Search results
Jump to navigation
Jump to search
Page title matches
- ==Personnel Security== ...rs grant legitimate users system access necessary to perform their duties; security personnel enforce access rights in accordance with institution standards. B ...10 KB (1,327 words) - 12:54, 10 April 2007
- ==Security Management== ...ITIL Security Management is based on the code of practice for information security management also known as ISO/IEC 17799. ...32 KB (4,804 words) - 14:10, 27 February 2009
- =='''Logical Security'''== ...n a computer network or a computer workstation. It is a subset of computer security.<br> ...7 KB (1,093 words) - 19:00, 5 March 2007
- ==Data Security== The primary objective of information security is to protect the confidentiality, integrity, and availability of the insti ...9 KB (1,246 words) - 18:20, 10 April 2007
- ==Information Security Policy== ...is category is to provide management direction and support for information security in accordance with business requirements and all relevant laws, regulations ...8 KB (1,063 words) - 13:25, 23 May 2007
- ...tackers are unlikely to find them. The technique stands in contrast with [[security by design]], although many real-world projects include elements of both str ...aphy was disturbing to the US government, which seems to have been using a security through obscurity analysis to support its opposition to such work. ...11 KB (1,798 words) - 14:44, 14 June 2007
- ...years of testing and debugging, and while they may provide a great deal of security, they typically have no way to guarantee that a new bug or exploit won't be ...ty through obscurity|rely on being secret]]. It is not mandatory, but good security usually means that everyone is allowed to know and understand the design, ' ...2 KB (343 words) - 18:39, 14 June 2007
- ==Organizational Security== ...ogram Charter and supporting policies that are required to comply with ISO Security Policy objectives.<br> ...2 KB (202 words) - 12:40, 15 June 2007
- ...report lock down''', a '''credit lock down''', a '''credit lock''' or a '''security freeze''', allows an individual to control how a U.S. consumer reporting ag * [http://www.consumersunion.org/campaigns/learn_more/003484indiv.html State Security Freeze Laws], ConsumerUnion.org ...4 KB (663 words) - 12:59, 12 November 2011
- ==Security Audit Guidance== For security audit guidance, please refer to [[Audit_Guidance_Examination_Procedures | A ...5 KB (665 words) - 14:40, 11 April 2007
- ==Physical and Environmental Security== '''Physical security''' describes measures that prevent or deter attackers from accessing a faci ...4 KB (592 words) - 19:28, 14 June 2007
- ==Information Security Audit== ...rom auditing the physical security of data centers to the auditing logical security of databases and highlights key components to look for and different method ...21 KB (3,112 words) - 16:52, 15 June 2007
- ==Security Controls Implementation== [[Personnel Security:]]<br> ...431 bytes (45 words) - 13:31, 10 April 2007
- The objective of this category is to manage information security within the organization's overall administrative structure.<br> ===Management commitment to information security=== ...8 KB (996 words) - 12:49, 22 May 2007
- ...e defined and documented in accordance with the organization's information security policy.<br> * Act in accordance with the organization's information security policy, including execution of processes or activities particular to the in ...10 KB (1,387 words) - 14:04, 22 May 2007
- ...ses primarily out of [[ISO/IEC 17799]], a code of practice for information security management published by the [[International Organization for Standardizatio ...pts. ISM3 can be used as a template to make ISO 9001 compliant information security management systems. While ISO 27001 is controls based, ISM3 is process base ...2 KB (257 words) - 17:09, 22 March 2007
- ==Sources of standards for Information Security== ...n Security Management System]]s" are of particular interest to information security professionals.<br> ...2 KB (287 words) - 14:29, 8 March 2007
- ==Sample Security Awareness Standard== ...ation of the [[Sample Information Security Program Charter:|'''Information Security Program Charter''']]. and associated policies, standards, guidelines, and p ...3 KB (418 words) - 19:53, 14 January 2014
- 2 KB (382 words) - 20:24, 27 February 2008
- ...security practices for such systems. It requires the creation of computer security plans, and the appropriate training of system users or owners where the sys It has been superseded by the [[FISMA | Federal Information Security Management Act of 2002]] ...1 KB (168 words) - 11:37, 23 May 2010
- As a career security practitioner and Chief Security Officer to several companies over the years, my significant responsibility ...focused on helping you understanding the core elements of a successful IT security risk management program for a commercial enterprise, the processes of calcu ...23 KB (3,630 words) - 10:19, 27 October 2012
- =='''Best Practices Security Incident Response Program Presentation'''== ::Information Security Staff ...2 KB (315 words) - 18:46, 25 September 2006
- ==Sample Information Security Program Charter== ...tandards provide more measurable guidance in each policy area. Information Security procedures describe how to implement the standards. ...2 KB (316 words) - 15:19, 13 January 2014
- =='''Sample Security Awareness Accessibility Standard'''== ...f the [[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']] and associated policies and standards.<br> ...5 KB (728 words) - 14:07, 1 May 2010
- =='''Sample Third Party Security Awareness Standard'''== ...f the [[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']] and associated policies and standards.<br> ...10 KB (1,206 words) - 14:05, 1 May 2010
- ==Sample Employee Ongoing Security Awareness Standard== ...and provides specific instructions and requirements for providing ongoing security awareness education and training for Company employees. ...2 KB (275 words) - 17:10, 23 January 2014
- =='''Sample Management Security Awareness Standard'''== ...specific standards for the education and communication of the Information Security Program Charter and associated policies and standards.<br> ...5 KB (662 words) - 17:54, 25 July 2006
- ...controls)that are needed to create, implement, and maintain an Information Security Program that complies with ISO 17799.<br> :*'''[[Security Policy:|'''Security Policy''']]<br> ...8 KB (1,023 words) - 17:25, 24 October 2006
- 4 KB (507 words) - 14:58, 21 January 2014
- Users' Security Handbook The Users' Security Handbook is the companion to the Site Security ...75 KB (10,622 words) - 14:38, 3 April 2007
- '''Security Best Practices and Addressing Regulatory Mandates Awareness Testing Templat '''True or False: Security can be communicated, taught, or measured effectively without policy.'''<br> ...2 KB (318 words) - 16:08, 3 August 2006
- ==Sample Information Systems and Technology Security Policy== This Information Systems and Technology Security Policy define Company objectives for establishing specific standards on the ...4 KB (465 words) - 15:46, 13 January 2014
- '''Sustainable Risk Reduction Through Information Security Process Awareness Test Template.'''<br> ...> to gauge and promote end-user awareness of managing risk with the use of security processes.<br> ...2 KB (305 words) - 17:31, 3 August 2006
- '''Security Best Practices and Addressing Regulatory Mandates Awareness Testing Templat '''True or False: Security can be communicated, taught, or measured effectively without policy.'''<br> ...2 KB (322 words) - 16:10, 3 August 2006
- '''Sustainable Risk Reduction Through Information Security Process Awareness Test Template.'''<br> ...> to gauge and promote end-user awareness of managing risk with the use of security processes.<br> ...2 KB (309 words) - 17:34, 3 August 2006
- ==Use of computer security consultants, EDP auditors, and computer professionals== ...ssional organization for security professionals is the Information Systems Security Association.[[FN36]] ...2 KB (298 words) - 15:17, 22 February 2009
Page text matches
- ==Security Controls Implementation== [[Personnel Security:]]<br> ...431 bytes (45 words) - 13:31, 10 April 2007
- ==Organizational Security== ...ogram Charter and supporting policies that are required to comply with ISO Security Policy objectives.<br> ...2 KB (202 words) - 12:40, 15 June 2007
- :Pointers to informative books on information security.<br> :Frequently asked questions and answers about security-related topics.<br> ...1,015 bytes (132 words) - 14:09, 8 March 2007
- ==Sample Employee Ongoing Security Awareness Standard== ...and provides specific instructions and requirements for providing ongoing security awareness education and training for Company employees. ...2 KB (275 words) - 17:10, 23 January 2014
- ==Federal information security incident center== ...— The Director shall ensure the operation of a central Federal information security incident center to—<br> ...1 KB (196 words) - 19:07, 3 June 2010
- =='''Information Security Research Resources'''== ...-leading published articles, research reports, and presentations from many security professionals. Topics include public key infrastructure (PKI), incident res ...978 bytes (124 words) - 00:00, 26 March 2007
- ==Sources of standards for Information Security== ...n Security Management System]]s" are of particular interest to information security professionals.<br> ...2 KB (287 words) - 14:29, 8 March 2007
- ...ver authorization, authentication, nonrepudiation, data classification and security monitoring may result in inaccurate financial reporting.''' ...security standards has been developed that supports the objectives of the security policy. ...3 KB (360 words) - 16:59, 25 June 2006
- ...ses primarily out of [[ISO/IEC 17799]], a code of practice for information security management published by the [[International Organization for Standardizatio ...pts. ISM3 can be used as a template to make ISO 9001 compliant information security management systems. While ISO 27001 is controls based, ISM3 is process base ...2 KB (257 words) - 17:09, 22 March 2007
- ==National security systems== The head of each agency operating or exercising control of a national security system shall be responsible for ensuring that the agency—<br> ...709 bytes (103 words) - 10:41, 2 June 2010
- ==National security systems== The head of each agency operating or exercising control of a national security system shall be responsible for ensuring that the agency—<br> ...709 bytes (103 words) - 21:02, 3 June 2010
