Search results
Jump to navigation
Jump to search
- '''DS 10.4 Integration of Change, Configuration and Problem Management '''<br> ...ents, integrate the related processes of change, configuration and problem management. Monitor how much effort is applied to firefighting rather than enabling bu ...2 KB (248 words) - 17:50, 5 May 2006
- ...us communication program, supported by top management in action and words. Management should give specific attention to communicating IT security awareness and t '''Risk Association Control Activities:'''<br> ...3 KB (442 words) - 18:58, 1 May 2006
- ...ation of IT resources for operations, projects and maintenance to maximize Information Technologies contribution to optimizing the return on the enterprise’s port '''Risk Association Control Activities:'''<br> ...2 KB (346 words) - 18:25, 1 May 2006
- '''PO 9.5 Risk Response'''<br> ...fits and select responses that constrain residual risks within the defined risk tolerance levels.<br> ...5 KB (738 words) - 20:24, 1 May 2006
- '''PO 10.3 Project Management Approach'''<br> Establish a project management approach commensurate with the size, complexity and regulatory requirements ...4 KB (594 words) - 19:50, 25 June 2006
- ...799]], "Information Technology - Code of practice for information security management." in 2000. [[ISO/IEC 17799]] was then revised in June 2005 and finally inc ...security management system]] (ISMS), referring to the information security management structure and controls identified in BS 7799-2, which later became [[ISO/IE ...2 KB (249 words) - 10:56, 27 October 2012
- <br>Produce reports of service desk activity to enable management to measure service performance and service response times and to identify t '''Risk Association Control Activities:'''<br> ...2 KB (264 words) - 17:42, 5 May 2006
- ...software, facilities, technology, and user procedures) and ensure that the information security requirements are met by all components. The test data should be sa '''Risk Association Control Activities:'''<br> ...5 KB (730 words) - 19:05, 17 April 2007
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Controls provide reasonable assurance that policies and procedures that de ...3 KB (471 words) - 12:32, 23 June 2006
- ...that are needed to create, implement, and maintain a risk management-based Information Security Program that complies with SOX Section 404.<br> ...cies, and standards) that are needed to create, implement, and maintain an Information Security Program that complies with SOX Section 404.<br> ...1 KB (204 words) - 13:03, 14 July 2006
- '''Risk Association Control Activities:''' ::'''1. Risk: Controls provide reasonable assurance that policies and procedures that de ...4 KB (537 words) - 13:57, 23 June 2006
- '''PO 10.9 Project Risk Management'''<br> ...at have the potential to cause unwanted change. Risks faced by the project management process and the project deliverable should be established and centrally rec ...3 KB (403 words) - 12:37, 23 June 2006
- ...anagement procedure. Include periodic review against business needs, patch management and upgrade strategies, risks, vulnerabilities assessment and security requ '''Risk Association Control Activities:'''<br> ...6 KB (819 words) - 13:54, 23 June 2006
- '''DS 12.5 Physical Facilities Management '''<br> '''Risk Association Control Activities:'''<br> ...2 KB (268 words) - 15:01, 8 May 2006
- ...er include access rights and privilege management, protection of sensitive information at all stages, authentication and transaction integrity, and automatic reco '''Risk Association Control Activities:'''<br> ...3 KB (374 words) - 15:05, 3 May 2006
- ...t Operations Framework (MOF) 4.0''' is a series of guides aimed at helping information technology (IT) professionals establish and implement reliable, cost-effect ...| governance]], [[Risk_management | risk]], and [[compliance]] activities; management reviews, and Microsoft Solutions Framework (MSF) best practices.<br> ...3 KB (461 words) - 14:19, 23 April 2010
- ...ual responsible for the function and which exceptions should be escalated. Management is also responsible to inform affected parties.<br> '''Risk Association Control Activities:'''<br> ...2 KB (289 words) - 13:11, 4 May 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Operational failures may not be identified and resolved in an appropriate, ...2 KB (324 words) - 14:50, 4 May 2006
