Search results
Jump to navigation
Jump to search
Page title matches
- The objective of this category is to manage information security within the organization's overall administrative structure.<br> ===Management commitment to information security=== ...8 KB (996 words) - 12:49, 22 May 2007
- ==Security Controls Implementation== [[Personnel Security:]]<br> ...431 bytes (45 words) - 13:31, 10 April 2007
- ==Information Security Audit== ...rom auditing the physical security of data centers to the auditing logical security of databases and highlights key components to look for and different method ...21 KB (3,112 words) - 16:52, 15 June 2007
- ...ses primarily out of [[ISO/IEC 17799]], a code of practice for information security management published by the [[International Organization for Standardizatio ...pts. ISM3 can be used as a template to make ISO 9001 compliant information security management systems. While ISO 27001 is controls based, ISM3 is process base ...2 KB (257 words) - 17:09, 22 March 2007
- ==Sources of standards for Information Security== ...n Security Management System]]s" are of particular interest to information security professionals.<br> ...2 KB (287 words) - 14:29, 8 March 2007
- ==Sample Information Security Program Charter== ...tandards provide more measurable guidance in each policy area. Information Security procedures describe how to implement the standards. ...2 KB (316 words) - 15:19, 13 January 2014
- ==Sample Information Systems and Technology Security Policy== ...protection of the confidentiality, integrity, and availability of Company information assets. ...4 KB (465 words) - 15:46, 13 January 2014
- '''Sustainable Risk Reduction Through Information Security Process Awareness Test Template.'''<br> ...> to gauge and promote end-user awareness of managing risk with the use of security processes.<br> ...2 KB (305 words) - 17:31, 3 August 2006
- '''Sustainable Risk Reduction Through Information Security Process Awareness Test Template.'''<br> ...> to gauge and promote end-user awareness of managing risk with the use of security processes.<br> ...2 KB (309 words) - 17:34, 3 August 2006
Page text matches
- ==Organizational Security== ...ogram Charter and supporting policies that are required to comply with ISO Security Policy objectives.<br> ...2 KB (202 words) - 12:40, 15 June 2007
- :Pointers to informative books on information security.<br> :Frequently asked questions and answers about security-related topics.<br> ...1,015 bytes (132 words) - 14:09, 8 March 2007
- ==Federal information security incident center== ...— The Director shall ensure the operation of a central Federal information security incident center to—<br> ...1 KB (196 words) - 19:07, 3 June 2010
- ==Sources of standards for Information Security== ...n Security Management System]]s" are of particular interest to information security professionals.<br> ...2 KB (287 words) - 14:29, 8 March 2007
- ...ses primarily out of [[ISO/IEC 17799]], a code of practice for information security management published by the [[International Organization for Standardizatio ...pts. ISM3 can be used as a template to make ISO 9001 compliant information security management systems. While ISO 27001 is controls based, ISM3 is process base ...2 KB (257 words) - 17:09, 22 March 2007
- ...ework for ensuring the effectiveness of information security controls over information resources that support Federal operations and assets;<br> ...dination of information security efforts throughout the civilian, national security, and law enforcement communities;<br> ...1 KB (192 words) - 10:33, 1 June 2010
- ...ework for ensuring the effectiveness of information security controls over information resources that support Federal operations and assets;<br> ...dination of information security efforts throughout the civilian, national security, and law enforcement communities;<br> ...1 KB (192 words) - 10:36, 1 June 2010
- :'''Assign to an individual or team the following information security management responsibilities:'''<br> ...security policies and procedures to verify that the following information security responsibilities are specifically and formally assigned: ...2 KB (303 words) - 16:00, 2 March 2007
- =='''Information Security Research Resources'''== ...-leading published articles, research reports, and presentations from many security professionals. Topics include public key infrastructure (PKI), incident res ...978 bytes (124 words) - 00:00, 26 March 2007
- ...ded to create, implement, and maintain a risk management-based Information Security Program that complies with SOX Section 404.<br> ...andards) that are needed to create, implement, and maintain an Information Security Program that complies with SOX Section 404.<br> ...1 KB (204 words) - 13:03, 14 July 2006
- ==National security systems== The head of each agency operating or exercising control of a national security system shall be responsible for ensuring that the agency—<br> ...709 bytes (103 words) - 10:41, 2 June 2010
- ==National security systems== The head of each agency operating or exercising control of a national security system shall be responsible for ensuring that the agency—<br> ...709 bytes (103 words) - 21:02, 3 June 2010
- ==Sample Information Security Program Charter== ...tandards provide more measurable guidance in each policy area. Information Security procedures describe how to implement the standards. ...2 KB (316 words) - 15:19, 13 January 2014
- ==Sample Employee Ongoing Security Awareness Standard== ...and provides specific instructions and requirements for providing ongoing security awareness education and training for Company employees. ...2 KB (275 words) - 17:10, 23 January 2014
- :'''Assign to an individual or team the following information security management responsibilities:'''<br> ...security policies and procedures to verify that the following information security responsibilities are specifically and formally assigned: ...2 KB (293 words) - 15:59, 2 March 2007
- :'''Assign to an individual or team the following information security management responsibilities:'''<br> ...security policies and procedures to verify that the following information security responsibilities are specifically and formally assigned: ...2 KB (296 words) - 16:02, 2 March 2007
- ...sting templates containing questions that can be used to gauge and promote security awareness in specific areas. The testing can be distributed and responses c ...ity Best Practices and Addressing Regulatory Mandates Testing Template:|'''Security Best Practices and Addressing Regulatory Mandates test Template''']]<br> ...2 KB (289 words) - 16:08, 3 August 2006
- :'''Assign to an individual or team the following information security management responsibilities:'''<br> ...security policies and procedures to verify that the following information security responsibilities are specifically and formally assigned: ...2 KB (294 words) - 20:02, 2 March 2007
- :'''Assign to an individual or team the following information security management responsibilities:'''<br> ...security policies and procedures to verify that the following information security responsibilities are specifically and formally assigned: ...2 KB (293 words) - 16:04, 2 March 2007
- ...riate training of system users or owners where the systems house sensitive information. It has been superseded by the [[FISMA | Federal Information Security Management Act of 2002]] ...1 KB (168 words) - 11:37, 23 May 2010
- ...ific objectives required to create, implement, and maintain an Information Security Program that complies with HIPAA (Subpart C Sections 164.308, 164.310, 164. ...[[Sample_Information_Security_Program_Charter:|'''Sample HIPAA Information Security Program Charter''']]<br> ...5 KB (614 words) - 16:46, 25 July 2006
- ==Sample Information Systems and Technology Security Policy== ...protection of the confidentiality, integrity, and availability of Company information assets. ...4 KB (465 words) - 15:46, 13 January 2014
- ...ific objectives required to create, implement, and maintain an Information Security Program that complies with GLBA (Interagency Guidelines). Also, additional ...[[Sample Information Security Program Charter:|'''Sample GLBA Information Security Program Charter''']]<br> ...4 KB (535 words) - 16:51, 25 July 2006
- ...rticular technologies and specific solutions. This section provides sample security policies that an organization can clone and tailor to its unique requiremen :[[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']]<br> ...3 KB (404 words) - 14:53, 25 July 2006
- ==Sample Security Awareness Standard== ...ation of the [[Sample Information Security Program Charter:|'''Information Security Program Charter''']]. and associated policies, standards, guidelines, and p ...3 KB (418 words) - 19:53, 14 January 2014
- ...ontrols) that are needed to create, implement, and maintain an Information Security Program that complies with HIPAA.<br> ...andards) that are needed to create, implement, and maintain an Information Security Program that complies with HIPAA Subpart C Sections 164.308, 164.310, 164.3 ...2 KB (260 words) - 13:17, 15 June 2007
- ==Use of computer security consultants, EDP auditors, and computer professionals== ...ssional organization for security professionals is the Information Systems Security Association.[[FN36]] ...2 KB (298 words) - 15:17, 22 February 2009
- =='''Sample Management Security Awareness Standard'''== ...specific standards for the education and communication of the Information Security Program Charter and associated policies and standards.<br> ...5 KB (662 words) - 17:54, 25 July 2006
- :'''Ensure the security policy and procedures clearly define information security responsibilities for all employees and contractors.'''<br> ...4:''' Verify that information security policies clearly define information security responsibilities for both employees and contractors. ...2 KB (265 words) - 15:58, 2 March 2007
- '''DS 5.1 Management of IT Security'''<br> ...rity at the highest appropriate organizational level, so the management of security actions is in line with business requirements. ...3 KB (394 words) - 17:12, 22 March 2007
- ...c attention to communicating IT security awareness and the message that IT security is everyone’s responsibility.<br> ...f, information asset owners, etc.) are not informed of or trained in their security responsibilities.'''<br> ...3 KB (442 words) - 18:58, 1 May 2006
- '''Security Best Practices and Addressing Regulatory Mandates Awareness Testing Templat '''True or False: Security can be communicated, taught, or measured effectively without policy.'''<br> ...2 KB (318 words) - 16:08, 3 August 2006
- '''Security Best Practices and Addressing Regulatory Mandates Awareness Testing Templat '''True or False: Security can be communicated, taught, or measured effectively without policy.'''<br> ...2 KB (322 words) - 16:10, 3 August 2006
- ...[plaintext]] information '''RED Signals''' from those that carry encrypted information, or [[ciphertext]] '''BLACK signals'''.<br> *[[Security engineering]] ...1 KB (170 words) - 16:06, 14 June 2007
- '''DS 11.6 Security Requirements for Data Management '''<br> Establish arrangements to identify and apply security requirements applicable to the receipt, processing, physical storage and ou ...5 KB (649 words) - 18:23, 5 May 2006
- ...nd prioritization of any reported issue as an incident, service request or information request. Measure end users’ satisfaction with the quality of the service de ::'''1. Risk: Security incidents and incompliance with information security procedures may go overlooked and not addressed. ''' ...2 KB (340 words) - 17:40, 5 May 2006
- ...controls)that are needed to create, implement, and maintain an Information Security Program that complies with ISO 17799.<br> :*'''[[Security Policy:|'''Security Policy''']]<br> ...8 KB (1,023 words) - 17:25, 24 October 2006
- ...ation (HORSE) Project Wiki''' is evolving every day. There are information security practitioners adding content and providing guidance to the end user.<br> ...that one day this will be the most authoritative comprehensive information security wiki on the planet. ...2 KB (280 words) - 11:17, 30 November 2008
- ::'''1. Risk: Security incidents and incompliance with information security procedures may go overlooked and not addressed.''' ...d monitor security incidents and the extent of compliance with information security procedures. ...2 KB (303 words) - 17:36, 5 May 2006
- ...secured by the [http://safetynet-info.com SafetyNET] advanced information security suite of products available only from Lazarus Alliance.<br> '''Contact information:'''<br> ...876 bytes (127 words) - 14:51, 29 February 2008