- *[[Computer security]] *[[Computer network security]] ...1 KB (168 words) - 18:26, 14 June 2007
- :'''Assign to an individual or team the following information security management responsibilities:'''<br> ...security policies and procedures to verify that the following information security responsibilities are specifically and formally assigned: ...2 KB (303 words) - 16:00, 2 March 2007
- ...sting templates containing questions that can be used to gauge and promote security awareness in specific areas. The testing can be distributed and responses c ...ity Best Practices and Addressing Regulatory Mandates Testing Template:|'''Security Best Practices and Addressing Regulatory Mandates test Template''']]<br> ...2 KB (289 words) - 16:08, 3 August 2006
- :'''Assign to an individual or team the following information security management responsibilities:'''<br> ...security policies and procedures to verify that the following information security responsibilities are specifically and formally assigned: ...2 KB (293 words) - 15:59, 2 March 2007
- :'''Assign to an individual or team the following information security management responsibilities:'''<br> ...security policies and procedures to verify that the following information security responsibilities are specifically and formally assigned: ...2 KB (296 words) - 16:02, 2 March 2007
- ...ver authorization, authentication, nonrepudiation, data classification and security monitoring may result in inaccurate financial reporting.''' ...curity plan is updated to reflect changes in the IT environment as well as security requirements of specific systems. ...2 KB (317 words) - 17:15, 25 June 2006
- ...ate and distinct security service of confidentiality is not central to the security services of signer authentication and document authentication, and is thus ...480 bytes (67 words) - 15:47, 3 April 2007
- ...de a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support Federal operations and ass ...dination of information security efforts throughout the civilian, national security, and law enforcement communities;<br> ...1 KB (192 words) - 10:33, 1 June 2010
- ...de a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support Federal operations and ass ...dination of information security efforts throughout the civilian, national security, and law enforcement communities;<br> ...1 KB (192 words) - 10:36, 1 June 2010
- ==Use of computer security consultants, EDP auditors, and computer professionals== ...ssional organization for security professionals is the Information Systems Security Association.[[FN36]] ...2 KB (298 words) - 15:17, 22 February 2009
- '''10. Risk: Reactive security monitoring results in data compromise and financial loss or liability.'''<b :a. SOX.4.2.1.10: UNIX administration team is notified when security violations occur.<br> ...3 KB (421 words) - 20:20, 12 June 2006
- ...ded to create, implement, and maintain a risk management-based Information Security Program that complies with SOX Section 404.<br> ...andards) that are needed to create, implement, and maintain an Information Security Program that complies with SOX Section 404.<br> ...1 KB (204 words) - 13:03, 14 July 2006
- ==Sample Security Awareness Standard== ...ation of the [[Sample Information Security Program Charter:|'''Information Security Program Charter''']]. and associated policies, standards, guidelines, and p ...3 KB (418 words) - 19:53, 14 January 2014
- :'''Assign to an individual or team the following information security management responsibilities:'''<br> ...security policies and procedures to verify that the following information security responsibilities are specifically and formally assigned: ...2 KB (294 words) - 20:02, 2 March 2007
- ...tion in a Public World 48-56 (1995) (hereinafter "Kaufman, et al., Network Security"). ...230 bytes (29 words) - 12:38, 16 October 2014
- ==Sample Information Security Program Charter== ...tandards provide more measurable guidance in each policy area. Information Security procedures describe how to implement the standards. ...2 KB (316 words) - 15:19, 13 January 2014
- :'''Assign to an individual or team the following information security management responsibilities:'''<br> ...security policies and procedures to verify that the following information security responsibilities are specifically and formally assigned: ...2 KB (293 words) - 16:04, 2 March 2007
- ...licies and procedures and determine that they include procedures to review security logs at least daily, and that follow-up to exceptions is required. ...380 bytes (54 words) - 15:24, 21 February 2007
- ...security practices for such systems. It requires the creation of computer security plans, and the appropriate training of system users or owners where the sys It has been superseded by the [[FISMA | Federal Information Security Management Act of 2002]] ...1 KB (168 words) - 11:37, 23 May 2010
- ...ver authorization, authentication, nonrepudiation, data classification and security monitoring may result in inaccurate financial reporting.''' ...and logs security activity at the application and database, and identified security violations are reported to senior management. ...2 KB (321 words) - 18:06, 25 June 2006
- ...years of testing and debugging, and while they may provide a great deal of security, they typically have no way to guarantee that a new bug or exploit won't be ...ty through obscurity|rely on being secret]]. It is not mandatory, but good security usually means that everyone is allowed to know and understand the design, ' ...2 KB (343 words) - 18:39, 14 June 2007
- ...ver authorization, authentication, nonrepudiation, data classification and security monitoring may result in inaccurate financial reporting.''' :::a. [[SOX.2.0.17:|'''SOX.2.0.17''']] An information security policy exists and has been approved by an appropriate level of executive ma ...3 KB (351 words) - 16:49, 25 June 2006
- *[[Security engineering]] [[Category:Security]] ...1 KB (170 words) - 16:06, 14 June 2007
- '''DS 5.1 Management of IT Security'''<br> ...rity at the highest appropriate organizational level, so the management of security actions is in line with business requirements. ...3 KB (394 words) - 17:12, 22 March 2007
- =='''Sample Management Security Awareness Standard'''== ...specific standards for the education and communication of the Information Security Program Charter and associated policies and standards.<br> ...5 KB (662 words) - 17:54, 25 July 2006
- ...c attention to communicating IT security awareness and the message that IT security is everyone’s responsibility.<br> ...f, information asset owners, etc.) are not informed of or trained in their security responsibilities.'''<br> ...3 KB (442 words) - 18:58, 1 May 2006
- :'''Ensure the security policy and procedures clearly define information security responsibilities for all employees and contractors.'''<br> ...4:''' Verify that information security policies clearly define information security responsibilities for both employees and contractors. ...2 KB (265 words) - 15:58, 2 March 2007
- ...ific objectives required to create, implement, and maintain an Information Security Program that complies with HIPAA (Subpart C Sections 164.308, 164.310, 164. ...[[Sample_Information_Security_Program_Charter:|'''Sample HIPAA Information Security Program Charter''']]<br> ...5 KB (614 words) - 16:46, 25 July 2006
- ...ific objectives required to create, implement, and maintain an Information Security Program that complies with GLBA (Interagency Guidelines). Also, additional ...[[Sample Information Security Program Charter:|'''Sample GLBA Information Security Program Charter''']]<br> ...4 KB (535 words) - 16:51, 25 July 2006
- ==Sample Information Systems and Technology Security Policy== This Information Systems and Technology Security Policy define Company objectives for establishing specific standards on the ...4 KB (465 words) - 15:46, 13 January 2014
- ...rticular technologies and specific solutions. This section provides sample security policies that an organization can clone and tailor to its unique requiremen :[[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']]<br> ...3 KB (404 words) - 14:53, 25 July 2006
- '''DS 5.7 Protection of Security Technology '''<br> ...ow profile. However, do not make security of systems reliant on secrecy of security specifications. ...3 KB (377 words) - 18:52, 4 May 2006
- ...otification message produced by the system being tested to verify that the security administrators are being proactively notified of possible access violations ...be a monitoring background process that sends an electronic message to the security administrative group automatically when root access occurs. The email messa ...3 KB (422 words) - 00:09, 13 June 2006
- '''DS 12.2 Physical Security Measures '''<br> ...ilities for monitoring and procedures for reporting and resolving physical security incidents need to be established. ...4 KB (517 words) - 18:12, 21 June 2006
- =='''Information Security Presentation Samples'''== ...anization can use and tailor these presentation samples to support ongoing security awareness and training efforts.<br> ...5 KB (653 words) - 12:45, 25 April 2007
- '''Security Best Practices and Addressing Regulatory Mandates Awareness Testing Templat '''True or False: Security can be communicated, taught, or measured effectively without policy.'''<br> ...2 KB (318 words) - 16:08, 3 August 2006
- '''Security Best Practices and Addressing Regulatory Mandates Awareness Testing Templat '''True or False: Security can be communicated, taught, or measured effectively without policy.'''<br> ...2 KB (322 words) - 16:10, 3 August 2006
- ...ontrols) that are needed to create, implement, and maintain an Information Security Program that complies with HIPAA.<br> ...andards) that are needed to create, implement, and maintain an Information Security Program that complies with HIPAA Subpart C Sections 164.308, 164.310, 164.3 ...2 KB (260 words) - 13:17, 15 June 2007
- ==Physical and Environmental Security== '''Physical security''' describes measures that prevent or deter attackers from accessing a faci ...4 KB (592 words) - 19:28, 14 June 2007
- ...ation (HORSE) Project Wiki''' is evolving every day. There are information security practitioners adding content and providing guidance to the end user.<br> ...that one day this will be the most authoritative comprehensive information security wiki on the planet. ...2 KB (280 words) - 11:17, 30 November 2008