- ...nd prioritization of any reported issue as an incident, service request or information request. Measure end users’ satisfaction with the quality of the service de '''Risk Association Control Activities:'''<br> ...2 KB (340 words) - 17:40, 5 May 2006
- ...ual responsible for the function and which exceptions should be escalated. Management is also responsible to inform affected parties.<br> '''Risk Association Control Activities:'''<br> ...2 KB (289 words) - 12:56, 4 May 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Systems do not meet business needs because not all business functional and ...4 KB (510 words) - 13:54, 1 May 2006
- ...ange processes. The IT process framework should be integrated in a quality management system and the internal control framework.<br> ...ay provide invalid information, which could result in unreliable financial information and reports.<br> ...5 KB (699 words) - 19:59, 25 June 2006
- '''MANAGEMENT CONTROL '''<br> '''Risk Association Control Activities:'''<br> ...2 KB (354 words) - 20:12, 25 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Security incidents and incompliance with information security procedures may go overlooked and not addressed.''' ...2 KB (303 words) - 17:36, 5 May 2006
- ==Information Security Policy== ...ective of this category is to provide management direction and support for information security in accordance with business requirements and all relevant laws, re ...8 KB (1,063 words) - 13:25, 23 May 2007
- ...d so security incidents can be properly treated by the incident or problem management process. Characteristics include a description of what is considered a secu '''Risk Association Control Activities:'''<br> ...4 KB (548 words) - 14:21, 4 May 2006
- ...ata classification policy and the enterprise’s media storage practices. IT management should ensure that offsite arrangements are periodically assessed, at least '''Risk Association Control Activities:'''<br> ...5 KB (700 words) - 18:07, 23 June 2006
- '''DS 2.3 Supplier Risk Management'''<br> ...iness standards in accordance with legal and regulatory requirements. Risk management should further consider non-disclosure agreements (NDA), escrow contracts, ...7 KB (958 words) - 16:01, 25 June 2006
- '''PO 5.1 Financial Management Framework'''<br> ...these portfolios to the budget prioritization, cost management and benefit management processes.<br> ...2 KB (353 words) - 18:22, 1 May 2006
- '''PO 6.2 Enterprise IT Risk and Internal Control Framework'''<br> ...be aimed at maximizing success of value delivery while minimizing risks to information assets through preventive measures, timely identification of irregularities ...2 KB (331 words) - 18:47, 1 May 2006
- '''PO 9.4 Risk Assessment'''<br> ...e methods. The likelihood and impact associated with inherent and residual risk should be determined individually, by category and on a portfolio basis.<br ...2 KB (304 words) - 20:21, 1 May 2006
- ...ormation requirements, IT configuration, information risk action plans and information security culture into an overall IT security plan. The plan is implemented '''Risk Association Control Activities:''' ...10 KB (1,333 words) - 17:44, 25 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Security incidents and incompliance with information security procedures may go overlooked and not addressed.'''<br> ...2 KB (327 words) - 13:18, 4 May 2006
- ==Risk Association Control Activities:== Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...2 KB (272 words) - 18:05, 25 April 2007
- ::'''1. Risk: Insufficient control over authorization, authentication, nonrepudiation, d ...y policy exists and has been approved by an appropriate level of executive management. ...3 KB (351 words) - 16:49, 25 June 2006
- ...d standards controls)that are needed to create, implement, and maintain an Information Security Program that complies with ISO 17799.<br> ...d support for information security. This section provides templates for an Information Security Program Charter and supporting policies that are required to compl ...8 KB (1,023 words) - 17:25, 24 October 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Terminated entities create unacceptable control risks to the Company.'''<b ...3 KB (366 words) - 16:39, 26 June 2006
- ...rization controls over the initiation of transactions, resulting financial information may not be reliable. '''Risk Association Control Activities:'''<br> ...5 KB (721 words) - 11:49, 28 March 2008