- ==Information Technology Hardening== *[[Computer security]] ...1 KB (168 words) - 18:26, 14 June 2007
- ==Information Security Policy== ...is category is to provide management direction and support for information security in accordance with business requirements and all relevant laws, regulations ...8 KB (1,063 words) - 13:25, 23 May 2007
- ...andards) that are needed to create, implement, and maintain an Information Security Program that complies with GLBA.<br> ...andards) that are needed to create, implement, and maintain an Information Security Program that complies with GLBA. Additional best practices policies and sta ...2 KB (263 words) - 12:52, 14 July 2006
- ==SUB-CHAPTER I—FEDERAL INFORMATION POLICY== * [[44_USC_3503 | 3503. Office of Information and Regulatory Affairs]] ...2 KB (207 words) - 11:58, 23 May 2010
- ...cilities, technology, and user procedures) and ensure that the information security requirements are met by all components. The test data should be saved for a Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...5 KB (730 words) - 19:05, 17 April 2007
- '''DS 12.2 Physical Security Measures '''<br> ...ilities for monitoring and procedures for reporting and resolving physical security incidents need to be established. ...4 KB (517 words) - 18:12, 21 June 2006
- ...tion, Security Standards for the Protection of Electronic Protected Health Information, and General Administrative Requirements Including, Civil Money Penalties: ...400 bytes (47 words) - 13:15, 15 June 2007
- '''Sustainable Risk Reduction Through Information Security Process Awareness Test Template.'''<br> ...> to gauge and promote end-user awareness of managing risk with the use of security processes.<br> ...2 KB (305 words) - 17:31, 3 August 2006
- '''Sustainable Risk Reduction Through Information Security Process Awareness Test Template.'''<br> ...> to gauge and promote end-user awareness of managing risk with the use of security processes.<br> ...2 KB (309 words) - 17:34, 3 August 2006
- ==Laws and regulations governing Information Security== ...have also been included when they have a significant impact on information security. ...4 KB (556 words) - 14:03, 8 March 2007
- ...and responsibilities for all personnel in the organization in relation to information systems to allow sufficient authority to exercise the role and responsibili ...Security roles are not defined leading to an ineffective implementation of security responsibilities within the organization.'''<br> ...3 KB (427 words) - 17:58, 1 May 2006
- '''DS 5.6 Security Incident Definition'''<br> ...ent process. Characteristics include a description of what is considered a security incident and its impact level. A limited number of impact levels are define ...4 KB (548 words) - 14:21, 4 May 2006
- '''(a)''' The Director shall oversee agency information security policies and practices, by—<br> :'''(1)''' promulgating information security standards under section 11331 of title 40;<br> ...3 KB (414 words) - 11:45, 4 June 2010
- '''PO 4.8 Responsibility for Risk, Security and Compliance'''<br> ...es may need to be assigned at a system-specific level to deal with related security issues. Obtain direction from senior management on the appetite for IT risk ...3 KB (370 words) - 18:04, 1 May 2006
- ...1:|'''SOX.2.7.1''']] End-user computing policies and procedures concerning security, availability and processing integrity exist and are followed.<br> Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...3 KB (420 words) - 14:06, 8 August 2006
- ...of employment should stress the employee’s responsibility for information security, internal control and regulatory compliance. The level of supervision shoul Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...2 KB (329 words) - 19:26, 1 May 2006
- :'''Make all employees aware of the importance of cardholder information security:'''<br> :* Obtain security awareness program documentation and verify that it contains the following c ...2 KB (278 words) - 20:07, 2 March 2007
- ::'''1. Risk: Security incidents and incompliance with information security procedures may go overlooked and not addressed.'''<br> ...d monitor security incidents and the extent of compliance with information security procedures.<br> ...2 KB (327 words) - 13:18, 4 May 2006
- ==Physical and Environmental Security== ...es that prevent or deter attackers from accessing a facility, resource, or information stored on physical media. It can be as simple as a locked door or as elabor ...4 KB (592 words) - 19:28, 14 June 2007
- ..., known as '''DITSCAP''' ('''Department of Defense Information Technology Security Certification and Accreditation Process'''), in 2006. ...at will maintain the [[Information Assurance]] (IA) posture of the Defense Information Infrastructure (DII) throughout the [[Systems Development Life Cycle|system ...2 KB (229 words) - 10:14, 15 April 2012
- ::'''1. Risk: Security and business continuity risks are introduced by technical designs incompati ::'''2. Risk: IT security measures are not aligned with business requirements.''' ...3 KB (436 words) - 14:30, 4 May 2006
- Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> '''Supplemental Information:'''<br> ...3 KB (470 words) - 13:39, 6 March 2007
- ...SO/IEC 17799]], "Information Technology - Code of practice for information security management." in 2000. [[ISO/IEC 17799]] was then revised in June 2005 and ...ormation security management system]] (ISMS), referring to the information security management structure and controls identified in BS 7799-2, which later beca ...2 KB (249 words) - 10:56, 27 October 2012
- ::'''1. Risk: Security incidents and incompliance with information security procedures may go overlooked and not addressed.''' ...d monitor security incidents and the extent of compliance with information security procedures. ...2 KB (351 words) - 13:57, 4 May 2006
- '''DS 5.7 Protection of Security Technology '''<br> ...ow profile. However, do not make security of systems reliant on secrecy of security specifications. ...3 KB (377 words) - 18:52, 4 May 2006
- ...esting templates containing questions that can be used to gage and promote security awareness in specific areas. The tests may be distributed and responses can :[[Information Technology Auditor's Glossary:|'''Information Technology Auditor's Glossary''']]<br> ...1 KB (141 words) - 20:07, 13 June 2009
- ...mation technology - Security techniques - Code of practice for information security management''. The current standard is a revision of the version published i ...ining [[ISMS|Information Security Management Systems]] (ISMS). Information security is defined within the standard in the context of the [[CIA triad|C-I-A tria ...6 KB (847 words) - 16:57, 26 March 2007
- =='''Information Security Presentation Samples'''== ...anization can use and tailor these presentation samples to support ongoing security awareness and training efforts.<br> ...5 KB (653 words) - 12:45, 25 April 2007
- The objective of this category is to manage information security within the organization's overall administrative structure.<br> ===Management commitment to information security=== ...8 KB (996 words) - 12:49, 22 May 2007
- ...ver authorization, authentication, nonrepudiation, data classification and security monitoring may result in inaccurate financial reporting.''' :::a. [[SOX.2.0.17:|'''SOX.2.0.17''']] An information security policy exists and has been approved by an appropriate level of executive ma ...3 KB (351 words) - 16:49, 25 June 2006
- :'''Establish, publish, maintain, and disseminate a security policy that:'''<br> :* Read the information security policy, and verify the policy is published and disseminated to all relevant ...2 KB (296 words) - 14:47, 2 March 2007
- ...rticular technologies and specific solutions. This section provides sample security policies that an organization can clone and tailor to its unique requiremen ...rticular technologies and specific solutions. This section provides sample security standards that an organization can clone and tailor to its unique requireme ...4 KB (581 words) - 17:06, 30 December 2013
- ...op and maintain a risk response to ensure that cost-effective controls and security measures mitigate exposure to risks on a continuing basis. The risk respons Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...5 KB (738 words) - 20:24, 1 May 2006
- ::'''1. Risk: Information security and business requirements may be compromised. Inaccurate results are produc ...bility study through maintenance of the completed application. Verify that security, availability, and process integrity requirements are included.<br> ...3 KB (369 words) - 16:09, 21 June 2006
- ::'''1. Risk: Information security and business requirements may be compromised. Inaccurate results are produc ...bility study through maintenance of the completed application. Verify that security, availability, and process integrity requirements are included.<br> ...3 KB (368 words) - 11:58, 22 June 2006
- =='''Sample Security Awareness Accessibility Standard'''== ...f the [[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']] and associated policies and standards.<br> ...5 KB (728 words) - 14:07, 1 May 2010
- ::'''1. Risk: Security incidents and incompliance with information security procedures may go overlooked and not addressed.''' ...d monitor security incidents and the extent of compliance with information security procedures. ...3 KB (451 words) - 17:52, 5 May 2006
- ...riate level of protection. This section provides templates for Information Security standards that are required to comply with ISO Asset Classification and Con :1. [[Sample Information Classification Standard:|'''Sample ISO Information Classification Standard''']]<br> ...1 KB (159 words) - 17:08, 25 July 2006
- :'''Establish, publish, maintain, and disseminate a security policy that:'''<br> :* Read the information security policy, and verify the policy is published and disseminated to all relevant ...2 KB (294 words) - 14:46, 2 March 2007
- ...atal, Public Key Cryptography, in Comtemporary Crypt ology: The Science of Information Integrity 179, 199-202 (Gustavas Simmons ed. 1991); Schneier, supra note 18 ...363 bytes (43 words) - 12:40, 16 October 2014
- ...h agency shall have performed an independent evaluation of the information security program and practices of that agency to determine the effectiveness of such ...cies, procedures, and practices of a representative subset of the agency’s information systems;<br> ...4 KB (634 words) - 13:00, 4 June 2010
- Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> '''Supplemental Information:'''<br> ...2 KB (270 words) - 14:54, 5 May 2006
- ...h management and upgrade strategies, risks, vulnerabilities assessment and security requirements.<br> Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...6 KB (819 words) - 13:54, 23 June 2006
- ...h agency shall have performed an independent evaluation of the information security program and practices of that agency to determine the effectiveness of such ...cies, procedures, and practices of a representative subset of the agency’s information systems;<br> ...4 KB (682 words) - 19:17, 3 June 2010
- ...nsurance carriers. Coverage is increasingly available to cover risks from security breaches or denial of service attacks. Several insurance companies offer e '''When evaluating the need for insurance to cover information security threats, financial institutions should understand the following points:''' ...3 KB (469 words) - 13:30, 10 April 2007
- ...performed and appropriately approved (including account management and IT security). Obtain and examine documents associated with requirements analysis from t ...1:|'''SOX.2.7.1''']] End-user computing policies and procedures concerning security, availability and processing integrity exist and are followed.<br> ...4 KB (580 words) - 18:00, 23 June 2006
- ...is scheme includes details about data ownership, definition of appropriate security levels and protection controls, and a brief description of data retention a Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...3 KB (363 words) - 16:53, 9 April 2007
- ...ication]] and [[accreditation]] (C&A) of a DoD IS that will maintain the [[information assurance]] (IA) posture throughout the [[Systems Development Life Cycle|sy DIACAP is the result of a [[NSA]] directed shift in underlying security paradigm and succeeds its predecessor: [[DITSCAP]]. ...2 KB (322 words) - 10:16, 15 April 2012
- ...ort issues and upgrades, periodic review against business needs, risks and security requirements.<br> Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...6 KB (878 words) - 13:34, 23 June 2006
- =='''Sample Management Security Awareness Standard'''== ...f the [[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']] and associated policies and standards.<br> ...6 KB (752 words) - 14:02, 1 May 2010