- ...ist of security patches installed on each system to the most recent vendor security patch list, to determine that current vendor patches are installed.<br> ...ch installation to determine they require installation of all relevant new security patches within 30 days.<br> ...2 KB (295 words) - 18:20, 28 February 2007
- ...Security roles are not defined leading to an ineffective implementation of security responsibilities within the organization.'''<br> :::a. SOX.2.7.3: Roles of the security organization and individuals within it are clearly defined and communicated ...3 KB (427 words) - 17:58, 1 May 2006
- ...4. Computer Communications Security 75-84 (1994); Kaufman, et al., Network Security, supra note 22, at 101-27; Nechvatal, Public Key Cryptography, in Comtempor ...363 bytes (43 words) - 12:40, 16 October 2014
- '''DS 5.6 Security Incident Definition'''<br> ...ent process. Characteristics include a description of what is considered a security incident and its impact level. A limited number of impact levels are define ...4 KB (548 words) - 14:21, 4 May 2006
- ...1:|'''SOX.2.7.1''']] End-user computing policies and procedures concerning security, availability and processing integrity exist and are followed.<br> ITIL Security Management, Security Management Measures.<br> ...3 KB (420 words) - 14:06, 8 August 2006
- ::'''1. Risk: Security incidents and incompliance with information security procedures may go overlooked and not addressed.''' ...d monitor security incidents and the extent of compliance with information security procedures. ...2 KB (303 words) - 17:36, 5 May 2006
- ::'''1. Risk: Information security and business requirements may be compromised. Inaccurate results are produc ...bility study through maintenance of the completed application. Verify that security, availability, and process integrity requirements are included.<br> ...3 KB (369 words) - 16:09, 21 June 2006
- ::'''1. Risk: Information security and business requirements may be compromised. Inaccurate results are produc ...bility study through maintenance of the completed application. Verify that security, availability, and process integrity requirements are included.<br> ...3 KB (368 words) - 11:58, 22 June 2006
- ...controls)that are needed to create, implement, and maintain an Information Security Program that complies with ISO 17799.<br> :*'''[[Security Policy:|'''Security Policy''']]<br> ...8 KB (1,023 words) - 17:25, 24 October 2006
- ...nsurance carriers. Coverage is increasingly available to cover risks from security breaches or denial of service attacks. Several insurance companies offer e '''When evaluating the need for insurance to cover information security threats, financial institutions should understand the following points:''' ...3 KB (469 words) - 13:30, 10 April 2007
- '''DS 11.6 Security Requirements for Data Management '''<br> Establish arrangements to identify and apply security requirements applicable to the receipt, processing, physical storage and ou ...5 KB (649 words) - 18:23, 5 May 2006
- ==Information Security Policy== ...is category is to provide management direction and support for information security in accordance with business requirements and all relevant laws, regulations ...8 KB (1,063 words) - 13:25, 23 May 2007
- '''PO 4.8 Responsibility for Risk, Security and Compliance'''<br> ...es may need to be assigned at a system-specific level to deal with related security issues. Obtain direction from senior management on the appetite for IT risk ...3 KB (370 words) - 18:04, 1 May 2006
- ::'''1. Risk: Security and business continuity risks are introduced by technical designs incompati ::'''2. Risk: IT security measures are not aligned with business requirements.''' ...3 KB (436 words) - 14:30, 4 May 2006
- '''Sustainable Risk Reduction Through Information Security Process Awareness Test Template.'''<br> ...> to gauge and promote end-user awareness of managing risk with the use of security processes.<br> ...2 KB (305 words) - 17:31, 3 August 2006
- '''Sustainable Risk Reduction Through Information Security Process Awareness Test Template.'''<br> ...> to gauge and promote end-user awareness of managing risk with the use of security processes.<br> ...2 KB (309 words) - 17:34, 3 August 2006
- =='''Best Practices Security Incident Response Program Presentation'''== ::Information Security Staff ...2 KB (315 words) - 18:46, 25 September 2006
- :'''Make all employees aware of the importance of cardholder information security:'''<br> :* Obtain security awareness program documentation and verify that it contains the following c ...2 KB (278 words) - 20:07, 2 March 2007
- ==Laws and regulations governing Information Security== ...have also been included when they have a significant impact on information security. ...4 KB (556 words) - 14:03, 8 March 2007
- ...r Crime Legislation pp IS80-300-101 to 118, Datapro reports on Information Security (Delran NJ 1985). ...730 bytes (96 words) - 11:09, 26 February 2009
- ITIL Security Management, Security Management Measures<br> ITIL 4.2 Implement Security Management, Security Management Measures<br> ...2 KB (270 words) - 14:54, 5 May 2006
- ::'''1. Risk: Security incidents and incompliance with information security procedures may go overlooked and not addressed. ''' ...d monitor security incidents and the extent of compliance with information security procedures. ...2 KB (340 words) - 17:40, 5 May 2006
- ...andards) that are needed to create, implement, and maintain an Information Security Program that complies with GLBA.<br> ...andards) that are needed to create, implement, and maintain an Information Security Program that complies with GLBA. Additional best practices policies and sta ...2 KB (263 words) - 12:52, 14 July 2006
- ===Security Level=== '''QSECURITY''' value is: 40, Default value is: 10, System security level. It is recommended that a level of no less than 30 be used.<br> ...3 KB (363 words) - 11:45, 29 August 2006
- ...on of managers, users, administrators, application designers, auditors and security staff, and specialist skills in areas such as insurance and risk management ...3 KB (470 words) - 13:39, 6 March 2007
- ==SUB-CHAPTER II—INFORMATION SECURITY== * [[44_USC_3536 | 3536. National security systems]] ...2 KB (207 words) - 11:58, 23 May 2010
- ...parties with access to cardholder data to adhere to payment card industry security requirements. At a minimum, the agreement should address:'''<br> ...e that receive data for fraud modeling purposes). Verify that the PCI Data Security Standard requirements relevant to the business relationship between the org ...3 KB (348 words) - 14:41, 2 March 2007
- :'''Establish, publish, maintain, and disseminate a security policy that:'''<br> :* Read the information security policy, and verify the policy is published and disseminated to all relevant ...2 KB (296 words) - 14:47, 2 March 2007
- ...cilities, technology, and user procedures) and ensure that the information security requirements are met by all components. The test data should be saved for a ISO 17799 12.1 Security requirements of information systems.<br> ...5 KB (730 words) - 19:05, 17 April 2007
- ::'''1. Risk: Security incidents and incompliance with information security procedures may go overlooked and not addressed.''' ...d monitor security incidents and the extent of compliance with information security procedures. ...3 KB (451 words) - 17:52, 5 May 2006
- ...eged access to systems. Many of these vulnerabilities are fixed via vendor security patches, and all systems should have current software patches to protect ag ...re that all system components and software have the latest vendor-supplied security patches.'''<br> ...4 KB (578 words) - 18:46, 28 February 2007
- '''(a)''' The Director shall oversee agency information security policies and practices, by—<br> :'''(1)''' promulgating information security standards under section 11331 of title 40;<br> ...3 KB (414 words) - 11:45, 4 June 2010
- :'''Establish, publish, maintain, and disseminate a security policy that:'''<br> :* Read the information security policy, and verify the policy is published and disseminated to all relevant ...2 KB (294 words) - 14:46, 2 March 2007
- :'''Establish a process to identify newly discovered security vulnerabilities (e.g., subscribe to alert services freely available on the ...rabilities, and verify that the process includes using outside sources for security vulnerability information and updating the system configuration standards r ...2 KB (303 words) - 18:22, 28 February 2007
- ::'''1. Risk: Security incidents and incompliance with information security procedures may go overlooked and not addressed.''' ...d monitor security incidents and the extent of compliance with information security procedures. ...2 KB (351 words) - 13:57, 4 May 2006
- =='''Sample Security Awareness Accessibility Standard'''== ...f the [[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']] and associated policies and standards.<br> ...5 KB (728 words) - 14:07, 1 May 2010
- ...s and or security managers to determine that they have knowledge of common security parameter settings for their operating systems, database servers, Web serve :::'''PCI-2.2.3 B:''' Verify that common security parameter settings are included in the system configuration standards.<br> ...3 KB (366 words) - 13:52, 28 February 2007
- ...ents at least daily. Log reviews should include those servers that perform security functions like IDS and authentication (AAA) servers.'''<br> ...licies and procedures and determine that they include procedures to review security logs at least daily, and that follow-up to exceptions is required. ...2 KB (304 words) - 21:08, 2 March 2007
- '''4. Risk: Insufficient security standards may allow unauthorized access to production systems and business '''6. Risk: Reactive security monitoring results in data compromise and financial loss or liability.'''<b ...6 KB (729 words) - 13:40, 23 June 2006
- ...SO/IEC 17799]], "Information Technology - Code of practice for information security management." in 2000. [[ISO/IEC 17799]] was then revised in June 2005 and ...ormation security management system]] (ISMS), referring to the information security management structure and controls identified in BS 7799-2, which later beca ...2 KB (249 words) - 10:56, 27 October 2012
- ...of employment should stress the employee’s responsibility for information security, internal control and regulatory compliance. The level of supervision shoul ISO 17799 4.1 Information security infrastructure.<br> ...2 KB (329 words) - 19:26, 1 May 2006