- '''PO 9.6 Maintenance and Monitoring of a Risk Action Plan'''<br> ...s). Monitor execution of the plans, and report on any deviations to senior management.<br> ...2 KB (325 words) - 01:16, 2 May 2006
- '''AI 2.9 Applications Requirements Management'''<br> ...being approved through an established [[Change_control | change control]] management process.<br> ...2 KB (274 words) - 13:47, 6 March 2007
- Ensure that IT management, working with the business, defines a balanced set of performance objective * Risk and compliance with regulations.<br> ...3 KB (362 words) - 12:33, 4 May 2006
- ==Information Security Aspects of Business Continuity Management== ..., interruptions to business activities and processes caused by failures of information systems. ...9 KB (1,274 words) - 00:17, 1 June 2007
- ==Financial Management== ...ery section of the [[ITIL]] best practice framework. The aim of Financial Management for IT Services is to give accurate and cost effective stewardship of IT as ...6 KB (885 words) - 10:12, 23 March 2007
- '''PO 8.1 Quality Management System'''<br> ...conformity. The QMS should define the organizational structure for quality management, covering the roles, tasks and responsibilities. All key areas develop thei ...2 KB (337 words) - 19:47, 1 May 2006
- ...n repository and be properly integrated with change management and problem management procedures. '''Rationale —''' Configuration management includes procedures such that security, availability and processing integri ...3 KB (429 words) - 18:55, 25 June 2006
- '''Risk Association Control Activities:'''<br> Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...2 KB (281 words) - 17:42, 5 May 2006
- ...support of the business to initiate, record, process and report financial information. Deficiencies in this area could significantly impact an entity’s financial '''Risk Association Control Activities:''' ...4 KB (522 words) - 20:12, 25 June 2006
- ...y to explain deviations and performance problems. Upon review, appropriate management action should be initiated and controlled.<br> '''Risk Association Control Activities:'''<br> ...2 KB (347 words) - 13:38, 4 May 2006
- ...ves, or from programs, projects or service improvement initiatives. Change Management can ensure standardized methods, processes and procedures are used for all ==Change management in development projects== ...4 KB (523 words) - 10:24, 23 April 2010
- * Review, negotiation and establishment of management responses.<br> * Assignment of responsibility for remediation (can include risk acceptance).<br> ...2 KB (286 words) - 13:05, 4 May 2006
- ...t considers changes in the competitive environment, economies of scale for information systems staffing and investments, and improved interoperability of platform '''Risk Association Control Activities:'''<br> ...2 KB (351 words) - 17:03, 21 June 2006
- '''PO 5.4 Cost Management'''<br> Implement a cost management process comparing actual costs to budgets. Costs should be monitored and re ...2 KB (303 words) - 18:29, 1 May 2006
- '''DS 5.4 User Account Management'''<br> ...rmation are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.<br> ...6 KB (846 words) - 13:52, 4 May 2006
- ...ools for operating, accessing and using the systems and services. Relevant information to consider is naming, version numbers and licensing details. A baseline of '''Rationale —''' Configuration management includes procedures such that security, availability and processing integri ...4 KB (506 words) - 18:44, 25 June 2006
- ...nge standards that require a post-implementation review of the operational information system to assess and report on whether the change met customer requirements '''Risk Association Control Activities:'''<br> ...3 KB (394 words) - 11:59, 23 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: In-House and or Package applications may not meet all business and applica ...6 KB (878 words) - 13:34, 23 June 2006
- ==Security requirements of information systems== ...egory is to ensure that security is an integral part of the organization's information systems, and of the business processes associated with those systems.<br> ...9 KB (1,170 words) - 14:05, 22 May 2007
- ...capacity forecasting of IT resources at regular intervals to minimize the risk of service disruptions due to insufficient capacity or performance degradat '''Risk Association Control Activities:'''<br> ...3 KB (490 words) - 13:42, 4 May 2006