- ...r Crime Legislation pp IS80-300-101 to 118, Datapro reports on Information Security (Delran NJ 1985). ...730 bytes (96 words) - 11:09, 26 February 2009
- Information Systems Security Association, 401 Michigan Ave, Chicago, IL 60611, (312) 644-6610. ...348 bytes (46 words) - 12:17, 28 February 2009
- ...ext of the system development life cycle and the organizational enterprise information technology architecture: :Categorize the information system and the information resident within that system based on impact. ...4 KB (528 words) - 16:58, 28 March 2010
- ...e system audit process. This section provides templates for an Information Security Program Charter and supporting policies that are required to comply with IS ==Compliance with organizational security policies and technical standards== ...6 KB (774 words) - 12:41, 25 May 2007
- ...he security service of message integrity which provides assurance that the information signed has not been altered. See Guideline 35 (authentication). ...205 bytes (26 words) - 12:28, 16 October 2014
- ...ts (NDA), escrow contracts, continued supplier viability, conformance with security requirements, alternative suppliers, penalties and rewards, etc.<br> ...service contracts address the risks, security controls and procedures for information systems and networks in the contract between the parties. .<br> ...7 KB (958 words) - 16:01, 25 June 2006
- ...be aimed at maximizing success of value delivery while minimizing risks to information assets through preventive measures, timely identification of irregularities Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...2 KB (331 words) - 18:47, 1 May 2006
- Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> '''Supplemental Information:'''<br> ...2 KB (338 words) - 19:03, 17 April 2007
- '''AI 2.4 Application Security and Availability'''<br> ...er include access rights and privilege management, protection of sensitive information at all stages, authentication and transaction integrity, and automatic reco ...3 KB (374 words) - 15:05, 3 May 2006
- ...1)''' The term '''information security''' means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification ...st improper information modification or destruction, and includes ensuring information non-repudiation and authenticity; ...2 KB (327 words) - 00:58, 1 June 2010
- :2. Corporate values (ethical values, control and security culture, etc.) ...yees to acknowledge in writing they have read and understood the company’s security policy and procedures.''' ...2 KB (333 words) - 16:42, 5 May 2006
- Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> '''Supplemental Information:'''<br> ...2 KB (292 words) - 19:08, 1 May 2006
- [[Security Policy:|'''Security Policy''']]<br> [[Organizing Information Security:|'''Organizing Information Security''']]<br> ...3 KB (378 words) - 21:27, 18 January 2015
- ...implement, and maintain a best practice, risk management-based information security program.<br> ...implement, and maintain a best practice, risk management-based Information Security Program.<br> ...5 KB (705 words) - 11:39, 30 May 2015
- ...1:|'''SOX.2.7.1''']] End-user computing policies and procedures concerning security, availability and processing integrity exist and are followed.<br> Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...3 KB (377 words) - 14:10, 8 August 2006
- Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> '''Supplemental Information:'''<br> ...3 KB (377 words) - 14:55, 1 May 2006
- ...1)''' the term '''information security''' means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification ...st improper information modification or destruction, and includes ensuring information non-repudiation and authenticity; ...3 KB (368 words) - 00:50, 1 June 2010
- '''(a)''' In General.— The Director shall oversee agency information security policies and practices, including—<br> ...entation of policies, principles, standards, and guidelines on information security, including through ensuring timely agency adoption of and compliance with s ...4 KB (671 words) - 10:44, 1 June 2010
- == Requirement 12: Maintain a policy that addresses information security. == *A strong security policy sets the security tone for the whole company, and lets employees know what is expected of the ...7 KB (988 words) - 19:11, 7 July 2006
- Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> '''Supplemental Information:'''<br> ...2 KB (317 words) - 20:10, 1 May 2006
- ==Personnel Security== ...s granted to some users increases the risk of accidental damage or loss of information and systems.<br> ...10 KB (1,327 words) - 12:54, 10 April 2007
- ...8.82 and 1798.84''' is a California law regulating the privacy of personal information. The law was introduced by California State Senator Peace on February 12, ...for notification to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized pe ...3 KB (522 words) - 13:52, 26 October 2011
- ::'''1. Risk: Information security and business requirements may be compromised. Inaccurate results are produc ...bility study through maintenance of the completed application. Verify that security, availability, and process integrity requirements are included.<br> ...3 KB (460 words) - 16:08, 21 June 2006
- ...igence Directives.''' Protecting Special Access Program Information Within Information Systems policy excerpt: [[Media:JAFAN_6_3.pdf]]<br> :'''Avoid Session Management Pitfalls:''' [[Media:session-management-security.pdf]]<br> ...6 KB (839 words) - 16:22, 23 April 2007
- =='''Sample Third Party Security Awareness Standard'''== ...f the [[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']] and associated policies and standards.<br> ...10 KB (1,206 words) - 14:05, 1 May 2010
- ...ds and guidelines. The policies should address key topics such as quality, security, confidentiality, internal controls and intellectual property. Their releva ...1:|'''SOX.2.7.1''']] End-user computing policies and procedures concerning security, availability and processing integrity exist and are followed.<br> ...3 KB (421 words) - 18:02, 23 June 2006
- '''DS 5.2 IT Security Plan '''<br> ...ith appropriate investments in services, personnel, software and hardware. Security policies and procedures are communicated to stakeholders and users. ...10 KB (1,333 words) - 17:44, 25 June 2006
- ...user activity and security related events which are reviewed daily by the security administrators.<br> ...revalidations of user group membership and user accounts are performed by security administration.<br> ...4 KB (550 words) - 14:34, 1 May 2006
- ::'''1. Risk: Information security and business requirements may be compromised. Inaccurate results are produc ...bility study through maintenance of the completed application. Verify that security, availability, and process integrity requirements are included.<br> ...6 KB (847 words) - 17:21, 25 April 2007
- Controls provide reasonable assurance that IT components, as they relate to security, processing and availability, are well protected, would prevent any unautho ...ools for operating, accessing and using the systems and services. Relevant information to consider is naming, version numbers and licensing details. A baseline of ...4 KB (506 words) - 18:44, 25 June 2006
- =='''Best Practices Security Incident Response Program Presentation'''== ::Information Security Staff ...2 KB (315 words) - 18:46, 25 September 2006
- :'''Establish a process to identify newly discovered security vulnerabilities (e.g., subscribe to alert services freely available on the ...that the process includes using outside sources for security vulnerability information and updating the system configuration standards reviewed in Requirement 2 a ...2 KB (303 words) - 18:22, 28 February 2007
- ...parties with access to cardholder data to adhere to payment card industry security requirements. At a minimum, the agreement should address:'''<br> ...hird party are included in the contract. Specifically verify the following information is included in the contract: ...3 KB (348 words) - 14:41, 2 March 2007
- ...system software and data. This section provides templates for Information Security standards that are required to comply with ISO Systems Development and Main ...viding specific requirements and instructions for life cycle management of information systems, including hardware and software.<br> ...5 KB (613 words) - 18:14, 25 July 2006
- ...e defined and documented in accordance with the organization's information security policy.<br> * Act in accordance with the organization's information security policy, including execution of processes or activities particular to the in ...10 KB (1,387 words) - 14:04, 22 May 2007
- Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...4 KB (544 words) - 17:11, 5 May 2006
- ...ersonnel by the IT function to assure the protection of the organization’s information assets and meet agreed contractual requirements.<br> Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...2 KB (330 words) - 18:17, 1 May 2006
- ::'''1. Risk: Security incidents and incompliance with information security procedures may go overlooked and not addressed.''' ...d monitor security incidents and the extent of compliance with information security procedures. ...4 KB (601 words) - 15:01, 8 August 2006
- ...ning to maintain their knowledge, skills, abilities, internal controls and security awareness at the level required achieving organizational goals.<br> Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...2 KB (272 words) - 18:05, 25 April 2007
- ==Security Audit Guidance== For security audit guidance, please refer to [[Audit_Guidance_Examination_Procedures | A ...5 KB (665 words) - 14:40, 11 April 2007
- ::'''1. Risk: nformation security and business requirements may be compromised. Inaccurate results are produc ...bility study through maintenance of the completed application. Verify that security, availability, and process integrity requirements are included.<br> ...4 KB (506 words) - 20:00, 25 June 2006
- ...Information Law, which makes it a crime to disclose confidential/personal information without authorization. ...the activities of companies that administer databases containing personal information. Therefore, its scope is limited. ...4 KB (561 words) - 16:45, 29 August 2014
- ...t and ongoing monitoring of threats to Company information assets. Company information assets are defined in the scope of the [[Sample Asset Identification and Cl ...threat assessment activities will be integrated, as appropriate, into the Security Awareness Program. Specific instructions and requirements for assessing thr ...3 KB (365 words) - 19:25, 14 January 2014
- ...uch as the board, executives, business units, individual users, suppliers, security officers, risk managers, the corporate compliance group, outsourcers and of Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...2 KB (342 words) - 18:20, 1 May 2006
- ...ves for establishing specific standards on the appropriate business use of information assets.<br> ...rform work on Company premises, or who have been granted access to Company information or systems, are covered by this standard and must comply with associated gu ...6 KB (857 words) - 12:22, 19 July 2007
- Controls provide reasonable assurance that IT components, as they relate to security, processing and availability, are well protected, would prevent any unautho ...ed through its life cycle. Insufficient configuration controls can lead to security and availability exposures that may permit unauthorized access to systems a ...3 KB (429 words) - 18:55, 25 June 2006
- ...is the message in a form where no special effort has been made to make the information unreadable without special knowledge. In some systems, however, multiple la ...modern computers and receive hundreds of megabytes of data, poses another security headache. A spy (perhaps posing as a cleaning person) could easily conceal ...4 KB (702 words) - 15:52, 14 June 2007
- :'''Make all employees aware of the importance of cardholder information security:'''<br> :* Obtain security awareness program documentation and verify that it contains the following c ...2 KB (271 words) - 20:06, 2 March 2007
- ...p of data and information systems. Owners make decisions about classifying information and systems and protecting them in line with this classification.<br> Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...2 KB (303 words) - 18:06, 1 May 2006
- '''Federal Information Security Management Act (FISMA)''' ...support the implementation of and compliance with the Federal Information Security Management Act including: ...9 KB (1,252 words) - 19:19, 19 April 2010