- '''8. Risk: Insufficient security standards may allow unauthorized access to production systems and business '''10. Risk: Reactive security monitoring results in data compromise and financial loss or liability.'''<b ...6 KB (766 words) - 13:42, 23 June 2006
- ::'''1. Risk: Security incidents and incompliance with information security procedures may go overlooked and not addressed.'''<br> ...d monitor security incidents and the extent of compliance with information security procedures.<br> ...2 KB (327 words) - 13:18, 4 May 2006
- ...ver authorization, authentication, nonrepudiation, data classification and security monitoring may result in inaccurate financial reporting.''' :::a. [[SOX.2.0.21:|'''SOX.2.0.21''']] Review security practices to confirm that authentication controls (passwords, IDs, two-fact ...2 KB (305 words) - 17:36, 25 June 2006
- [[DS5:| '''5 Ensure Systems Security''']]<br> [[DS5.1:| 5.1 Management of IT Security]]<br> ...4 KB (538 words) - 19:08, 14 June 2007
- ...mation technology - Security techniques - Code of practice for information security management''. The current standard is a revision of the version published i ...ining [[ISMS|Information Security Management Systems]] (ISMS). Information security is defined within the standard in the context of the [[CIA triad|C-I-A tria ...6 KB (847 words) - 16:57, 26 March 2007
- =='''Sample Management Security Awareness Standard'''== ...f the [[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']] and associated policies and standards.<br> ...6 KB (752 words) - 14:02, 1 May 2010
- '''7. Risk: Insufficient security standards may allow unauthorized access to production systems and business '''9. Risk: Reactive security monitoring results in data compromise and financial loss or liability.'''<b ...6 KB (779 words) - 13:45, 23 June 2006
- ...performed and appropriately approved (including account management and IT security). Obtain and examine documents associated with requirements analysis from t ...1:|'''SOX.2.7.1''']] End-user computing policies and procedures concerning security, availability and processing integrity exist and are followed.<br> ...4 KB (580 words) - 18:00, 23 June 2006
- Security Level QSECURITY value is: 40, Default value is: 10, System security level. It is recommended that a level of no less than 30 be used. ...2 KB (335 words) - 19:55, 28 August 2006
- ...rticular technologies and specific solutions. This section provides sample security policies that an organization can clone and tailor to its unique requiremen ...rticular technologies and specific solutions. This section provides sample security standards that an organization can clone and tailor to its unique requireme ...4 KB (581 words) - 17:06, 30 December 2013
- '''8. Risk: Insufficient security standards may allow unauthorized access to production systems and business '''10. Risk: Reactive security monitoring results in data compromise and financial loss or liability.'''<b ...6 KB (821 words) - 18:11, 28 August 2006
- The objective of this category is to manage information security within the organization's overall administrative structure.<br> ===Management commitment to information security=== ...8 KB (996 words) - 12:49, 22 May 2007
- ==Personnel Security== ...rs grant legitimate users system access necessary to perform their duties; security personnel enforce access rights in accordance with institution standards. B ...10 KB (1,327 words) - 12:54, 10 April 2007
- '''8. Risk: Insufficient security standards may allow unauthorized access to production systems and business '''10. Risk: Reactive security monitoring results in data compromise and financial loss or liability.'''<b ...6 KB (816 words) - 13:41, 23 June 2006
- ...op and maintain a risk response to ensure that cost-effective controls and security measures mitigate exposure to risks on a continuing basis. The risk respons ISO 17799 12.1 Objective: To ensure that security is an integral part of information systems.<br> ...5 KB (738 words) - 20:24, 1 May 2006
- * Security: A service has associated data. Security refers to the confidentiality, integrity, and availability of that data. ...1 KB (154 words) - 15:48, 20 March 2007
- ...network, host, and application vulnerability scans to verify that periodic security testing of the devices within the cardholder environment occurs. Confirm th ...rnal scanning is occurring on a quarterly basis in accordance with the PCI Security Scanning Procedures, inspect output from the four most recent quarters of e ...3 KB (413 words) - 20:25, 2 March 2007
- '''8. Risk: Insufficient security standards may allow unauthorized access to production systems and business '''10. Risk: Reactive security monitoring results in data compromise and financial loss or liability.'''<b ...7 KB (901 words) - 13:44, 23 June 2006
- ...h agency shall have performed an independent evaluation of the information security program and practices of that agency to determine the effectiveness of such ::'''(A)''' testing of the effectiveness of information security policies, procedures, and practices of a representative subset of the agenc ...4 KB (682 words) - 19:17, 3 June 2010
- '''8. Risk: Insufficient security standards may allow unauthorized access to production systems and business '''10. Risk: Reactive security monitoring results in data compromise and financial loss or liability.'''<b ...7 KB (901 words) - 13:43, 23 June 2006
- ...h management and upgrade strategies, risks, vulnerabilities assessment and security requirements.<br> ::Objective: To ensure that security is an integral part of information systems.<br> ...6 KB (819 words) - 13:54, 23 June 2006
- :'''Test security controls, limitations, network connections, and restrictions routinely to m ...PCI-11.1 A:''' Confirm through inquiry of security personnel that periodic security testing of the devices within the cardholder environment occurs. ...3 KB (346 words) - 20:22, 2 March 2007
- ...parties with access to cardholder data to adhere to payment card industry security requirements. At a minimum, the agreement should address:'''<br> ...e that receive data for fraud modeling purposes). Verify that the PCI Data Security Standard requirements relevant to the business relationship between the org ...3 KB (345 words) - 14:38, 2 March 2007
- == Requirement 12: Maintain a policy that addresses information security. == *A strong security policy sets the security tone for the whole company, and lets employees know what is expected of the ...7 KB (988 words) - 19:11, 7 July 2006
- ...ment 2: Do not use vendor-supplied defaults for system passwords and other security parameters. == ...rds for all system components. Make sure these standards address all known security vulnerabilities and industry best practices.'''<br> ...2 KB (283 words) - 17:00, 26 June 2006
- ...h agency shall have performed an independent evaluation of the information security program and practices of that agency to determine the effectiveness of such ::'''(A)''' testing of the effectiveness of information security policies, procedures, and practices of a representative subset of the agenc ...4 KB (634 words) - 13:00, 4 June 2010
- ...parties with access to cardholder data to adhere to payment card industry security requirements. At a minimum, the agreement should address:'''<br> ...e that receive data for fraud modeling purposes). Verify that the PCI Data Security Standard requirements relevant to the business relationship between the org ...3 KB (350 words) - 14:39, 2 March 2007
- ...he 501(b) guidelines to ensure service providers have implemented adequate security controls to safeguard customer information. :* Require service providers by contract to implement appropriate security controls to comply with the guidelines ...6 KB (829 words) - 19:14, 17 April 2007
- ...parties with access to cardholder data to adhere to payment card industry security requirements. At a minimum, the agreement should address:'''<br> ...e that receive data for fraud modeling purposes). Verify that the PCI Data Security Standard requirements relevant to the business relationship between the org ...3 KB (353 words) - 14:40, 2 March 2007
- '''8. Risk: Insufficient security standards may allow unauthorized access to production systems and business '''10. Risk: Reactive security monitoring results in data compromise and financial loss or liability.'''<b ...7 KB (895 words) - 13:44, 23 June 2006
- '''DS 5.2 IT Security Plan '''<br> ...ith appropriate investments in services, personnel, software and hardware. Security policies and procedures are communicated to stakeholders and users. ...10 KB (1,333 words) - 17:44, 25 June 2006
- ...ver authorization, authentication, nonrepudiation, data classification and security monitoring may result in inaccurate financial reporting.''' 1. Determine the sufficiency and appropriateness of perimeter security controls, including firewalls and intrusion detection systems. ...3 KB (360 words) - 17:03, 9 April 2007
- ...to managing organizational risk are paramount to an effective information security program and can be applied to both new and legacy information systems withi ...an assessment of risk and local conditions including organization-specific security requirements, specific threat information, cost-benefit analyzes, or specia ...4 KB (528 words) - 16:58, 28 March 2010
- * [[KY LOGICAL AND PHYSICAL SECURITY:|'''LOGICAL AND PHYSICAL SECURITY''']] ...924 bytes (100 words) - 20:14, 25 June 2006
- * [[GA LOGICAL AND PHYSICAL SECURITY:|'''LOGICAL AND PHYSICAL SECURITY''']] ...923 bytes (100 words) - 20:08, 25 June 2006
- * [[LA LOGICAL AND PHYSICAL SECURITY:|'''LOGICAL AND PHYSICAL SECURITY''']] ...925 bytes (100 words) - 20:09, 25 June 2006
- * [[TX LOGICAL AND PHYSICAL SECURITY:|'''LOGICAL AND PHYSICAL SECURITY''']] ...921 bytes (100 words) - 20:10, 25 June 2006
- * [[WI LOGICAL AND PHYSICAL SECURITY:|'''LOGICAL AND PHYSICAL SECURITY''']] ...925 bytes (100 words) - 20:11, 25 June 2006
- ...ts (NDA), escrow contracts, continued supplier viability, conformance with security requirements, alternative suppliers, penalties and rewards, etc.<br> ...OX.1.24:|'''SOX.1.24''']] Third-party service contracts address the risks, security controls and procedures for information systems and networks in the contrac ...7 KB (958 words) - 16:01, 25 June 2006
- ...ort issues and upgrades, periodic review against business needs, risks and security requirements.<br> ISO 17799 12.1: Security requirements of information systems.<br> ...6 KB (878 words) - 13:34, 23 June 2006
- :'''Make all employees aware of the importance of cardholder information security:'''<br> :* Obtain security awareness program documentation and verify that it contains the following c ...2 KB (271 words) - 20:06, 2 March 2007
