5.1 Management of IT Security'''<br> ...rity at the highest appropriate organizational level, so the management of security actions is in line with business requirements. ...3 KB (394 words) - 17:12, 22 March 2007
- =='''Sample Management Security Awareness Standard'''== ...specific standards for the education and communication of the Information Security Program Charter and associated policies and standards.<br> ...5 KB (662 words) - 17:54, 25 July 2006
- ...c attention to communicating IT security awareness and the message that IT security is everyone’s responsibility.<br> ...f, information asset owners, etc.) are not informed of or trained in their security responsibilities.'''<br> ...3 KB (442 words) - 18:58, 1 May 2006
- :'''Ensure the security policy and procedures clearly define information security responsibilities for all employees and contractors.'''<br> ...4:''' Verify that information security policies clearly define information security responsibilities for both employees and contractors. ...2 KB (265 words) - 15:58, 2 March 2007
- ...ific objectives required to create, implement, and maintain an Information Security Program that complies with HIPAA (Subpart C Sections 164.308, 164.310, 164. ...[[Sample_Information_Security_Program_Charter:|'''Sample HIPAA Information Security Program Charter''']]<br> ...5 KB (614 words) - 16:46, 25 July 2006
- ...ific objectives required to create, implement, and maintain an Information Security Program that complies with GLBA (Interagency Guidelines). Also, additional ...[[Sample Information Security Program Charter:|'''Sample GLBA Information Security Program Charter''']]<br> ...4 KB (535 words) - 16:51, 25 July 2006
- ==Sample Information Systems and Technology Security Policy== This Information Systems and Technology Security Policy define Company objectives for establishing specific standards on the ...4 KB (465 words) - 15:46, 13 January 2014
- ...rticular technologies and specific solutions. This section provides sample security policies that an organization can clone and tailor to its unique requiremen :[[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']]<br> ...3 KB (404 words) - 14:53, 25 July 2006
- '''DS 5.7 Protection of Security Technology '''<br> ...ow profile. However, do not make security of systems reliant on secrecy of security specifications. ...3 KB (377 words) - 18:52, 4 May 2006
- ...otification message produced by the system being tested to verify that the security administrators are being proactively notified of possible access violations ...be a monitoring background process that sends an electronic message to the security administrative group automatically when root access occurs. The email messa ...3 KB (422 words) - 00:09, 13 June 2006
- '''DS 12.2 Physical Security Measures '''<br> ...ilities for monitoring and procedures for reporting and resolving physical security incidents need to be established. ...4 KB (517 words) - 18:12, 21 June 2006
- =='''Information Security Presentation Samples'''== ...anization can use and tailor these presentation samples to support ongoing security awareness and training efforts.<br> ...5 KB (653 words) - 12:45, 25 April 2007
- '''Security Best Practices and Addressing Regulatory Mandates Awareness Testing Templat '''True or False: Security can be communicated, taught, or measured effectively without policy.'''<br> ...2 KB (318 words) - 16:08, 3 August 2006
- '''Security Best Practices and Addressing Regulatory Mandates Awareness Testing Templat '''True or False: Security can be communicated, taught, or measured effectively without policy.'''<br> ...2 KB (322 words) - 16:10, 3 August 2006
- ...ontrols) that are needed to create, implement, and maintain an Information Security Program that complies with HIPAA.<br> ...andards) that are needed to create, implement, and maintain an Information Security Program that complies with HIPAA Subpart C Sections 164.308, 164.310, 164.3 ...2 KB (260 words) - 13:17, 15 June 2007
- ==Physical and Environmental Security== '''Physical security''' describes measures that prevent or deter attackers from accessing a faci ...4 KB (592 words) - 19:28, 14 June 2007
- ...ation (HORSE) Project Wiki''' is evolving every day. There are information security practitioners adding content and providing guidance to the end user.<br> ...that one day this will be the most authoritative comprehensive information security wiki on the planet. ...2 KB (280 words) - 11:17, 30 November 2008
- ...ist of security patches installed on each system to the most recent vendor security patch list, to determine that current vendor patches are installed.<br> ...ch installation to determine they require installation of all relevant new security patches within 30 days.<br> ...2 KB (295 words) - 18:20, 28 February 2007
- ...Security roles are not defined leading to an ineffective implementation of security responsibilities within the organization.'''<br> :::a. SOX.2.7.3: Roles of the security organization and individuals within it are clearly defined and communicated ...3 KB (427 words) - 17:58, 1 May 2006
- ...4. Computer Communications Security 75-84 (1994); Kaufman, et al., Network Security, supra note 22, at 101-27; Nechvatal, Public Key Cryptography, in Comtempor ...363 bytes (43 words) - 12:40, 16 October 2014
- '''DS 5.6 Security Incident Definition'''<br> ...ent process. Characteristics include a description of what is considered a security incident and its impact level. A limited number of impact levels are define ...4 KB (548 words) - 14:21, 4 May 2006
- ...1:|'''SOX.2.7.1''']] End-user computing policies and procedures concerning security, availability and processing integrity exist and are followed.<br> ITIL Security Management, Security Management Measures.<br> ...3 KB (420 words) - 14:06, 8 August 2006