- ...deviations from expected performance should be identified, and appropriate management action should be initiated and reported.<br> '''Risk Association Control Activities:'''<br> ...2 KB (332 words) - 12:39, 4 May 2006
- '''PO 10.1 Program Management Framework'''<br> '''Risk Association Control Activities:'''<br> ...2 KB (345 words) - 01:18, 2 May 2006
- ...izing tasks, error tolerance mechanisms and resource allocation practices. Management should ensure that contingency plans properly address availability, capacit '''Risk Association Control Activities:'''<br> ...2 KB (284 words) - 14:37, 21 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Information security and business requirements may be compromised. Inaccurate results a ...3 KB (460 words) - 16:08, 21 June 2006
- '''DS 5.8 Cryptographic Key Management '''<br> '''Risk Association Control Activities:'''<br> ...3 KB (413 words) - 19:02, 4 May 2006
- '''Risk Association Control Activities:'''<br> Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...2 KB (333 words) - 16:42, 5 May 2006
- ==PO 1.1 IT Value Management== ...including financial worth, the risk of not delivering a capability and the risk of not realizing the expected benefits.<br> ...6 KB (847 words) - 17:21, 25 April 2007
- ...urable and predictable by users to encourage proper use of resources. User management should be able to verify actual usage and charging of services. '''Risk Association Control Activities:'''<br> ...2 KB (305 words) - 14:51, 5 May 2006
- ...es and procedures (e.g., hiring, positive work environment and orienting). Management implements processes to ensure that the organization has an appropriately d '''Risk Association Control Activities:'''<br> ...2 KB (312 words) - 18:19, 3 May 2006
- ...to create, implement, and maintain a best practice, risk management-based information security program.<br> ...to create, implement, and maintain a best practice, risk management-based Information Security Program.<br> ...5 KB (705 words) - 11:39, 30 May 2015
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Third party processors create unacceptable control risks to the Company.'' ...2 KB (321 words) - 15:35, 25 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Business requirements are not met or inadequately tested. Systems produce ...4 KB (530 words) - 11:58, 23 June 2006
- ::'''1. Risk: Up-to-date backups of programs and data may not be available when needed.' Determine if the management of third-party services has been assigned to appropriate individuals.<br> ...3 KB (335 words) - 14:05, 26 February 2007
- '''Risk Association Control Activities:'''<br> Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...2 KB (296 words) - 17:59, 3 May 2006
- The objective of this category is to manage information security within the organization's overall administrative structure.<br> ===Management commitment to information security=== ...8 KB (996 words) - 12:49, 22 May 2007
- ...systems and processes used for those purposes. While focused dominantly on information in digital form, the full range of IA encompasses not only digital but also Information assurance as a field has grown from the practice of [[information security]] which in turn grew out of practices and procedures of [[computer ...7 KB (983 words) - 10:41, 15 April 2012
- '''PO 2.1 Enterprise Information Architecture Model'''<br> ...bed in PO1. The model facilitates the optimal creation, use and sharing of information by the business and in a way that maintains integrity and is flexible, func ...2 KB (311 words) - 14:12, 1 May 2006
- [[PO1.1:| 1.1 IT Value Management]]<br> [[PO1.6:| 1.6 IT Portfolio Management]]<br> ...4 KB (517 words) - 19:07, 14 June 2007
- ...consider include validation against contractual terms, the organization’s information architecture, existing applications, interoperability with existing applica '''Rationale —''' Configuration management includes procedures such that security, availability and processing integri ...4 KB (501 words) - 18:24, 25 June 2006
- '''ME 4.4 Resource Management'''<br> ...current and future strategic objectives and keep up with business demands. Management should put clear, consistent and enforced human resources policies and proc ...2 KB (329 words) - 13:34, 4 May 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Controls provide reasonable assurance that policies and procedures that de ...3 KB (432 words) - 12:23, 23 June 2006