- ...eged access to systems. Many of these vulnerabilities are fixed via vendor security patches, and all systems should have current software patches to protect ag ...re that all system components and software have the latest vendor-supplied security patches.'''<br> ...4 KB (578 words) - 18:46, 28 February 2007
- :'''Establish, publish, maintain, and disseminate a security policy that:'''<br> :* Read the information security policy, and verify the policy is published and disseminated to all relevant ...2 KB (281 words) - 14:46, 2 March 2007
- ...protection and management objectives, and define acceptable use of Company information assets.<br> ...iality, integrity, and availability of Company information assets. Company information assets are defined in the [[Sample Asset Identification and Classification ...10 KB (1,314 words) - 18:06, 15 March 2009
- ...It is insufficient to declare that there are codes and passwords and other security devices. Something more should be available to trace the input and output a ...787 bytes (125 words) - 17:52, 22 February 2009
- ...parties with access to cardholder data to adhere to payment card industry security requirements. At a minimum, the agreement should address:'''<br> ...hird party are included in the contract. Specifically verify the following information is included in the contract: ...3 KB (345 words) - 14:38, 2 March 2007
- Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> '''Supplemental Information:'''<br> ...2 KB (353 words) - 18:22, 1 May 2006
- ...ment 2: Do not use vendor-supplied defaults for system passwords and other security parameters. == ...ings are well known in hacker communities and easily determined via public information.<br> ...2 KB (283 words) - 17:00, 26 June 2006
- ...parties with access to cardholder data to adhere to payment card industry security requirements. At a minimum, the agreement should address:'''<br> ...hird party are included in the contract. Specifically verify the following information is included in the contract: ...3 KB (350 words) - 14:39, 2 March 2007
- ...parties with access to cardholder data to adhere to payment card industry security requirements. At a minimum, the agreement should address:'''<br> ...hird party are included in the contract. Specifically verify the following information is included in the contract: ...3 KB (353 words) - 14:40, 2 March 2007
- Controls provide reasonable assurance that IT components, as they relate to security, processing and availability, are well protected, would prevent any unautho ...consider include validation against contractual terms, the organization’s information architecture, existing applications, interoperability with existing applica ...4 KB (501 words) - 18:24, 25 June 2006
- ==Security requirements of information systems== ...egory is to ensure that security is an integral part of the organization's information systems, and of the business processes associated with those systems.<br> ...9 KB (1,170 words) - 14:05, 22 May 2007
- ...al part of development in house. During the planning stages of development security, availability, and processing integrity must be considered. ...0>The BackupSystemAudit utility discovers and records system configuration information such as: ...3 KB (335 words) - 14:05, 26 February 2007
- ...8 found that nearly one-third of emails contain attachments and 95% of the information that flows through email systems in the typical organization is attachments * The risk of losing sensitive information ...961 bytes (140 words) - 22:16, 15 March 2010
- ...ver authorization, authentication, nonrepudiation, data classification and security monitoring may result in inaccurate financial reporting.''' 1. Determine the sufficiency and appropriateness of perimeter security controls, including firewalls and intrusion detection systems. ...3 KB (360 words) - 17:03, 9 April 2007
- '''Incident Management''' otherwise known as '''Information Security Incident Management''', is a [[Service_Level_Management: | Service Level Ma ...tablished to ensure a quick, effective and orderly response to information security incidents.<br> ...9 KB (1,371 words) - 16:40, 23 May 2007
- ...service contracts address the risks, security controls and procedures for information systems and networks in the contract between the parties.<br> ...-party service contracts and determine if they include controls to support security, availability and processing integrity in accordance with the company’s pol ...2 KB (294 words) - 18:21, 14 June 2006
- Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> '''Supplemental Information:'''<br> ...3 KB (393 words) - 17:18, 1 May 2006
- Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ==Supplemental Information:== ...3 KB (366 words) - 18:00, 25 April 2007
- ...service contracts address the risks, security controls and procedures for information systems and networks in the contract between the parties. .<br> ...-party service contracts and determine if they include controls to support security, availability and processing integrity in accordance with the company’s pol ...2 KB (291 words) - 16:02, 25 June 2006
- ...cases. Rights and obligations relative to access to enterprise systems and information are contractually arranged for all types of users. Perform regular manageme * PCI.7.1: Limit access to computing resources and cardholder information to only those individuals whose job requires such access. ...6 KB (846 words) - 13:52, 4 May 2006
- ...roviders have implemented adequate security controls to safeguard customer information. :* Require service providers by contract to implement appropriate security controls to comply with the guidelines ...6 KB (829 words) - 19:14, 17 April 2007
- ...ding networks, systems, and applications that store, process, and transmit information assets.<br> ...erform work on Company premises or who have been granted access to Company information or systems, are covered by this standard and must comply with associated gu ...9 KB (1,213 words) - 13:20, 9 March 2009
- ==Information Security Aspects of Business Continuity Management== ..., interruptions to business activities and processes caused by failures of information systems. ...9 KB (1,274 words) - 00:17, 1 June 2007
- ...mation technology - Security techniques - Code of practice for information security management''. ...ining [[ISMS|Information Security Management Systems]] (ISMS). Information security is defined within the standard in the context of the [[CIA triad|C-I-A tria ...8 KB (1,111 words) - 10:30, 15 April 2012
- ...of the various processing entities and use certified devices such as Host Security Modules (HSM). The most common standard used to evaluate organizations is t [[Category:Information technology management|Governance]] ...2 KB (235 words) - 09:48, 23 October 2012
- ...ty and availability, and testing. Perform a [[Information_Security_Audit | security audit]] reassessment when significant technical or logical discrepancies oc Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...2 KB (329 words) - 13:35, 6 March 2007
- ...guish between employees and visitors, especially in areas where cardholder information is accessible. ...n lines, paper receipts, paper reports, and faxes) that contain cardholder information. ...5 KB (674 words) - 18:14, 21 June 2006
- ...and tribal governments, and other persons resulting from the collection of information by or for the Federal Government;<br> ...sure the greatest possible public benefit from and maximize the utility of information created, collected, maintained, used, shared and disseminated by or for the ...3 KB (414 words) - 10:37, 1 June 2010
- ...protection and management objectives, and define acceptable use of Company information assets.<br> ...c standards on the identification, classification, and labeling of Company information assets.<br> ...8 KB (1,068 words) - 17:23, 16 October 2009
- ...ine the nature of the impact— positive, negative or both—and maintain this information.<br> Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...3 KB (459 words) - 17:56, 21 June 2006
- ...parties with access to cardholder data to adhere to payment card industry security requirements. At a minimum, the agreement should address:'''<br> ...hird party are included in the contract. Specifically verify the following information is included in the contract: ...3 KB (377 words) - 14:37, 2 March 2007
- ...systems and processes used for those purposes. While focused dominantly on information in digital form, the full range of IA encompasses not only digital but also ...ecurity]] which in turn grew out of practices and procedures of [[computer security]]. ...7 KB (983 words) - 10:41, 15 April 2012
- ::'''(A)''' providing information security protections commensurate with the risk and magnitude of the harm resulting :::'''(i)''' information collected or maintained by or on behalf of the agency; and<br> ...10 KB (1,576 words) - 12:50, 4 June 2010
- ...sleading data, update data, require confidentiality and to eliminate false information. This guarantee does not affect the secrecy of journalistic sources.' ...try (Article 109, Decree 62-2004). This Law refers only to public personal information that is contained in the archives of the Civil Registry. ...6 KB (879 words) - 16:59, 29 August 2014
- Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> '''Supplemental Information:'''<br> ...3 KB (413 words) - 19:02, 4 May 2006
- == Requirement 11: Regularly test security systems and processes. == ...tems, processes, and custom software should be tested frequently to ensure security is maintained over time and through changes. ...3 KB (372 words) - 17:59, 7 July 2006
- ::'''(A)''' providing information security protections commensurate with the risk and magnitude of the harm resulting :::'''(i)''' information collected or maintained by or on behalf of the agency; and<br> ...11 KB (1,610 words) - 19:37, 3 June 2010
- ...credit report would prohibit credit reporting agencies from releasing any information about you to new creditors, making it difficult for an identity thief to op ...ply. Compliance falls under the Attorney General's jurisdiction. Detailed information is available from the North Carolina Attorney General's office. The require ...3 KB (488 words) - 13:02, 12 November 2011
- ...authorized to have access" and is one of the cornerstones of [[Information security]]. Confidentiality is one of the design goals for many [[cryptosystem]]s, m ...y's classic "need-to-know" principle, forms the cornerstone of information security in today's corporates.<br> ...4 KB (669 words) - 15:05, 22 March 2007
- ...ate security patches and virus control) across the organization to protect information systems and technology from malware (viruses, worms, spy-ware, spam, intern ...T management has established procedures across the organization to protect information systems and technology from computer viruses. ...8 KB (1,177 words) - 19:00, 25 June 2006
- =='''Logical Security'''== ...n a computer network or a computer workstation. It is a subset of computer security.<br> ...7 KB (1,093 words) - 19:00, 5 March 2007
- ...ation of IT resources for operations, projects and maintenance to maximize Information Technologies contribution to optimizing the return on the enterprise’s port Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...2 KB (346 words) - 18:25, 1 May 2006
- ...em to allow logging and tracking of calls, incidents, service requests and information needs. It should work closely with such processes as incident management, p Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...2 KB (299 words) - 17:41, 5 May 2006
- ...t considers changes in the competitive environment, economies of scale for information systems staffing and investments, and improved interoperability of platform Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...2 KB (351 words) - 17:03, 21 June 2006
- ...hould be tested and evaluated prior to deployment, so the effectiveness of security can be certified. Fallback or back out plans should also be developed and t ::'''1. Risk: Security and business continuity risks are introduced by technical designs incompati ...3 KB (497 words) - 14:57, 23 June 2006
- '''Zero day''' in technology refers to software, videos, music, or information unlawfully released or obtained on the day of public release. ...advantage of the surprise attack while they are still unknown to computer security professionals. Recent history certainly does show us an increasing rate of ...4 KB (570 words) - 19:02, 14 June 2007
- ...sed on his or her own recognizance need not post any bail or other form of security but must simply execute a promise to appear at all scheduled court appearan ...fendants are guilty may not be the most desirable way of communicating the information. The O. R. investigator may easily make this impression on the uninformed s ...3 KB (500 words) - 16:26, 18 February 2009
- Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ==Supplemental Information:== ...2 KB (303 words) - 18:16, 25 April 2007
- ...It is about the management, control and protection of '''all''' aspects of Information / Data in whatever form for example paper records or X-Ray Film and fiche. ...of information and data that is critical to the organization. Weather the information data is Held, Obtained, Recorded, Used, Shared (HORUS)*. The data may be pe ...5 KB (705 words) - 13:29, 23 May 2007
- ==Data Security== ...tect the confidentiality, integrity, and availability of the institution’s information assets. All of the controls discussed so far, whether at the perimeters, n ...9 KB (1,246 words) - 18:20, 10 April 2007
- Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> '''Supplemental Information:'''<br> ...2 KB (311 words) - 16:29, 1 May 2006
- ...des specific instructions and requirements for the encryption of sensitive information assets. ...d integrity of sensitive Company information assets in accordance with the Information Handling Standard and the Integrity Protection Standard. ...4 KB (558 words) - 15:12, 21 January 2014
- Links to helpful or interesting information security documents.<br> :This paper discusses common security vulnerabilities in PHP applications.<br> ...10 KB (1,527 words) - 12:47, 25 April 2007
- ...the development of requirements. Risks include threats to data integrity, security, availability, [[Privacy | privacy]], and compliance with laws and regulati Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...2 KB (269 words) - 23:52, 14 June 2007
- ...pment, taking into account the organization’s technological directions and information architecture, and have the design specifications approved to ensure that th ::'''1. Risk: Security and business continuity risks are introduced by technical designs incompati ...2 KB (323 words) - 15:09, 3 May 2006
- ...tion X.813), ISO/IEC 10181-4 (1996); Warwick Ford, Computer Communications Security: Principles, Standard Protocols & Techniques 29-30 (1994) (1994) (hereinaft ...1 KB (144 words) - 12:26, 16 October 2014
- ...for protecting the confidentiality, integrity, and availability of Company information assets.<br> ...irements for proper controls to protect the integrity of sensitive Company information assets.<br> ...7 KB (976 words) - 14:17, 1 May 2010
- Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> '''Supplemental Information:'''<br> ...2 KB (268 words) - 19:33, 1 May 2006
- '''DS 5.10 Network Security '''<br> ...ntation, and intrusion detection) are used to authorize access and control information flows from and to networks. ...6 KB (781 words) - 12:31, 23 June 2006
- '''DS 5.5 Security Testing, Surveillance and Monitoring'''<br> ...r abnormal activities that may need to be addressed. Access to the logging information is in line with business requirements in terms of access rights and retenti ...7 KB (975 words) - 16:57, 9 April 2007
- ...performed and appropriately approved (including account management and IT security). Obtain and examine documents associated with requirements analysis from t Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...4 KB (510 words) - 13:54, 1 May 2006
- ...scribing special costs, the costs of EDP auditors and computer information security practitioner should not be overlooked.[[FN89]] ...916 bytes (142 words) - 13:39, 22 February 2009
- ...raphical information, university's expenses in notifying individuals whose information had been stolen was includible in restitution awarded by court, since unive ...2 KB (272 words) - 21:48, 22 February 2009
- ...provides a statutory framework which regulates disclosures of confidential information by professional persons, providing among other things for criminal sanction At common law, information is generally to be regarded as “confidential” if it has a necessary quality ...5 KB (747 words) - 16:25, 29 August 2014
- ...control environment and control framework. [[Information_Security_Audit | Security audit]] assessments using industry best practices and benchmarking should b Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...2 KB (291 words) - 13:41, 6 March 2007
- Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> '''Supplemental Information:'''<br> ...2 KB (284 words) - 19:38, 1 May 2006
- ==Welcome to the Holistic Operational Readiness Security Evaluation (HORSE) project Wiki.== ...ging the growth, development and distribution of free, multilingual, cyber security focused educational content, and to providing the full content of this wiki ...9 KB (1,241 words) - 20:49, 13 September 2016
- ...olicies and practices are in place to ensure the integrity of data through security and end user development methodology.<br> ::'''5. Risk: IT security measures are not aligned with business requirements.'''<br> ...4 KB (583 words) - 12:06, 23 June 2006
- Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> '''Supplemental Information:'''<br> ...2 KB (281 words) - 17:42, 5 May 2006
- ==Initial conference with defendant; information checklist== * Social security number ...789 bytes (113 words) - 16:17, 18 February 2009
- ::'''3. Risk: System security may be undermined by inappropriate external system connections.''' ...ls should be in place to prevent these connections from undermining system security. ...4 KB (524 words) - 15:03, 25 June 2006
- ...at a minimum, legal, financial, organizational, documentary, performance, security, intellectual property and termination responsibilities and liabilities (in Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...2 KB (287 words) - 17:04, 3 May 2006
- ...facility. The magnetic strip on the card key controls (via a computerized security system) an employee's access rights to various locations within the buildin ...s. The diagram illustrates segregation of duties as it applies to physical security within the enterprise.<br> ...4 KB (591 words) - 19:45, 14 June 2007
- Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> '''Supplemental Information:'''<br> ...3 KB (356 words) - 17:11, 1 May 2006
- ...on Company premises, or who have been granted access to and use of Company Information Assets, are covered by this standard and must comply with associated guidel Information assets are defined in the [[Sample Asset Identification and Classification ...8 KB (1,123 words) - 16:01, 2 August 2009
- ...ny, the defense attorney should become well versed in computer crime. This information is likely to include an understanding of the typical kinds of computer crim ...ough the expert. Experts are usually quite content to be the source of all information, and will suffer counsel's ignorance with great patience. ...2 KB (358 words) - 19:18, 22 February 2009
- ...roject plan. The tasks should provide assurance that internal controls and security features meet the defined requirements.<br> Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...2 KB (298 words) - 01:59, 2 May 2006
- '''8. Risk: Insufficient security standards may allow unauthorized access to production systems and business *AIX Unix: etc/security/user<br> ...3 KB (405 words) - 00:10, 13 June 2006
- ...tions may include service levels, maintenance procedures, access controls, security, and performance review as a basis for payment and arbitration procedures.< Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...2 KB (294 words) - 17:10, 3 May 2006
- Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> '''Supplemental Information:'''<br> ...2 KB (309 words) - 18:13, 1 May 2006
- Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> '''Supplemental Information:'''<br> ...2 KB (312 words) - 18:19, 3 May 2006
- Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> '''Supplemental Information:'''<br> ...2 KB (321 words) - 15:35, 25 June 2006
- ...system requirements and current and projected trends in the organization's information processing capabilities. ...in usage, particularly in relation to business applications or management information system tools. ...3 KB (490 words) - 13:42, 4 May 2006
- ...nvironment should reflect the future operations environment (e.g., similar security, internal controls and workloads) to enable sound testing. Procedures shoul Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...2 KB (316 words) - 17:47, 3 May 2006
- ...information from law enforcement and may be more willing to disclose this information than the law enforcement officers. ...2 KB (374 words) - 15:29, 22 February 2009
- Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> '''Supplemental Information:'''<br> ...2 KB (296 words) - 17:59, 3 May 2006
- ...iality, integrity, and availability of Company information assets. Company information assets are defined in the [[Sample Asset Identification and Classification ...required. Specific instructions and requirements for controlling access to information assets are provided in the [[Sample Access Control Standard:|'''Sample Acce ...5 KB (673 words) - 18:16, 14 January 2014
- ...difficult to establish the identity of the person entering the sales slip information into the computer. While a sales clerk has a unique code that must be used ...the acts charged as criminal. Counsel must analyze carefully the technical information concerning the way in which computer access is recorded in determining whet ...4 KB (717 words) - 18:04, 22 February 2009
- ...ves for establishing specific standards on the appropriate business use of information assets.<br> ...on Company premises, or who have been granted access to and use of Company information or systems are covered by this standard and must comply with associated gui ...7 KB (953 words) - 14:13, 1 May 2010
- ...tory compliance and continuity requirements. This is related/linked to the information architecture.<br> ...performed and appropriately approved (including account management and IT security). Obtain and examine documents associated with requirements analysis from t ...3 KB (446 words) - 16:36, 1 May 2006
- ...igation to maintain the privacy and confidentiality of a client’s personal information unless specific permission is granted for its release or dissemination to t ...encies to combat illicit activity is mandated or authorised, disclosure of information by government officials, professional agents, attorneys and accountants and ...5 KB (762 words) - 16:03, 29 August 2014
- ...p" vulnerability management activities including vulnerability mitigation, information review and analysis, as well as metrics tracking and reporting.<br> ...on Company premises, or who have been granted access to and use of Company Information Assets, are covered by this standard and must comply with associated guidel ...9 KB (1,122 words) - 14:12, 1 May 2010
- ...regation of duties, automated business controls, backup/recovery, physical security and source document archival.<br> Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...3 KB (362 words) - 23:55, 14 June 2007
- ...ance, and capacity for growth, levels of support, continuity planning, and security and demand constraints. <br> Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...2 KB (332 words) - 18:24, 5 May 2006
- Assess the performance of the existing plans and information systems in terms of contribution to business objectives, functionality, sta Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...4 KB (586 words) - 01:37, 1 May 2006
- ...ment 2: Do not use vendor-supplied defaults for system passwords and other security parameters.''']] ...4:|'''Requirement 4: Encrypt transmission of cardholder data and sensitive information across public networks.''']] ...8 KB (1,208 words) - 17:00, 9 April 2007
- Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> '''Supplemental Information:'''<br> ...2 KB (346 words) - 20:00, 23 June 2006
- ...should include requirements for performance, stress, usability, pilot and security testing.<br> Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...2 KB (322 words) - 17:43, 3 May 2006
- ::'''1. Risk: Information security and business requirements may be compromised. Inaccurate results are produc ...bility study through maintenance of the completed application. Verify that security, availability, and process integrity requirements are included.<br> ...6 KB (863 words) - 13:12, 23 June 2006
- ==Security Management== ...ITIL Security Management is based on the code of practice for information security management also known as ISO/IEC 17799. ...32 KB (4,804 words) - 14:10, 27 February 2009