- ::'''1. Risk: Security incidents and incompliance with information security procedures may go overlooked and not addressed.''' ...d monitor security incidents and the extent of compliance with information security procedures. ...2 KB (303 words) - 17:36, 5 May 2006
- ::'''1. Risk: Information security and business requirements may be compromised. Inaccurate results are produc ...bility study through maintenance of the completed application. Verify that security, availability, and process integrity requirements are included.<br> ...3 KB (369 words) - 16:09, 21 June 2006
- ::'''1. Risk: Information security and business requirements may be compromised. Inaccurate results are produc ...bility study through maintenance of the completed application. Verify that security, availability, and process integrity requirements are included.<br> ...3 KB (368 words) - 11:58, 22 June 2006
- ...controls)that are needed to create, implement, and maintain an Information Security Program that complies with ISO 17799.<br> :*'''[[Security Policy:|'''Security Policy''']]<br> ...8 KB (1,023 words) - 17:25, 24 October 2006
- ...nsurance carriers. Coverage is increasingly available to cover risks from security breaches or denial of service attacks. Several insurance companies offer e '''When evaluating the need for insurance to cover information security threats, financial institutions should understand the following points:''' ...3 KB (469 words) - 13:30, 10 April 2007
- '''DS 11.6 Security Requirements for Data Management '''<br> Establish arrangements to identify and apply security requirements applicable to the receipt, processing, physical storage and ou ...5 KB (649 words) - 18:23, 5 May 2006
- ==Information Security Policy== ...is category is to provide management direction and support for information security in accordance with business requirements and all relevant laws, regulations ...8 KB (1,063 words) - 13:25, 23 May 2007
- '''PO 4.8 Responsibility for Risk, Security and Compliance'''<br> ...es may need to be assigned at a system-specific level to deal with related security issues. Obtain direction from senior management on the appetite for IT risk ...3 KB (370 words) - 18:04, 1 May 2006
- ::'''1. Risk: Security and business continuity risks are introduced by technical designs incompati ::'''2. Risk: IT security measures are not aligned with business requirements.''' ...3 KB (436 words) - 14:30, 4 May 2006
- '''Sustainable Risk Reduction Through Information Security Process Awareness Test Template.'''<br> ...> to gauge and promote end-user awareness of managing risk with the use of security processes.<br> ...2 KB (305 words) - 17:31, 3 August 2006
- '''Sustainable Risk Reduction Through Information Security Process Awareness Test Template.'''<br> ...> to gauge and promote end-user awareness of managing risk with the use of security processes.<br> ...2 KB (309 words) - 17:34, 3 August 2006
- =='''Best Practices Security Incident Response Program Presentation'''== ::Information Security Staff ...2 KB (315 words) - 18:46, 25 September 2006
- :'''Make all employees aware of the importance of cardholder information security:'''<br> :* Obtain security awareness program documentation and verify that it contains the following c ...2 KB (278 words) - 20:07, 2 March 2007
- ==Laws and regulations governing Information Security== ...have also been included when they have a significant impact on information security. ...4 KB (556 words) - 14:03, 8 March 2007
- ...r Crime Legislation pp IS80-300-101 to 118, Datapro reports on Information Security (Delran NJ 1985). ...730 bytes (96 words) - 11:09, 26 February 2009
- ITIL Security Management, Security Management Measures<br> ITIL 4.2 Implement Security Management, Security Management Measures<br> ...2 KB (270 words) - 14:54, 5 May 2006
- ::'''1. Risk: Security incidents and incompliance with information security procedures may go overlooked and not addressed. ''' ...d monitor security incidents and the extent of compliance with information security procedures. ...2 KB (340 words) - 17:40, 5 May 2006
- ...andards) that are needed to create, implement, and maintain an Information Security Program that complies with GLBA.<br> ...andards) that are needed to create, implement, and maintain an Information Security Program that complies with GLBA. Additional best practices policies and sta ...2 KB (263 words) - 12:52, 14 July 2006
- ===Security Level=== '''QSECURITY''' value is: 40, Default value is: 10, System security level. It is recommended that a level of no less than 30 be used.<br> ...3 KB (363 words) - 11:45, 29 August 2006
- ...on of managers, users, administrators, application designers, auditors and security staff, and specialist skills in areas such as insurance and risk management ...3 KB (470 words) - 13:39, 6 March 2007
- ==SUB-CHAPTER II—INFORMATION SECURITY== * [[44_USC_3536 | 3536. National security systems]] ...2 KB (207 words) - 11:58, 23 May 2010
- ...parties with access to cardholder data to adhere to payment card industry security requirements. At a minimum, the agreement should address:'''<br> ...e that receive data for fraud modeling purposes). Verify that the PCI Data Security Standard requirements relevant to the business relationship between the org ...3 KB (348 words) - 14:41, 2 March 2007
- :'''Establish, publish, maintain, and disseminate a security policy that:'''<br> :* Read the information security policy, and verify the policy is published and disseminated to all relevant ...2 KB (296 words) - 14:47, 2 March 2007
- ...cilities, technology, and user procedures) and ensure that the information security requirements are met by all components. The test data should be saved for a ISO 17799 12.1 Security requirements of information systems.<br> ...5 KB (730 words) - 19:05, 17 April 2007