- '''Risk Association Control Activities:'''<br> ...ot meet business, compliance and regulatory needs of the business inducing risk.'''<br> ...5 KB (674 words) - 18:14, 21 June 2006
- '''PO 6.3 IT Policies Management'''<br> '''Risk Association Control Activities:'''<br> ...3 KB (421 words) - 18:02, 23 June 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Conflicting access credential may violate confidentiality, privacy, or pos ...3 KB (382 words) - 18:02, 3 May 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Security and business continuity risks are introduced by technical designs ...4 KB (538 words) - 13:16, 23 June 2006
- ...ication]] and [[accreditation]] (C&A) of a DoD IS that will maintain the [[information assurance]] (IA) posture throughout the [[Systems Development Life Cycle|sy ...DoDI 8500.2) as the primary set of security requirements for all automated information systems (AISs). The IA Controls are determined based on the system's [[mis ...2 KB (322 words) - 10:16, 15 April 2012
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Development and maintenance of system with potential impact to financial r ...4 KB (583 words) - 12:06, 23 June 2006
- ...ces the possibility for a single individual to subvert a critical process. Management also makes sure that personnel are performing only authorized duties releva ==Risk Association Control Activities:== ...4 KB (591 words) - 19:45, 14 June 2007
- ...iew, basis for payment, warranties, arbitration procedures, human resource management and compliance with the organization’s policies.<br> '''Risk Association Control Activities:'''<br> ...2 KB (319 words) - 17:09, 3 May 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: The transfer of programs into the live environment is not appropriately co ...2 KB (346 words) - 20:00, 23 June 2006
- ...nce framework including leadership, processes, roles and responsibilities, information requirements, and organizational structures to ensure that the enterprise’s '''Risk Association Control Activities:'''<br> ...3 KB (397 words) - 13:28, 4 May 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Information security and business requirements may be compromised. Inaccurate results a ...6 KB (804 words) - 12:14, 23 June 2006
- Assess the performance of the existing plans and information systems in terms of contribution to business objectives, functionality, sta '''Risk Association Control Activities:'''<br> ...4 KB (586 words) - 01:37, 1 May 2006
- '''Risk Association Control Activities:'''<br> Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...4 KB (544 words) - 17:11, 5 May 2006
- '''DS 11.1 Business Requirements for Data Management '''<br> '''Risk Association Control Activities:'''<br> ...2 KB (244 words) - 17:51, 5 May 2006
- ...d conditions of employment should stress the employee’s responsibility for information security, internal control and regulatory compliance. The level of supervis '''Risk Association Control Activities:'''<br> ...2 KB (329 words) - 19:26, 1 May 2006
- ...aced the former process, known as '''DITSCAP''' ('''Department of Defense Information Technology Security Certification and Accreditation Process'''), in 2006. ...at will maintain the [[Information Assurance]] (IA) posture of the Defense Information Infrastructure (DII) throughout the [[Systems Development Life Cycle|system ...2 KB (229 words) - 10:14, 15 April 2012
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Design and implementation of new applications may not be appropriately con ...3 KB (424 words) - 17:01, 21 June 2006
- '''Risk Association Control Activities:'''<br> Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...3 KB (377 words) - 18:52, 4 May 2006
- '''Risk Association Control Activities:'''<br> ::'''1. Risk: Business requirements are not met or inadequately tested. Systems produce ...3 KB (365 words) - 19:02, 17 April 2007
- ...ate security patches and virus control) across the organization to protect information systems and technology from malware (viruses, worms, spy-ware, spam, intern '''Risk Association Control Activities:'''<br> ...8 KB (1,177 words) - 19:00, 25 June 2006
- ...sider include impact analysis, cost/benefit justification and requirements management.<br> '''Risk Association Control Activities:'''<br> ...3 KB (425 words) - 13:19, 23 June 2006