- ..., known as '''DITSCAP''' ('''Department of Defense Information Technology Security Certification and Accreditation Process'''), in 2006. ...IACAP]], is used for the certification and accreditation (C&A) of national security systems outside of the DoD. ...2 KB (229 words) - 10:14, 15 April 2012
- Information Systems Security Association, 401 Michigan Ave, Chicago, IL 60611, (312) 644-6610. ...348 bytes (46 words) - 12:17, 28 February 2009
- == Requirement 11: Regularly test security systems and processes. == ...tems, processes, and custom software should be tested frequently to ensure security is maintained over time and through changes. ...3 KB (372 words) - 17:59, 7 July 2006
- * [[FL LOGICAL AND PHYSICAL SECURITY:|'''LOGICAL AND PHYSICAL SECURITY''']] ...928 bytes (100 words) - 20:06, 25 June 2006
- :'''Establish, publish, maintain, and disseminate a security policy that:'''<br> :* Read the information security policy, and verify the policy is published and disseminated to all relevant ...2 KB (281 words) - 14:46, 2 March 2007
- ...implement, and maintain a best practice, risk management-based information security program.<br> ...implement, and maintain a best practice, risk management-based Information Security Program.<br> ...5 KB (705 words) - 11:39, 30 May 2015
- Document authentication is similar to the security service of message integrity which provides assurance that the information ...205 bytes (26 words) - 12:28, 16 October 2014
- ...parties with access to cardholder data to adhere to payment card industry security requirements. At a minimum, the agreement should address:'''<br> ...e that receive data for fraud modeling purposes). Verify that the PCI Data Security Standard requirements relevant to the business relationship between the org ...3 KB (377 words) - 14:37, 2 March 2007
- ITIL Security Management, Security Management Measures.<br> ISO 17799 4.1 Information security infrastructure.<br> ...2 KB (338 words) - 19:03, 17 April 2007
- ....0.14:|'''SOX.2.0.14''']] Third-party service contracts address the risks, security controls and procedures for information systems and networks in the contrac ...-party service contracts and determine if they include controls to support security, availability and processing integrity in accordance with the company’s pol ...2 KB (294 words) - 18:21, 14 June 2006
- ...ds and guidelines. The policies should address key topics such as quality, security, confidentiality, internal controls and intellectual property. Their releva ...1:|'''SOX.2.7.1''']] End-user computing policies and procedures concerning security, availability and processing integrity exist and are followed.<br> ...3 KB (421 words) - 18:02, 23 June 2006
- [[Security Policy:|'''Security Policy''']]<br> [[Organizing Information Security:|'''Organizing Information Security''']]<br> ...3 KB (378 words) - 21:27, 18 January 2015
- :2. Corporate values (ethical values, control and security culture, etc.) ...yees to acknowledge in writing they have read and understood the company’s security policy and procedures.''' ...2 KB (333 words) - 16:42, 5 May 2006
- Controls provide reasonable assurance that IT components, as they relate to security, processing and availability, are well protected, would prevent any unautho ...ed through its life cycle. Insufficient configuration controls can lead to security and availability exposures that may permit unauthorized access to systems a ...3 KB (429 words) - 18:55, 25 June 2006
- ...OX.1.24:|'''SOX.1.24''']] Third-party service contracts address the risks, security controls and procedures for information systems and networks in the contrac ...-party service contracts and determine if they include controls to support security, availability and processing integrity in accordance with the company’s pol ...2 KB (291 words) - 16:02, 25 June 2006
- :'''Develop daily operational security procedures that are consistent with the requirements in this specification ::'''PCI-12.2:''' Review the daily operational security procedures. Verify they are consistent with this specification, and include ...2 KB (281 words) - 15:14, 2 March 2007
- :'''Avoid Session Management Pitfalls:''' [[Media:session-management-security.pdf]]<br> ...Configuration Management for Security:''' [[Media:configuration-management-security.pdf]] <br> ...6 KB (839 words) - 16:22, 23 April 2007
- ...o messages will produce the same hash result. See Kaufman, et al., Network Security, supra note 22, at 102. ...402 bytes (61 words) - 15:47, 3 April 2007
- :::a. [[SOX.2.0.16:|'''SOX.2.0.16''']] A regular review of security, availability and processing integrity is performed by third-party service Inquire whether third-party service providers perform independent reviews of security, availability and processing integrity, e.g., service auditor report. Obtai ...2 KB (302 words) - 18:12, 14 June 2006
- ...e system audit process. This section provides templates for an Information Security Program Charter and supporting policies that are required to comply with IS ==Compliance with organizational security policies and technical standards== ...6 KB (774 words) - 12:41, 25 May 2007
- '''(a)''' In General.— The Director shall oversee agency information security policies and practices, including—<br> ...entation of policies, principles, standards, and guidelines on information security, including through ensuring timely agency adoption of and compliance with s ...4 KB (671 words) - 10:44, 1 June 2010
- ...rategy for Dealing with Computer Fraud and Abuse: A Case Study, 1 Computer Security J 31 (Winter 1982). ...312 bytes (43 words) - 11:42, 3 March 2009
- =='''Sample Third Party Security Awareness Standard'''== ...f the [[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']] and associated policies and standards.<br> ...10 KB (1,206 words) - 14:05, 1 May 2010
- Controls provide reasonable assurance that IT components, as they relate to security, processing and availability, are well protected, would prevent any unautho ...ed through its life cycle. Insufficient configuration controls can lead to security and availability exposures that may permit unauthorized access to systems a ...4 KB (506 words) - 18:44, 25 June 2006
- ::'''1. Risk: Security incidents and incompliance with information security procedures may go overlooked and not addressed.''' ...d monitor security incidents and the extent of compliance with information security procedures. ...4 KB (601 words) - 15:01, 8 August 2006
- ...ver authorization, authentication, nonrepudiation, data classification and security monitoring may result in inaccurate financial reporting.''' Obtain polices and procedures as they relate to facility security, key and card reader access, and determine if those procedures account for ...2 KB (321 words) - 18:12, 25 June 2006
- ...is scheme includes details about data ownership, definition of appropriate security levels and protection controls, and a brief description of data retention a ISO 17799 4.1 Information security infrastructure.<br> ...3 KB (363 words) - 16:53, 9 April 2007
- :'''Obtain company change-control procedures related to implementing security patches and software modifications, and determine the procedures required.' ...ct a sample of system components and find the three most recent changes or security patches for each system component, and trace those changes back to related ...2 KB (307 words) - 18:42, 28 February 2007
- :'''Obtain company change-control procedures related to implementing security patches and software modifications, and determine the procedures required.' ...ct a sample of system components and find the three most recent changes or security patches for each system component, and trace those changes back to related ...2 KB (304 words) - 18:44, 28 February 2007
- :'''Obtain company change-control procedures related to implementing security patches and software modifications, and determine the procedures required.' ...ct a sample of system components and find the three most recent changes or security patches for each system component, and trace those changes back to related ...2 KB (307 words) - 18:43, 28 February 2007
- ::'''1. Risk: Information security and business requirements may be compromised. Inaccurate results are produc ...bility study through maintenance of the completed application. Verify that security, availability, and process integrity requirements are included.<br> ...3 KB (460 words) - 16:08, 21 June 2006
- ::'''1. Risk: Insufficient configuration controls can lead to security and availability exposures that may permit unauthorized access to systems a ...ies require the documentation of the current configuration, as well as the security configuration settings to be implemented. ...2 KB (315 words) - 18:38, 25 June 2006
- ...on Standards for Privacy of Individually Identifiable Health Information, Security Standards for the Protection of Electronic Protected Health Information, an ...400 bytes (47 words) - 13:15, 15 June 2007
- :'''Obtain company change-control procedures related to implementing security patches and software modifications, and determine the procedures required.' ...ct a sample of system components and find the three most recent changes or security patches for each system component, and trace those changes back to related ...2 KB (311 words) - 18:42, 28 February 2007
- '''AI 2.4 Application Security and Availability'''<br> ...ed risks, in line with data classification, the organization’s information security architecture and risk profile. Issues to consider include access rights and ...3 KB (374 words) - 15:05, 3 May 2006
- ...user activity and security related events which are reviewed daily by the security administrators.<br> ...revalidations of user group membership and user accounts are performed by security administration.<br> ...4 KB (550 words) - 14:34, 1 May 2006
- ...lidate security. Remember, it only takes one hole to compromise the entire security model. The areas covered are just a portion of the constant and never-endin You should use either SERVER_ENCRYPT or KBR_SERVER_ENCRYPT for fewer security weaknesses.<br> ...4 KB (644 words) - 14:43, 15 May 2007
- ...1:|'''SOX.2.7.1''']] End-user computing policies and procedures concerning security, availability and processing integrity exist and are followed.<br> * ISO 177993.1 Information security policy.<br> ...3 KB (377 words) - 14:10, 8 August 2006
- ITIL Security Management<br> ITIL Security Management Measures<br> ...4 KB (544 words) - 17:11, 5 May 2006