- ...elecommunications equipment within an operations center will have a higher security zone than I/O operations, with the media used by that equipment stored at y ...en>'''HORSE FACTS:'''</font> Financial institutions should define physical security zones and implement appropriate preventative and detective controls in each ...10 KB (1,485 words) - 14:22, 10 April 2007
- Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> '''Supplemental Information:'''<br> ...21 KB (3,010 words) - 15:52, 25 June 2006
- ...lly assessed, at least annually, for content, environmental protection and security. Ensure compatibility of hardware and software to restore archived data and :::a. [[SOX.2.3.2:|'''SOX.2.3.2''']] Confidential information on backed up system and transaction data is properly protected. ...5 KB (700 words) - 18:07, 23 June 2006
- Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ==Supplemental Information:== ...9 KB (1,301 words) - 16:55, 25 April 2007
- ...tackers are unlikely to find them. The technique stands in contrast with [[security by design]], although many real-world projects include elements of both str ...aphy was disturbing to the US government, which seems to have been using a security through obscurity analysis to support its opposition to such work. ...11 KB (1,798 words) - 14:44, 14 June 2007
- ...t Protection Standard, Company protection standards shall include specific security requirements in the following areas: #### Information Handling ...5 KB (681 words) - 21:56, 15 January 2014
- Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> '''Supplemental Information:'''<br> ...3 KB (366 words) - 16:39, 26 June 2006
- ::'''1. Risk: Information security and business requirements may be compromised. Inaccurate results are produc ...bility study through maintenance of the completed application. Verify that security, availability, and process integrity requirements are included.<br> ...6 KB (804 words) - 12:14, 23 June 2006
- ...e key, generally less secure than hardware schemes, but providing adequate security for many types of applications. See generally Schneier, supra note 18, at § ...2 KB (244 words) - 12:37, 16 October 2014
- ...al direction, performance, cost, reliability, compatibility, Auditability, security, availability and continuity, ergonomics, usability, safety and legislation ::'''1. Risk: Security and business continuity risks are introduced by technical designs incompati ...4 KB (538 words) - 13:16, 23 June 2006
- ==Health Information Technology for Economic and Clinical Health Act (HITECH Act)== ...individuals if there has been a breach of their unsecured protected health information (UPHI). Section 13407 of the HITECH Act sets forth breach notification req ...9 KB (1,358 words) - 16:25, 6 September 2011
- ...ding networks, systems, and applications that store, process, and transmit information assets.<br> ...erform work on Company premises or who have been granted access to Company information or systems, are covered by this standard and must comply with associated gu ...12 KB (1,656 words) - 14:15, 1 May 2010
- Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> '''Supplemental Information:'''<br> ...3 KB (456 words) - 17:15, 15 February 2007
- ::'''2. Risk: Security and business continuity risks are introduced by technical designs incompati :::a. [[SOX.2.3.3:|'''SOX.2.3.3''']] Confidential information on backed up system and transaction data is properly protected. ...3 KB (471 words) - 12:32, 23 June 2006
- ...on Company premises, or who have been granted access to and use of Company Information Assets, are covered by this standard and must comply with associated guidel '''Information assets''' are defined in the [[Sample Asset Identification and Classificati ...11 KB (1,433 words) - 14:11, 1 May 2010
- ...ay provide invalid information, which could result in unreliable financial information and reports.<br> ...[[SOX.1.7:|'''SOX.1.7''']] The SDLC methodology includes requirements that information systems be designed to include application controls that support complete, ...5 KB (699 words) - 19:59, 25 June 2006
- Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> '''Supplemental Information:'''<br> ...3 KB (382 words) - 18:02, 3 May 2006
- ...tions that store, process and transmit Company information assets. Company information assets are defined in the [[Sample Asset Identification and Classification ...s, including hardware and software, must be managed in accordance with the information asset protection objectives established in the Asset Protection Standard th ...3 KB (389 words) - 17:40, 14 January 2014
- Technical standards guides provide a security overview, as well as list requirements with detailed descriptions and expla ...nternet Information Services (IIS) Asset Protection Standards:|'''Internet Information Services (IIS) Asset Protection Standards''']]<br> ...4 KB (512 words) - 12:05, 25 July 2006
- ...ves for establishing specific standards on the appropriate business use of information assets.<br> ...rform work on Company premises, or who have been granted access to Company information or systems, are covered by this standard and must comply with associated gu ...8 KB (1,184 words) - 14:12, 1 May 2010
- ...support of the business to initiate, record, process and report financial information. Deficiencies in this area could significantly impact an entity’s financial ...r IT operations, including job scheduling and monitoring and responding to security, availability and processing integrity events. ...4 KB (522 words) - 20:12, 25 June 2006
- Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> '''Supplemental Information:'''<br> ...3 KB (408 words) - 16:10, 25 June 2006
- ::'''2. Risk: Security and business requirements are not check listed adequately, enforced, and te Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...3 KB (403 words) - 12:37, 23 June 2006
- Technical standards guides provide a security overview, as well as list requirements with detailed descriptions and expla ...nternet Information Services (IIS) Asset Protection Standards:|'''Internet Information Services (IIS) Asset Protection Standards''']]<br> ...5 KB (597 words) - 15:27, 16 November 2006
- ...c standards on the assessment and ongoing monitoring of threats to Company information assets.<br> ...eat monitoring activities including automated detection, manual detection, information review and analysis, as well as metrics tracking and reporting.<br> ...12 KB (1,720 words) - 14:10, 1 May 2010
- ...ding networks, systems, and applications that store, process, and transmit information assets.<br> ...pecific instructions and requirements for life cycle management of Company information systems, including hardware and software.<br> ...16 KB (2,312 words) - 14:14, 1 May 2010
- ...migration between environments, version control, test data and tools, and security.<br> Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...3 KB (432 words) - 13:02, 23 June 2006
- ..., arbitration procedures, upgrade terms, and fitness for purpose including security, escrow and access rights.<br> Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...3 KB (428 words) - 14:05, 23 June 2006
- ::'''1. Risk: Security and business continuity risks are introduced by technical designs incompati Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...3 KB (442 words) - 13:59, 23 June 2006
- ...financial resources expended by persons to generate, maintain, or provide information to or for a Federal agency, including the resources expended for—<br> :'''(E)''' completing and reviewing the collection of information; and ...5 KB (795 words) - 00:35, 1 June 2010
- ...[[SOX.1.7:|'''SOX.1.7''']] The SDLC methodology includes requirements that information systems be designed to include application controls that support complete, ...al part of development in house. During the planning stages of development security, availability, and processing integrity must be considered. ...3 KB (341 words) - 16:17, 21 June 2006
- ...d sites supporting the Company, or who have been granted access to Company information or systems, are covered by this policy and must comply with associated stan ...through systems owned or administered by or on the behalf of the Company. Information Assets include all personal, private, or financial data about employees, cl ...9 KB (1,430 words) - 14:56, 28 August 2009
- ...y defined under Panamanian law. However, it is generally deemed to include information that can specifically identify an individual, such as one’s name, postal ad ...of data processing activities and shall include, inter alia, the following information: ...8 KB (1,135 words) - 17:53, 29 August 2014
- ==Information Security Audit== ...rom auditing the physical security of data centers to the auditing logical security of databases and highlights key components to look for and different method ...21 KB (3,112 words) - 16:52, 15 June 2007
- ...c standards on the assessment and ongoing monitoring of threats to Company information assets.<br> ...on Company premises, or who have been granted access to and use of Company Information Assets, are covered by this standard and must comply with associated guidel ...8 KB (1,149 words) - 14:09, 1 May 2010
- ...f the individual or entity to which it is addressed. This message contains information from Lazarus Alliance, LLC. that may be privileged, confidential, or exempt ...Company provided Electronic Mail Resources in the transmission of Company information is prohibited. Accessing third party personal Electronic Mail Resources is ...7 KB (974 words) - 19:34, 16 January 2014
- ...nsider retrieval requirements, cost-effectiveness, continued integrity and security requirements. Establish storage and retention arrangements to satisfy legal ...rization controls over the initiation of transactions, resulting financial information may not be reliable. ...5 KB (721 words) - 11:49, 28 March 2008
- ...d intrusions. The Company will satisfy these requirements through a formal Security Incident Response Team (SIRT). ...he intrusion event and the criticality of the potentially impacted Company information assets. ...5 KB (737 words) - 15:24, 21 January 2014
- ==FFIEC Information Technology Examination Handbook Executive Summary== ...ve effort of the FFIEC’s five member agencies, has replaced the 1996 FFIEC Information Systems Examination Handbook (1996 Handbook). ...15 KB (2,060 words) - 17:47, 15 June 2007
- ...uested by user management, approved by system owner and implemented by the security-responsible person. User identities and access rights are maintained in a c ::'''3. Risk: System security may be undermined by inappropriate external system connections.''' ...6 KB (870 words) - 18:08, 21 June 2006
- ...e documents to machine information. These people may inaccurately type the information they are processing. However, most computer users have procedures for quali * Security of the computer system: The fact that a person is charged with computer cri ...4 KB (684 words) - 20:10, 22 February 2009
- ...nization’s ability to identify, acquire, install, and maintain appropriate information technology systems.” The process includes the internal development of soft ...o deliver products or services, maintain a competitive position, or manage information.<br> ...12 KB (1,538 words) - 22:41, 25 April 2007
- ...Identifiable Information (PII)''', as used in [[information security]], is information that can be used to uniquely identify, contact, or locate a single person o Although the concept of PII is ancient, it has become much more important as information technology and the Internet have made it easier to collect PII, leading to ...12 KB (1,899 words) - 12:24, 12 November 2011
- '''EVALUATION OF CONTROLS IN INFORMATION SYSTEMS (IS) QUESTIONNAIRE'''<br> ...estion. This can generally be achieved if the company involves an internal information systems auditor in the question answering process. Specific “Guidance Point ...8 KB (1,155 words) - 20:14, 25 June 2006
- ## Security changes, significant activity, and high-risk functions must be recorded. ### Change security policy or configuration settings ...3 KB (444 words) - 20:12, 15 January 2014
- ...uating financial institution risk management processes to ensure effective information technology (IT) management.<br> ...mercial credit and asset management, or enterprise-wide activities such as security and business continuity planning. This dual role and the increasing use of ...5 KB (645 words) - 18:03, 27 April 2007
- ...for protecting the confidentiality, integrity, and availability of Company information assets.<br> ...ructions and requirements for proper controls to physically access Company information assets.<br> ...12 KB (1,711 words) - 14:16, 1 May 2010
- ==Information Technology Management Reform Act of 1996== ...nt Reform Act of 1996 - Title LI (sic): Responsibility for Acquisitions of Information Technology.'''<br> ...10 KB (1,502 words) - 19:27, 4 April 2010
