Search results
Jump to navigation
Jump to search
- ...ist of security patches installed on each system to the most recent vendor security patch list, to determine that current vendor patches are installed.<br> ...ch installation to determine they require installation of all relevant new security patches within 30 days.<br> ...2 KB (295 words) - 18:20, 28 February 2007
- ...e cycle. From review of written software development processes, inquiry of software developers, and review of relevant data (network configuration documentatio ...2 KB (334 words) - 18:37, 28 February 2007
- == Requirement 11: Regularly test security systems and processes. == ...tems, processes, and custom software should be tested frequently to ensure security is maintained over time and through changes. ...3 KB (372 words) - 17:59, 7 July 2006
- '''DS 5.7 Protection of Security Technology '''<br> ...ow profile. However, do not make security of systems reliant on secrecy of security specifications. ...3 KB (377 words) - 18:52, 4 May 2006
- ::'''1. Risk: Insufficient configuration controls can lead to security and availability exposures that may permit unauthorized access to systems a ...0.32''']] Periodic testing and assessment is performed to confirm that the software and network infrastructure is appropriately configured. ...2 KB (288 words) - 18:53, 25 June 2006
- '''Sustainable Risk Reduction Through Information Security Process Awareness Test Template.'''<br> ...> to gauge and promote end-user awareness of managing risk with the use of security processes.<br> ...2 KB (305 words) - 17:31, 3 August 2006
- '''Sustainable Risk Reduction Through Information Security Process Awareness Test Template.'''<br> ...> to gauge and promote end-user awareness of managing risk with the use of security processes.<br> ...2 KB (309 words) - 17:34, 3 August 2006
- What are assets? Asset Management from a corporate governance and information security perspective is not just about 'IT' Assets. It is about the management, cont ...is taken from and attributable to UK-National Health Services Information Security it I believe adequately covers what we can do/do with data. ...5 KB (705 words) - 13:29, 23 May 2007
- ...otification message produced by the system being tested to verify that the security administrators are being proactively notified of possible access violations ...be a monitoring background process that sends an electronic message to the security administrative group automatically when root access occurs. The email messa ...3 KB (422 words) - 00:09, 13 June 2006
- '''AI 2.4 Application Security and Availability'''<br> ...ed risks, in line with data classification, the organization’s information security architecture and risk profile. Issues to consider include access rights and ...3 KB (374 words) - 15:05, 3 May 2006
- Controls provide reasonable assurance that IT components, as they relate to security, processing and availability, are well protected, would prevent any unautho :5. Prevent the inclusion of unauthorized software ...3 KB (429 words) - 18:55, 25 June 2006
- ...cilities, technology, and user procedures) and ensure that the information security requirements are met by all components. The test data should be saved for a ISO 17799 12.1 Security requirements of information systems.<br> ...5 KB (730 words) - 19:05, 17 April 2007
- '''AI 2.5 Configuration and Implementation of Acquired Application Software'''<br> Controls provide reasonable assurance that IT components, as they relate to security, processing and availability, are well protected, would prevent any unautho ...4 KB (501 words) - 18:24, 25 June 2006
- ...controls)that are needed to create, implement, and maintain an Information Security Program that complies with ISO 17799.<br> :*'''[[Security Policy:|'''Security Policy''']]<br> ...8 KB (1,023 words) - 17:25, 24 October 2006
- ...h management and upgrade strategies, risks, vulnerabilities assessment and security requirements.<br> ::'''2. Risk: The impact of application system changes (e.g., hardware and software) should be evaluated and adjusted to ensure ongoing availability, performan ...6 KB (819 words) - 13:54, 23 June 2006
- =='''Sample Software Acceptable Use Standard'''== ...ons and requirements on the proper and appropriate business use of Company software.<br> ...7 KB (953 words) - 14:13, 1 May 2010
- '''PO 4.8 Responsibility for Risk, Security and Compliance'''<br> ...es may need to be assigned at a system-specific level to deal with related security issues. Obtain direction from senior management on the appetite for IT risk ...3 KB (370 words) - 18:04, 1 May 2006
- '''DS 5.9 Malicious Software Prevention, Detection and Correction '''<br> ...m malware (viruses, worms, spy-ware, spam, internally developed fraudulent software, etc.). ...8 KB (1,177 words) - 19:00, 25 June 2006
- ==Security Audit Guidance== For security audit guidance, please refer to [[Audit_Guidance_Examination_Procedures | A ...5 KB (665 words) - 14:40, 11 April 2007
- ==Security requirements of information systems== The objective of this category is to ensure that security is an integral part of the organization's information systems, and of the b ...9 KB (1,170 words) - 14:05, 22 May 2007