- ISO 17799 3.1 Information security policy.<br> ISO 17799 4.1 Information security infrastructure.<br> ...3 KB (377 words) - 14:55, 1 May 2006
- ...tivities, general tasks and a management structure process for the [[Cyber security certification|certification]] and [[accreditation]] (C&A) of a DoD IS that DIACAP is the result of a [[NSA]] directed shift in underlying security paradigm and succeeds its predecessor: [[DITSCAP]]. ...2 KB (322 words) - 10:16, 15 April 2012
- ISO 17799 4.1 Information security infrastructure.<br> ISO 6.1 Security in job definition and resourcing.<br> ...2 KB (292 words) - 19:08, 1 May 2006
- =='''Logical Security'''== ...n a computer network or a computer workstation. It is a subset of computer security.<br> ...7 KB (1,093 words) - 19:00, 5 March 2007
- ...e defined and documented in accordance with the organization's information security policy.<br> * Act in accordance with the organization's information security policy, including execution of processes or activities particular to the in ...10 KB (1,387 words) - 14:04, 22 May 2007
- Computer Crime, Computer Security, Computer Ethics (The first annual statistical report), J BloomBecker, ed., ...493 bytes (66 words) - 10:46, 26 February 2009
- Controls provide reasonable assurance that IT components, as they relate to security, processing and availability, are well protected, would prevent any unautho ...ed through its life cycle. Insufficient configuration controls can lead to security and availability exposures that may permit unauthorized access to systems a ...4 KB (501 words) - 18:24, 25 June 2006
- ::'''1. Risk: Information security and business requirements may be compromised. Inaccurate results are produc ...bility study through maintenance of the completed application. Verify that security, availability, and process integrity requirements are included.<br> ...6 KB (847 words) - 17:21, 25 April 2007
- :* Obtain security policies and procedures and determine that they include audit log retention ...415 bytes (66 words) - 15:25, 21 February 2007
- ...of the various processing entities and use certified devices such as Host Security Modules (HSM). The most common standard used to evaluate organizations is t ...2 KB (235 words) - 09:48, 23 October 2012
- * Security and reliability of victim's computers ...ls familiar with a computer system can tell about a number of flaws in the security systems of that computer. These flaws may seriously undercut the ability of ...3 KB (498 words) - 13:29, 22 February 2009
- ...tion X.813), ISO/IEC 10181-4 (1996); Warwick Ford, Computer Communications Security: Principles, Standard Protocols & Techniques 29-30 (1994) (1994) (hereinaft ...1 KB (144 words) - 12:26, 16 October 2014
- '''Federal Information Security Management Act (FISMA)''' ...support the implementation of and compliance with the Federal Information Security Management Act including: ...9 KB (1,252 words) - 19:19, 19 April 2010
- ...It is insufficient to declare that there are codes and passwords and other security devices. Something more should be available to trace the input and output a ...787 bytes (125 words) - 17:52, 22 February 2009
- ...advantage of the surprise attack while they are still unknown to computer security professionals. Recent history certainly does show us an increasing rate of ...he collection and use of Zero Day vulnerability information. Many computer security vendors perform research on Zero Day vulnerabilities in order to better und ...4 KB (570 words) - 19:02, 14 June 2007
- ...ed immediately by <SPECIFY DEPARTMENT> in accordance with Company-approved security investigation processes and procedures.<br> The Chief Information Security Officer (CISO) approves the Misuse Reporting Standard. The CISO also is res ...6 KB (857 words) - 12:22, 19 July 2007
- ...ated endpoint firewall and security software configurations to verify that security software standards are acceptable and that updates are current prior to aut ...2 KB (296 words) - 10:57, 16 June 2010
- ...ge, credit or credit card, transaction authorization mechanism, marketable security and any computer representation of them.[[FN41]] The last phrase, "and any ...489 bytes (67 words) - 03:43, 18 February 2009
- '''Incident Management''' otherwise known as '''Information Security Incident Management''', is a [[Service_Level_Management: | Service Level Ma ...tablished to ensure a quick, effective and orderly response to information security incidents.<br> ...9 KB (1,371 words) - 16:40, 23 May 2007
- * PCI-12.5.1 Establish, document, and distribute security policies and procedures. * PCI-12.5.2 Monitor and analyze security alerts and information, and distribute to appropriate personnel. ...6 KB (846 words) - 13:52, 4 May 2006
- ...or licenses computerized 'personal information' to disclose any breach of security (to any resident whose unencrypted data is believed to have been disclosed) (2) shall disclose any breach of the security of the system following discovery or ...3 KB (522 words) - 13:52, 26 October 2011
- ==Security Audit Guidance== For security audit guidance, please refer to [[Audit_Guidance_Examination_Procedures | A ...5 KB (665 words) - 14:40, 11 April 2007
- ISO 17799 3.1 Information security policy 4.1 Information security infrastructure.<br> ...2 KB (331 words) - 18:47, 1 May 2006
- Association for Computing Machinery Special Interest Group on Security Audit and Control, 11 W 42 St., New York NY 10036 (212) 869-7440. ...631 bytes (82 words) - 02:56, 5 March 2009
- ISO 17799 4.2 Security of third-party access.<br> ISO 17799 6.1 Security in job definition and resourcing.<br> ...2 KB (330 words) - 18:17, 1 May 2006
- ISO 17799 3.1 Information security policy 4.1 Information security infrastructure.<br> ...2 KB (317 words) - 20:10, 1 May 2006
- ==Information Security Aspects of Business Continuity Management== ...y implications. Depending on the event, some or all of the elements of the security environment may change. Different people may be involved in operations, at ...9 KB (1,274 words) - 00:17, 1 June 2007
- Links to helpful or interesting information security documents.<br> :This paper discusses common security vulnerabilities in PHP applications.<br> ...10 KB (1,527 words) - 12:47, 25 April 2007
- '''DS 5.5 Security Testing, Surveillance and Monitoring'''<br> ...ly. IT security should be reaccredited periodically to ensure the approved security level is maintained. A logging and monitoring function enables the early de ...7 KB (975 words) - 16:57, 9 April 2007
- ...mation technology - Security techniques - Code of practice for information security management''. ...ining [[ISMS|Information Security Management Systems]] (ISMS). Information security is defined within the standard in the context of the [[CIA triad|C-I-A tria ...8 KB (1,111 words) - 10:30, 15 April 2012
- ...hould be tested and evaluated prior to deployment, so the effectiveness of security can be certified. Fallback or back out plans should also be developed and t ::'''1. Risk: Security and business continuity risks are introduced by technical designs incompati ...3 KB (497 words) - 14:57, 23 June 2006
- '''8. Risk: Insufficient security standards may allow unauthorized access to production systems and business *AIX Unix: etc/security/user<br> ...3 KB (405 words) - 00:10, 13 June 2006
- ...tackers are unlikely to find them. The technique stands in contrast with [[security by design]], although many real-world projects include elements of both str ...aphy was disturbing to the US government, which seems to have been using a security through obscurity analysis to support its opposition to such work. ...11 KB (1,798 words) - 14:44, 14 June 2007
- ==Security requirements of information systems== The objective of this category is to ensure that security is an integral part of the organization's information systems, and of the b ...9 KB (1,170 words) - 14:05, 22 May 2007
- ::'''1. Risk: nformation security and business requirements may be compromised. Inaccurate results are produc ...bility study through maintenance of the completed application. Verify that security, availability, and process integrity requirements are included.<br> ...4 KB (506 words) - 20:00, 25 June 2006
- :'''(1)''' The term '''information security''' means protecting information and information systems from unauthorized a ::'''(A)''' The term '''national security system''' means any information system (including any telecommunications sy ...2 KB (327 words) - 00:58, 1 June 2010
- ...secured by the [http://safetynet-info.com SafetyNET] advanced information security suite of products available only from Lazarus Alliance.<br> ...876 bytes (127 words) - 14:51, 29 February 2008
- ...ty and availability, and testing. Perform a [[Information_Security_Audit | security audit]] reassessment when significant technical or logical discrepancies oc ...2 KB (329 words) - 13:35, 6 March 2007
- ...threat assessment activities will be integrated, as appropriate, into the Security Awareness Program. Specific instructions and requirements for assessing thr ...veness of these plans. Specific instructions for responding to Information Security incidents are provided in the [[Sample Incident Response Standard:|'''Sampl ...3 KB (365 words) - 19:25, 14 January 2014
- ...uch as the board, executives, business units, individual users, suppliers, security officers, risk managers, the corporate compliance group, outsourcers and of ISO 17799 4.1 Information security infrastructure.<br> ...2 KB (342 words) - 18:20, 1 May 2006
- ISO 7.2 Equipment security <br> ISO 8.6 Media handling and security <br> ...5 KB (674 words) - 18:14, 21 June 2006
- '''DS 5.10 Network Security '''<br> ...at security techniques and related management procedures (e.g., firewalls, security appliances, network segmentation, and intrusion detection) are used to auth ...6 KB (781 words) - 12:31, 23 June 2006
- ...modern computers and receive hundreds of megabytes of data, poses another security headache. A spy (perhaps posing as a cleaning person) could easily conceal ...IEEE Security and Privacy, January/February 2003 [http://www.computer.org/security/garfinkel.pdf (PDF)]. ...4 KB (702 words) - 15:52, 14 June 2007
- ITIL Security Management<br> ITIL Security Management Measures<br> ...3 KB (413 words) - 19:02, 4 May 2006
- ===Physical security=== * Ensure the physical security of your server. ...7 KB (1,018 words) - 13:53, 14 May 2007
- :'''(1)''' the term '''information security''' means protecting information and information systems from unauthorized a :'''(2)''' the term '''national security system''' means any information system (including any telecommunications sy ...3 KB (368 words) - 00:50, 1 June 2010