- ...confidentiality, integrity, and availability of '''<Your Company Name>''' information assets.<br> ...ntication, and authorization controls necessary to remotely access Company information assets.<br> ...14 KB (1,956 words) - 14:16, 1 May 2010
- ...Governance, is a subset discipline of [[Corporate Governance]] focused on information technology (IT) systems and their performance management and [[risk managem ...and accountability framework to encourage desirable behavior in the use of information technology."''<br> ...12 KB (1,686 words) - 11:47, 30 May 2015
- * CLETS and CJIS journal information ...a result of BID tags indicating that there were errors or deficiencies in information "on line" ...5 KB (816 words) - 15:41, 22 February 2009
- ...who view computing from different perspectives (for instance, the head of security and the EDP auditor) may respond to the same question very differently owin ...heir testimony can avoid any appearance of attempting to limit the flow of information during the trial.[[FN88]] ...2 KB (398 words) - 19:37, 22 February 2009
- ...ves for establishing specific standards on the appropriate business use of information assets.<br> ...rform work on Company premises, or who have been granted access to Company information or systems, are covered by this standard and must comply with associated gu ...10 KB (1,473 words) - 14:13, 1 May 2010
- ...force the security controls we need to comply with the companies corporate security policy.<br> * Authorization and user security administration ...18 KB (2,920 words) - 17:59, 18 May 2007
- ...g its 50 states. (California alone has more than 25 state privacy and data security laws). These laws address particular problems or industries. They are too d ...sed this authority to pursue companies that fail to implement minimal data security measures or fail to live up to promises in privacy policies. ...14 KB (2,027 words) - 15:57, 29 August 2014
- ...ed into development and production processes and procedures to ensure that information assets are consistently available to conduct business and support business ## System and network failures should be reported immediately to the Information Technology Director or designated IT operations manager. ...5 KB (646 words) - 21:03, 15 January 2014
- ...ay provide invalid information, which could result in unreliable financial information and reports.<br> Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...10 KB (1,393 words) - 14:28, 23 June 2006
- Insert remediation plan, applicability, or any information that indicates what needs to be done. '''Supplemental Information:''' ...4 KB (537 words) - 13:57, 23 June 2006
- ...d''']], and provides specific instructions and requirements for protecting information assets from viruses and malicious code. ...tware upgrades shall be expedited, as necessary, to effectively respond to security advisories or findings from assessment and monitoring activities. ...5 KB (765 words) - 20:00, 15 January 2014
- ...particularly authentication credentials and the transmission of sensitive information. It can be used throughout a technological environment, including the oper ...For instance, encrypted data drastically lessens the effectiveness of any security mechanism that relies on inspections of the data, such as anti-virus scanni ...13 KB (2,019 words) - 11:46, 28 March 2008
- ...ding networks, systems, and applications that store, process, and transmit information assets.<br> ...erform work on Company premises or who have been granted access to Company information or systems, are covered by this standard and must comply with associated gu ...12 KB (1,684 words) - 14:14, 1 May 2010
- == Requirement 4: Encrypt transmission of cardholder data and sensitive information across public networks. == ...s Layer (SSL), Point-to-Point Tunneling Protocol (PPTP), Internet Protocol Security (IPSEC) to safeguard sensitive cardholder data during transmission over pub ...2 KB (346 words) - 12:22, 31 January 2014
- ...ed devices and plans are determined by the Senior Vice President and Chief Information Officer. ...ated Company policies are first accepted and subsequent Company supporting security, privacy and risk technology and processes are fully implemented. ...10 KB (1,433 words) - 18:15, 14 January 2014
- ...erform work on Company premises or who have been granted access to Company information or systems, are covered by this policy and must comply with associated stan '''Information Assets''' are defined in the Asset Identification and Classification Standa ...14 KB (2,165 words) - 16:53, 22 September 2009
- ...l institutions – such as credit reporting agencies – that receive customer information from other financial institutions. ...e a policy in place to protect the information from foreseeable threats in security and data integrity ...15 KB (2,184 words) - 17:02, 15 June 2007
- ...e hidden data, firm-wide understanding about metadata management as a real security concern still lags. At best, unintentional disclosure of confidential information can be awkward; at worst, it can raise the specter of malpractice. Potentia ...4 KB (587 words) - 22:52, 15 March 2010
- ...systems and networks, including all hardware and software components. Such information typically includes the versions and updates that have been applied to insta ...we have established mature identification and management procedures). The information provided should support all levels of the organization e.g. engineers, deve ...7 KB (942 words) - 15:09, 23 March 2007
- ...bjective of this category is to ensure the correct and secure operation of information processing facilities.<br> ...security for such documentation, including distribution control (see also "security of system documentation" control)<br> ...19 KB (2,609 words) - 13:51, 23 May 2007
- ...ored on, "protected computers". The statute, as amended by the [[National Information Infrastructure Protection Act]] of 1996, defines "protected computers" (for The law prohibits unauthorized obtaining of "information from any protected computer if the conduct involved an interstate or foreig ...5 KB (773 words) - 11:40, 27 August 2011
- ...[National Institute of Standards and Technology]] (NIST) as U.S. [[Federal Information Processing Standard|FIPS]] PUB 197 (FIPS 197) on November 26 2001 after a 5 ==Security== ...18 KB (2,766 words) - 11:41, 28 March 2008
- ...res that all user organizations and their auditors have access to the same information and in many cases this will satisfy the user auditor's requirements.<br> ...professionals who have experience in accounting, auditing, and information security. A SSAE 16 engagement allows a service organization to have its control pol ...10 KB (1,457 words) - 21:20, 21 August 2012
- ...l of security controls based on their assessment of the sensitivity of the information to the customer and to the institution and on the institution’s established ...ginating and approving loans electronically, including assuring management information systems effectively track the performance of portfolios originated through ...11 KB (1,523 words) - 10:04, 28 April 2007
- ...aim for misappropriation of trade secrets, a party must show that: (1) the information incorporates a trade secret; (2) the party took reasonable steps to preserv ...rade secret may consist of any formula, pattern, device, or compilation of information which is used in business and which gives [the business] an opportunity to ...7 KB (1,065 words) - 16:48, 13 April 2011
- ...a comprehensive regime for the collection, use and disclosure of personal information. * Personal Information Protection and Electronic Documents Act ('PIPEDA') ...18 KB (2,700 words) - 16:17, 29 August 2014
- ...a law enforcement problem, but poses a serious national and international security threat as well. ::* Required government-institution information sharing and voluntary information among financial institutions; ...13 KB (1,838 words) - 14:57, 20 April 2007
- ...oint of view, "digital signature" means the result of applying to specific information certain specific technical processes described below. The historical legal ...These Guidelines use "digital signature" only as it is used in information security terminology, as meaning the result of applying the technical processes desc ...22 KB (3,420 words) - 15:18, 3 April 2007
- ...privacy and security requirements and payment card industry ([[PCI:|PCI]]) security standards put a further onus on companies to stay abreast of ever-changing ...acy around the world, visit [[Data_Privacy_Laws_and_Regulations]] for more information. ...19 KB (2,886 words) - 16:53, 29 August 2014
- ...mation can be evaluated at any given point of time, it also means that the information is able to be verified constantly for errors, fraud, and inefficiencies. It ...aluation depends largely on the frequency of updates within the accounting information systems. Analysis of the data may be performed continuously, hourly, daily, ...15 KB (2,212 words) - 17:29, 19 February 2015
- ’Personal Data’ means any information concerning an identified or identifiable individual. Unless otherwise noted ...such as racial or ethnic origin, present or future health status, genetic information, religious, philosophical or moral beliefs, union affiliation, political vi ...18 KB (2,869 words) - 17:46, 29 August 2014
- ...standards” in processing “personal data.” Personal data is defined as “any information relating to an identified or identifiable natural person.” ...personal data, the intended purposes for processing the data and any other information that guarantees “fair processing” of the data; ...19 KB (2,863 words) - 16:43, 21 September 2011
- As a career security practitioner and Chief Security Officer to several companies over the years, my significant responsibility ...focused on helping you understanding the core elements of a successful IT security risk management program for a commercial enterprise, the processes of calcu ...23 KB (3,630 words) - 10:19, 27 October 2012
- ...h only peripherally addressed BCP to improve an organization's information security procedures. BS 25999's applicability extends to all organizations. In 2007, ...for each critical function. Recovery requirements consist of the following information: ...15 KB (2,046 words) - 11:39, 27 October 2012
- '''Can you mitigate database security risks?'''<br> ...ng data for order fulfillment, employee identification data such as social security numbers, and storing customer data such as shipping addresses and credit ca ...28 KB (4,261 words) - 11:45, 28 March 2008
- ...service contracts address the risks, security controls and procedures for information systems and networks in the contract between the parties. . :::f. [[SOX.2.0.16:| '''SOX.2.0.16''']] A regular review of security, availability and processing integrity is performed by third-party service ...39 KB (5,914 words) - 17:55, 13 April 2007
- ...tronic communication service (“ECS”) provider may the contents of or other information about a customer’s emails and other electronic communications to private pa ...n the hands of third party service providers. There are four categories of information, each with differing access requirements: ...11 KB (1,707 words) - 20:01, 13 April 2011
- ...clude source code reviews and other more advanced techniques to circumvent security measures.<br> ...WASP) web site is also a good resource to learn more about web application security.<br> ...14 KB (2,387 words) - 13:41, 4 April 2007
- Oracle's security by default is not extremely good. For example, Oracle will allow users to c ...e disabled, changed, or otherwise properly configured to prevent access to information classified as Proprietary or Confidential.<br> ...22 KB (3,612 words) - 16:20, 15 November 2007
- ...it function. Tier II questions correspond to the Uniform Rating System for Information Technology (URSIT) rating areas and can be used to determine where the exam ::* Regulatory, audit, and security reports from key service providers ...32 KB (4,518 words) - 17:53, 11 April 2007
- [[PO2:| '''2 Define the Information Architecture''']]<br> [[PO2.1:| 2.1 Enterprise Information Architecture Model]]<br> ...4 KB (517 words) - 19:07, 14 June 2007
- #[[Amazon Web Services Security White Paper | Amazon Web Services Security White Paper]] #[[Applied Discovery Data Security & Privacy | Applied Discovery Data Security & Privacy]] ...16 KB (2,124 words) - 11:06, 16 March 2010
- ...PATRIOT Act, the Homeland Security Act and other laws focused on national security, Congress has been active in changing the legal landscape for access to rea ...ically stored communications. The Act does not prohibit disclosure of user information to non-government entities. See [[Privacy: Stored Communications Act | main ...22 KB (3,315 words) - 00:16, 16 September 2011