- ::'''1. Risk: Security incidents and incompliance with information security procedures may go overlooked and not addressed.''' ...d monitor security incidents and the extent of compliance with information security procedures. ...3 KB (451 words) - 17:52, 5 May 2006
- ...eged access to systems. Many of these vulnerabilities are fixed via vendor security patches, and all systems should have current software patches to protect ag ...re that all system components and software have the latest vendor-supplied security patches.'''<br> ...4 KB (578 words) - 18:46, 28 February 2007
- '''(a)''' The Director shall oversee agency information security policies and practices, by—<br> :'''(1)''' promulgating information security standards under section 11331 of title 40;<br> ...3 KB (414 words) - 11:45, 4 June 2010
- :'''Establish, publish, maintain, and disseminate a security policy that:'''<br> :* Read the information security policy, and verify the policy is published and disseminated to all relevant ...2 KB (294 words) - 14:46, 2 March 2007
- :'''Establish a process to identify newly discovered security vulnerabilities (e.g., subscribe to alert services freely available on the ...rabilities, and verify that the process includes using outside sources for security vulnerability information and updating the system configuration standards r ...2 KB (303 words) - 18:22, 28 February 2007
- ::'''1. Risk: Security incidents and incompliance with information security procedures may go overlooked and not addressed.''' ...d monitor security incidents and the extent of compliance with information security procedures. ...2 KB (351 words) - 13:57, 4 May 2006
- =='''Sample Security Awareness Accessibility Standard'''== ...f the [[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']] and associated policies and standards.<br> ...5 KB (728 words) - 14:07, 1 May 2010
- ...s and or security managers to determine that they have knowledge of common security parameter settings for their operating systems, database servers, Web serve :::'''PCI-2.2.3 B:''' Verify that common security parameter settings are included in the system configuration standards.<br> ...3 KB (366 words) - 13:52, 28 February 2007
- ...ents at least daily. Log reviews should include those servers that perform security functions like IDS and authentication (AAA) servers.'''<br> ...licies and procedures and determine that they include procedures to review security logs at least daily, and that follow-up to exceptions is required. ...2 KB (304 words) - 21:08, 2 March 2007
- '''4. Risk: Insufficient security standards may allow unauthorized access to production systems and business '''6. Risk: Reactive security monitoring results in data compromise and financial loss or liability.'''<b ...6 KB (729 words) - 13:40, 23 June 2006
- ...SO/IEC 17799]], "Information Technology - Code of practice for information security management." in 2000. [[ISO/IEC 17799]] was then revised in June 2005 and ...ormation security management system]] (ISMS), referring to the information security management structure and controls identified in BS 7799-2, which later beca ...2 KB (249 words) - 10:56, 27 October 2012
- ...of employment should stress the employee’s responsibility for information security, internal control and regulatory compliance. The level of supervision shoul ISO 17799 4.1 Information security infrastructure.<br> ...2 KB (329 words) - 19:26, 1 May 2006
- '''8. Risk: Insufficient security standards may allow unauthorized access to production systems and business '''10. Risk: Reactive security monitoring results in data compromise and financial loss or liability.'''<b ...6 KB (766 words) - 13:42, 23 June 2006
- ::'''1. Risk: Security incidents and incompliance with information security procedures may go overlooked and not addressed.'''<br> ...d monitor security incidents and the extent of compliance with information security procedures.<br> ...2 KB (327 words) - 13:18, 4 May 2006
- ...ver authorization, authentication, nonrepudiation, data classification and security monitoring may result in inaccurate financial reporting.''' :::a. [[SOX.2.0.21:|'''SOX.2.0.21''']] Review security practices to confirm that authentication controls (passwords, IDs, two-fact ...2 KB (305 words) - 17:36, 25 June 2006
- [[DS5:| '''5 Ensure Systems Security''']]<br> [[DS5.1:| 5.1 Management of IT Security]]<br> ...4 KB (538 words) - 19:08, 14 June 2007
- ...mation technology - Security techniques - Code of practice for information security management''. The current standard is a revision of the version published i ...ining [[ISMS|Information Security Management Systems]] (ISMS). Information security is defined within the standard in the context of the [[CIA triad|C-I-A tria ...6 KB (847 words) - 16:57, 26 March 2007
- =='''Sample Management Security Awareness Standard'''== ...f the [[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']] and associated policies and standards.<br> ...6 KB (752 words) - 14:02, 1 May 2010
- '''7. Risk: Insufficient security standards may allow unauthorized access to production systems and business '''9. Risk: Reactive security monitoring results in data compromise and financial loss or liability.'''<b ...6 KB (779 words) - 13:45, 23 June 2006
- ...performed and appropriately approved (including account management and IT security). Obtain and examine documents associated with requirements analysis from t ...1:|'''SOX.2.7.1''']] End-user computing policies and procedures concerning security, availability and processing integrity exist and are followed.<br> ...4 KB (580 words) - 18:00, 23 June 2006