- ...system software and data. This section provides templates for Information Security standards that are required to comply with ISO Systems Development and Main ...5 KB (613 words) - 18:14, 25 July 2006
- ISO 17799 3.1 Information security policy 6.3 Responding to security incidents and malfunctions.<br> ...2 KB (353 words) - 18:22, 1 May 2006
- ...ning to maintain their knowledge, skills, abilities, internal controls and security awareness at the level required achieving organizational goals.<br> ISO 177994.2 Security of third-party access.<br> ...2 KB (272 words) - 18:05, 25 April 2007
- ...ive, detective and corrective measures are in place (especially up-to-date security patches and virus control) across the organization to protect information s ::'''3. Risk: Security incidents and incompliance with information security procedures may go overlooked and not addressed.''' ...8 KB (1,177 words) - 19:00, 25 June 2006
- ...olicies and practices are in place to ensure the integrity of data through security and end user development methodology.<br> ::'''5. Risk: IT security measures are not aligned with business requirements.'''<br> ...4 KB (583 words) - 12:06, 23 June 2006
- ::'''(A)''' providing information security protections commensurate with the risk and magnitude of the harm resulting :::'''(i)''' information security standards promulgated by the Director under section 11331 of title 40; and< ...10 KB (1,576 words) - 12:50, 4 June 2010
- ISO 17799 4.1 Information security infrastructure.<br> ISO 17799 6.1 Security in job definition and resourcing.<br> ...3 KB (393 words) - 17:18, 1 May 2006
- ...elecommunications equipment within an operations center will have a higher security zone than I/O operations, with the media used by that equipment stored at y ...en>'''HORSE FACTS:'''</font> Financial institutions should define physical security zones and implement appropriate preventative and detective controls in each ...10 KB (1,485 words) - 14:22, 10 April 2007
- ::'''(A)''' providing information security protections commensurate with the risk and magnitude of the harm resulting :::'''(i)''' information security standards promulgated under section 11331 of title 40; and<br> ...11 KB (1,610 words) - 19:37, 3 June 2010
- ...ment 2: Do not use vendor-supplied defaults for system passwords and other security parameters.''']] * [[PCI 11:|'''Requirement 11: Regularly test security systems and processes.''']] ...8 KB (1,208 words) - 17:00, 9 April 2007
- ...Security policies, standards, guidelines, and procedures. The Information Security Program will protect information assets by establishing policies to identif ...ide for the development of organizational security standards and effective security management practices.<br> ...10 KB (1,314 words) - 18:06, 15 March 2009
- ...ecurity]] which in turn grew out of practices and procedures of [[computer security]]. ...ter science. Therefore, IA is best thought of as a superset of information security. ...7 KB (983 words) - 10:41, 15 April 2012
- ...e key, generally less secure than hardware schemes, but providing adequate security for many types of applications. See generally Schneier, supra note 18, at § ...2 KB (244 words) - 12:37, 16 October 2014
- ==Welcome to the Holistic Operational Readiness Security Evaluation (HORSE) project Wiki.== ...ging the growth, development and distribution of free, multilingual, cyber security focused educational content, and to providing the full content of this wiki ...9 KB (1,241 words) - 20:49, 13 September 2016
- * Reporting the technical issues related to the security of the database ==Security== ...4 KB (561 words) - 16:45, 29 August 2014
- The '''Chief Information Security Officer''' (CISO) and the Record Hold/Discovery Sub-Committee of the '''<Yo ...consistent with the Legal Hold Standard; coordinating with the Information Security Department to ensure that Company protection standards are properly establi ...9 KB (1,213 words) - 13:20, 9 March 2009
- ...of all services, protocols, and ports allowed, including documentation of security features implemented for those protocols considered to be insecure.'''<br> ...ices, protocols, and ports allowed; and verify they are necessary and that security features are documented and implemented by examining firewall and router co ...3 KB (353 words) - 12:28, 16 June 2010
- ==Security Management== ...ITIL Security Management is based on the code of practice for information security management also known as ISO/IEC 17799. ...32 KB (4,804 words) - 14:10, 27 February 2009
- ...scribing special costs, the costs of EDP auditors and computer information security practitioner should not be overlooked.[[FN89]] ...916 bytes (142 words) - 13:39, 22 February 2009
- ...Center for Computer Crime Data (Los Angels 1985); Computer Crime, Computer Security, Computer Ethics (The first annual statistical report), J BloomBecker, ed., ...865 bytes (127 words) - 10:50, 25 February 2009
- ...e right to obtain a [[Security Freeze]] on their credit reports. Placing a security freeze on a credit report would prohibit credit reporting agencies from rel ...3 KB (488 words) - 13:02, 12 November 2011
- * Social security number ...789 bytes (113 words) - 16:17, 18 February 2009
- ...t to employ various private investigators and consultants such as computer security consultants, EDP auditors, and systems analysts to assist in the investigat ...1 KB (164 words) - 15:06, 22 February 2009
- ==Data Security== The primary objective of information security is to protect the confidentiality, integrity, and availability of the insti ...9 KB (1,246 words) - 18:20, 10 April 2007
- Implement internal control, security and audit ability measures during configuration, integration and maintenanc ...1 KB (146 words) - 17:19, 7 June 2006
- ...esting templates containing questions that can be used to gage and promote security awareness in specific areas. The tests may be distributed and responses can ...1 KB (141 words) - 20:07, 13 June 2009
- ISO 17799 4.2 Security of third-party access.<br> ISO 7.2 Equipment security.<br> ...3 KB (459 words) - 17:56, 21 June 2006
- ...Security policies, standards, guidelines, and procedures. The Information Security Program will protect information assets by establishing policies to identif ...ide for the development of organizational security standards and effective security management practices.<br> ...8 KB (1,068 words) - 17:23, 16 October 2009
- ISO 4.1 Information security infrastructure<br> ISO 4.2 Security of third-party access<br> ...3 KB (366 words) - 18:00, 25 April 2007
- ...Center for Computer Crime Data (Los Angels 1985); Computer Crime, Computer Security, Computer Ethics (The first annual statistical report), J BloomBecker, ed., ...951 bytes (134 words) - 11:05, 26 February 2009
- ## Security changes, significant activity, and high-risk functions must be recorded. ### Change security policy or configuration settings ...3 KB (444 words) - 20:12, 15 January 2014
- ==Security== ...tion has the authority to enforce all obligated entities to take necessary security measures for the protection of the personal data they collect and/or use. ...6 KB (879 words) - 16:59, 29 August 2014
- ...facility. The magnetic strip on the card key controls (via a computerized security system) an employee's access rights to various locations within the buildin ...s. The diagram illustrates segregation of duties as it applies to physical security within the enterprise.<br> ...4 KB (591 words) - 19:45, 14 June 2007
- ...performed and appropriately approved (including account management and IT security). Obtain and examine documents associated with requirements analysis from t ISO 17799 4.1 Information security infrastructure.<br> ...4 KB (510 words) - 13:54, 1 May 2006
- ...on of managers, users, administrators, application designers, auditors and security staff, and specialist skills in areas such as insurance and risk management ...9 KB (1,301 words) - 16:55, 25 April 2007
- :::*Evaluate security risks and consequences.<br> :::C. Discuss security goals (e.g., confidentiality, integrity, availability.).<br> ...12 KB (1,656 words) - 14:15, 1 May 2010
- ::'''PCI-8.5.3:''' Examine password procedures and observe security personnel to confirm that first-time passwords for new users are set to a u ...2 KB (271 words) - 14:27, 1 March 2007
- ::'''3. Risk: System security may be undermined by inappropriate external system connections.''' ...ls should be in place to prevent these connections from undermining system security. ...4 KB (524 words) - 15:03, 25 June 2006
- ...ver authorization, authentication, nonrepudiation, data classification and security monitoring may result in inaccurate financial reporting.''' ...2 KB (287 words) - 18:08, 25 June 2006
- ...these elements are required at a minimum to provide an acceptable level of security to the enterprise.<br> # Third part access is provisioned by Information Security with the use of a rotating WPA-PSK pass-phrase.<br> ...8 KB (1,123 words) - 16:01, 2 August 2009
- :::a. [[SOX.2.7.8:|'''SOX.2.7.8''']] A security incident response process exists to support timely response and investigati ...2 KB (277 words) - 19:21, 25 June 2006
- Review the results of security testing. Determine if there are adequate controls to protect sensitive info ...2 KB (274 words) - 19:44, 25 June 2006
- ::'''1. Risk: Insufficient configuration controls can lead to security and availability exposures that may permit unauthorized access to systems a ...2 KB (288 words) - 18:53, 25 June 2006
- ...ver authorization, authentication, nonrepudiation, data classification and security monitoring may result in inaccurate financial reporting.''' ...2 KB (292 words) - 17:47, 25 June 2006
- ...-12.9.4:''' Verify via observation and review of policies, that staff with security breach responsibilities get periodic training. ...2 KB (280 words) - 20:16, 2 March 2007
- ...al part of development in house. During the planning stages of development security, availability, and processing integrity must be considered. ...2 KB (295 words) - 15:33, 25 June 2006
- The Chief Information Security Officer (CISO) approves the Software Acceptable Use Standard. The CISO also ...violations and misuse to management, and cooperating with official Company security investigations relating to misuse of such resources.<br> ...7 KB (953 words) - 14:13, 1 May 2010