- ...g theft of information from computers by eliminating the requirement that information must have been stolen through an interstate or foreign communication; ...gly accessing a computer without authorization in order to obtain national security data ...14 KB (2,101 words) - 11:35, 27 August 2011
- ...tion’s operations, including risks in new products, emerging technologies, information systems, and electronic banking.<br> * Inappropriate user access to information systems ...28 KB (4,089 words) - 14:37, 16 April 2007
- ...tion 11 of the Atomic Energy Act of 1954, with reason to believe that such information so obtained could be used to the injury of the United States, or to the adv ::'''(A)''' information contained in a financial record of a financial institution, or of a card is ...15 KB (2,463 words) - 11:31, 1 May 2010
- ...use. The rapid growth of credit card use on the Internet has made database security lapses particularly costly; in some cases, millions of accounts have been c ...make unauthorized purchases on a card until it is canceled. Without other security measures, a thief could potentially purchase thousands of dollars in mercha ...25 KB (3,921 words) - 12:53, 12 November 2011
- ...s used in many applications encountered in everyday life; examples include security of automated teller machine cards, computer passwords, and electronic comme ...ccessive blocks is required. Several have been developed, some with better security in one aspect or another than others. They are the mode of operations and m ...26 KB (3,873 words) - 11:44, 28 March 2008
- ...PATRIOT Act, the Homeland Security Act and other laws focused on national security, Congress has been active in changing the legal landscape for access to rea ...lyzed in Smith and explaining how modern pen/trap devices collect far more information). ...23 KB (3,434 words) - 17:34, 13 April 2011
- ===Fair Information Practices Act=== # Notice to consumers about what personal information is collected and how it is used; ...31 KB (4,666 words) - 13:19, 26 April 2011
- # Security—collected data should be kept secure from any potential abuses; Personal data are defined as "any information relating to an identified or identifiable natural person ("data subject"); ...15 KB (2,297 words) - 16:59, 21 September 2011
- The Administration Simplification provisions also address the security and privacy of health data. The standards are meant to improve the efficien ...security-rule/ Health Insurance Portability and Accountability Act (HIPAA) Security Rule]. The audit framework is available for purchase to implement it in you ...32 KB (4,732 words) - 19:36, 29 November 2013
- * [[Taking of information]] * [[Initial conference with defendant; information checklist]] ...9 KB (1,069 words) - 20:29, 22 February 2009
- ;Section 8 provides that the information be available to all parties. ...c record is not capable of retention by the recipient if the sender or its information processing system inhibits the ability of the recipient to print or store t ...9 KB (1,499 words) - 11:31, 30 October 2011
- Users' Security Handbook This memo provides information for the Internet community. It does ...75 KB (10,622 words) - 14:38, 3 April 2007
- ...ractice]] approaches intended to facilitate the delivery of high quality [[information technology]] (IT) services. ITIL outlines an extensive set of management [[ ...op ITIL. IBM claims that its "Yellow Books" (''A Management System for the Information Business'') were key precursors. According to IBM: ...37 KB (5,348 words) - 10:12, 8 September 2011
- ...onstruction, etc. In some cases, EDI will be used to create a new business information flow (that was not a paper flow before). This is the case in the Advanced S ...ion date while a clothing manufacturer would choose to send color and size information. ...18 KB (2,828 words) - 11:22, 27 August 2011
- ...und in Part 1 although Part 1 should only be used for general guidance and information. Only what is in Part 2 can be assessed. * [[Information Assurance]] ...7 KB (1,040 words) - 10:48, 27 October 2012
- * [http://safetynet-info.com SafetyNET] Security Appliance and suite of products. =='''Internet Information Resources'''== ...8 KB (1,058 words) - 12:30, 5 August 2011
- ...iate personal information without then committing identity theft using the information about every person, such as when a major data breach occurs. A US Governmen ...ocuments necessary for homeland security. If the hacker were to gain this information, it would mean identity theft or even a possible terrorist attack. (Giles, ...37 KB (5,577 words) - 14:50, 12 November 2011
- ...hem. Query each of your third-party commercial software suppliers for this information as well; then, examine each product to ensure you are using it in complianc ...trol and governance that influence a wide variety of factors, ranging from security to IP risk mitigation. In other words, well-run projects (whether nonprofit ...11 KB (1,601 words) - 12:58, 10 April 2007
- ...hether the risk management method is in the context of project management, security, risk analysis, industrial processes, financial portfolios, actuarial asses * be based on the best available information. ...27 KB (4,185 words) - 23:45, 10 March 2010
- ...''Cyberlaw''' describes the legal issues related to use of inter-networked information technology. It is less a distinct field of law in the way that property or ..., namely, does the government have a legitimate role in limiting access to information? And if so, what forms of regulation are acceptable? The recent blocking o ...20 KB (2,921 words) - 16:47, 29 August 2014
- ...viduals and network access issues. A subsequent section addresses physical security controls. ...he minimum required for work to be performed. The financial institution’s security policy should address access rights to system resources and how those right ...78 KB (11,440 words) - 02:00, 10 April 2007
- ...to IT security risk management and may be found here: Risky Business: [[IT Security Risk Management Demystified]] ...] risk assessments should cover all IT risk management functions including security, outsourcing, and business continuity. Senior management should ensure IT-r ...43 KB (6,368 words) - 11:22, 4 July 2015
- ...ly for the purpose of good faith testing for, investigating, or correcting security flaws or vulnerabilities, if: ...rmation derived from the security testing is used primarily to promote the security of the owner or operator of a computer, computer system, or computer networ ...26 KB (3,969 words) - 11:00, 30 October 2011
- ...essage boards on plaintiff’s Web site where the plaintiff had been posting information critical of the airline. Defendant airline used the names of two pilots, wi ...eption, finding that the users had not consented to collection of personal information because the Web sites gave no indication that use of the site meant such co ...21 KB (3,283 words) - 13:26, 26 April 2011
- ==Information Technology Auditor's Glossary== A service that gathers information from many websites, presents that information to the customer in a consolidated format, and, in some cases, may allow the ...74 KB (11,078 words) - 13:08, 9 April 2007
- ...tion 11 of the Atomic Energy Act of 1954, with reason to believe that such information so obtained could be used to the injury of the United States, or to the adv (A) information contained in a financial record of a financial institution, or of a card is ...85 KB (12,600 words) - 16:49, 1 March 2009
- ...alid opt-out request, a recipient cannot be required to pay a fee, provide information other than his or her email address and opt-out preferences, or take any ot ...misleading header information. Your “From,” “To,” “Reply-To,” and routing information – including the originating domain name and email address – must be accurat ...26 KB (4,026 words) - 12:15, 5 May 2011
- ...cking devices (as defined by 18 U.S.C. 3117), or electronic funds transfer information. 18 U.S.C. § 2510(12). ...ined in 18 U.S.C. § 2510(15), to furnish the investigative agency with all information, facilities, and technical assistance necessary to facilitate the ordered i ...29 KB (4,458 words) - 12:24, 16 October 2014
- ...milton, 413 F.3d 1138, 1142-43 (10th Cir. 2005) (computer-generated header information was not hearsay as "there was neither a 'statement' nor a 'declarant' invol ...he first two categories, such as: email containing both content and header information; a file containing both written text and file creation, last written, and l ...43 KB (6,432 words) - 13:22, 5 August 2011
- ...helps establish the user's consent to the retrieval and disclosure of such information and/or records pursuant to 18 U.S.C. §§ 2702(b)(3) and 2702(c)(2). ...ire a broadly worded banner that permits access to all types of electronic information. ...83 KB (12,981 words) - 12:42, 5 August 2011
- ...er without authorization or exceeds authorized access, and thereby obtains information from any protected computer if the conduct involved an interstate or foreig ...nt computer, accessing to defraud and obtain value, damaging a computer or information, trafficking in passwords, and threatening to damage a computer. Attempts t ...53 KB (7,910 words) - 21:25, 13 April 2011
- ...enable it to perform a specific task, such as the storage and retrieval of information. The program is produced by one or more human authors, but in its final “mo ...ogy in particular makes it easy to transmit and make perfect copies of any information existing in digital form, including copyright-protected works. The second f ...46 KB (7,265 words) - 12:09, 2 May 2010
- ...or the occupant’s permission or knowledge; the expanded use of [[National Security Letters]], which allows the [[Federal Bureau of Investigation]] (FBI) to se .../cgi-bin/bdquery/z?d108:H.R.3171: H.R. 3171], [[THOMAS]]</ref> and the ''[[Security and Freedom Ensured Act]]'' (SAFE),<ref name="SAFE-THOMAS"> ...142 KB (21,198 words) - 10:23, 23 August 2011
- ...t changes may be obtained by lawful means, an opportunity essential to the security of the Republic, is a fundamental principle of our constitutional system." ...d antiabortion statements along with a list of names, addresses, and other information identifying individuals thought to perform or be sympathetic to abortion, c ...32 KB (4,920 words) - 19:22, 10 April 2011
- ...y can help shareholders exercise their rights by effectively communicating information that is understandable and accessible and encouraging shareholders to parti ...ly and balanced to ensure that all investors have access to clear, factual information. ...45 KB (6,604 words) - 15:20, 15 April 2010
- ...ajor banking crisis caused mostly by credit default swaps, mortgage-backed security markets and similar derivatives. As [[Basel III]] was negotiated, this was Market discipline supplements regulation as sharing of information facilitates assessment of the bank by others including investors, analysts, ...19 KB (2,934 words) - 21:46, 2 September 2012
- ...y and legitimacy online, and the simplicity with which [[cracker (computer security)|cracker]]s can divert browsers to dishonest sites and steal credit card de * [[Phishing]], attempt to fraudulently acquire sensitive information ...15 KB (2,222 words) - 15:20, 12 November 2011
- ...ontrols” and “have designed such internal controls to ensure that material information relating to the company and its subsidiary subsidiaries is made known to su ...ood of any person, for providing to a law enforcement officer any truthful information relating to the commission or possible commission of any federal offense, ...38 KB (5,614 words) - 14:31, 15 April 2010
- ...ns involving computers and also discusses how to obtain cell-site location information for cellular phones. B. Content vs. Addressing Information ...97 KB (14,928 words) - 13:21, 5 August 2011
- ...h Amendment generally prohibits law enforcement from accessing and viewing information stored in a computer if it would be prohibited from opening a closed contai ...all within an exception to the warrant requirement, before it accesses the information stored inside. ...154 KB (23,956 words) - 13:16, 5 August 2011
- ...nd flash drives, and the times the computer was in use. Collectively, this information can reveal to an investigator not just what a computer happens to contain a ...provide (if known) the user's name, street address, and other identifying information. In some cases, investigators confirm that the person named by the ISP actu ...138 KB (21,660 words) - 13:18, 5 August 2011