- ...al direction, performance, cost, reliability, compatibility, Auditability, security, availability and continuity, ergonomics, usability, safety and legislation ::'''1. Risk: Security and business continuity risks are introduced by technical designs incompati ...4 KB (538 words) - 13:16, 23 June 2006
- ...ver authorization, authentication, nonrepudiation, data classification and security monitoring may result in inaccurate financial reporting.''' ...2 KB (289 words) - 17:19, 25 June 2006
- ...'']] IT management implements system software that does not jeopardize the security of the data and programs being stored on the system. ...2 KB (303 words) - 19:58, 23 June 2006
- ::'''PCI-8.5.2:''' Examine password procedures and observe security personnel to confirm that—if a user requests a password reset via phone, em ...2 KB (279 words) - 14:25, 1 March 2007
- ...ion and review of processes, that monitoring and responding to alerts from security systems is included in the Incident Response Plan. ...2 KB (287 words) - 20:17, 2 March 2007
- ...or the continuation of external party access in the case of an information security incident; ...s for the connection or access and the working arrangement. Generally, all security requirements resulting from work with external parties or internal controls ...21 KB (3,010 words) - 15:52, 25 June 2006
- ==Security== There are no formal statutory security measures currently in place (pending the promulgation of appropriate data p ...5 KB (762 words) - 16:03, 29 August 2014
- ...ed and whether they have been reexamined. Obtain the organization’s access security policy and discuss with those responsible whether they follow such standard ...2 KB (304 words) - 19:56, 25 June 2006
- ...er's encryption key must be reported to Lazarus Alliance, LLC. Information Security immediately so that the certificate may be revoked or at least within twent ...encryption algorithms, the encryption key must be provided to Information Security to ensure appropriate Company representatives can retrieve information shou ...4 KB (558 words) - 15:12, 21 January 2014
- ::'''2. Risk: Insufficient configuration controls can lead to security and availability exposures that may permit unauthorized access to systems a ...2 KB (314 words) - 18:27, 25 June 2006
- ...also create risk that can be in the form of more rework than anticipated, security holes, and privacy invasions (Messerschmitt and Szyperski, 2004).<br> ...1 KB (215 words) - 18:32, 13 April 2007
- ...ty, skill and knowledge of the systems under management, and controls over security, availability and processing integrity. ...2 KB (302 words) - 15:57, 25 June 2006
- ...authorized to have access" and is one of the cornerstones of [[Information security]]. Confidentiality is one of the design goals for many [[cryptosystem]]s, m ...y's classic "need-to-know" principle, forms the cornerstone of information security in today's corporates.<br> ...4 KB (669 words) - 15:05, 22 March 2007
- ...report lock down''', a '''credit lock down''', a '''credit lock''' or a '''security freeze''', allows an individual to control how a U.S. consumer reporting ag * [http://www.consumersunion.org/campaigns/learn_more/003484indiv.html State Security Freeze Laws], ConsumerUnion.org ...4 KB (663 words) - 12:59, 12 November 2011
- ...ty, skill and knowledge of the systems under management, and controls over security, availability and processing integrity. .<br> ...2 KB (317 words) - 18:30, 14 June 2006
- ...lopment processes to confirm they are based on industry standards and that security is included throughout the life cycle.<br> ...2 KB (298 words) - 18:26, 28 February 2007
- ...t Protection Standard, Company protection standards shall include specific security requirements in the following areas: ## Sample Protection Standards must be reviewed by the Information Security Department to ensure vulnerabilities are not introduced into the Company pr ...5 KB (681 words) - 21:56, 15 January 2014
- ...lopment processes to confirm they are based on industry standards and that security is included throughout the life cycle. From review of written software deve ...2 KB (297 words) - 18:33, 28 February 2007
- '''Protection standard''' refers to the required system and security configuration for a network device, system, or application.<br> '''System Security Accreditation''' refers to the formal authorization for system operation an ...16 KB (2,312 words) - 14:14, 1 May 2010
- ::'''1. Risk: Information security and business requirements may be compromised. Inaccurate results are produc ...bility study through maintenance of the completed application. Verify that security, availability, and process integrity requirements are included.<br> ...6 KB (804 words) - 12:14, 23 June 2006
- ...ver authorization, authentication, nonrepudiation, data classification and security monitoring may result in inaccurate financial reporting.''' ...2 KB (315 words) - 17:54, 25 June 2006
- ==Information Security Audit== ...rom auditing the physical security of data centers to the auditing logical security of databases and highlights key components to look for and different method ...21 KB (3,112 words) - 16:52, 15 June 2007
- ...uested by user management, approved by system owner and implemented by the security-responsible person. User identities and access rights are maintained in a c ::'''3. Risk: System security may be undermined by inappropriate external system connections.''' ...6 KB (870 words) - 18:08, 21 June 2006
- ...lopment processes to confirm they are based on industry standards and that security is included throughout the life cycle. From review of written software deve ...2 KB (304 words) - 18:36, 28 February 2007
- ...tocols allowed (e.g., FTP), which includes reason for use of protocol, and security features implemented. Examine documentation and settings for each service i ...2 KB (315 words) - 21:21, 2 March 2007
- ...al part of development in house. During the planning stages of development security, availability, and processing integrity must be considered. ...3 KB (335 words) - 14:05, 26 February 2007
- ...he appropriate Company personnel, including but not limited to Information Security, Information Technology, and Internal Audit.<br> ::2. Company management including but not limited to Information Security, Information Technology, and Internal Audit should be provided with a quart ...9 KB (1,122 words) - 14:12, 1 May 2010
- ...lopment processes to confirm they are based on industry standards and that security is included throughout the life cycle. From review of written software deve ...2 KB (307 words) - 18:29, 28 February 2007
- ...lopment processes to confirm they are based on industry standards and that security is included throughout the life cycle. From review of written software deve ...2 KB (304 words) - 18:28, 28 February 2007
- ...services or FTP as alternatives, resulting in higher costs and/or greater security risks. ...961 bytes (140 words) - 22:16, 15 March 2010
- ...e his skills to educate others about the vulnerabilities of their computer security systems. He will gladly investigate others' systems and inform them about h ...ent reality of sentencing. Having your client give speeches about computer security will not have the same deterrent effect on other potential computer crimina ...5 KB (770 words) - 21:45, 22 February 2009
- ...riate level of protection. This section provides templates for Information Security standards that are required to comply with ISO Asset Classification and Con ...1 KB (159 words) - 17:08, 25 July 2006
- ...lopment processes to confirm they are based on industry standards and that security is included throughout the life cycle. From review of written software deve ...2 KB (316 words) - 18:30, 28 February 2007
- ::'''2. Risk: Insufficient configuration controls can lead to security and availability exposures that may permit unauthorized access to systems a ...2 KB (324 words) - 18:46, 25 June 2006
- ::'''PCI-10.7 A:''' Obtain security policies and procedures and determine that they include audit log retention ...2 KB (332 words) - 21:09, 2 March 2007
- ...force the security controls we need to comply with the companies corporate security policy.<br> * Authorization and user security administration ...18 KB (2,920 words) - 17:59, 18 May 2007
- ...ce is not the strongest for which the prosecutor could hope. Often private security personnel or law enforcement officers called in to investigate the case wil ...ho sent e-mails to company threatening to exploit a breach in its computer security if company did not pay him $2.5 million, as required to support his convict ...4 KB (717 words) - 18:04, 22 February 2009
- ISO 17799 6.1 Security in job definition and resourcing.<br> ...2 KB (268 words) - 19:33, 1 May 2006
- ::2. Users must not adjust the browser security settings to be less restrictive than the Company-approved configuration.<br The Chief Information Security Officer (CISO) approves the Internet Acceptable Use Standard. The CISO also ...8 KB (1,184 words) - 14:12, 1 May 2010
- ...al part of development in house. During the planning stages of development security, availability, and processing integrity must be considered. ...3 KB (341 words) - 16:17, 21 June 2006
- :* Examine associated endpoint firewall and security software configurations to verify that administration is restricted only au ...2 KB (267 words) - 10:51, 16 June 2010
- ...and Reinvestment Act of 2009 (ARRA) and sets forth a federal standard for security breach notifications relating to the unauthorized dissemination of protecte ...s, use or disclosure of protected health information which compromises the security or privacy of such information, except where an unauthorized person to whom ...9 KB (1,358 words) - 16:25, 6 September 2011
- ...lopment processes to confirm they are based on industry standards and that security is included throughout the life cycle. From review of written software deve ...2 KB (334 words) - 18:37, 28 February 2007
- ...arising from access to secure university computer site and theft of Social Security numbers and biographical information, university's expenses in notifying in ...2 KB (272 words) - 21:48, 22 February 2009
- The Chief Information Security Officer (CISO) approves the Integrity Protection Standard. The CISO also is ...d should be submitted to <Insert Title> in accordance with the Information Security Standards Exception Procedure. Prior to official management approval of any ...7 KB (976 words) - 14:17, 1 May 2010
- ...control environment and control framework. [[Information_Security_Audit | Security audit]] assessments using industry best practices and benchmarking should b ...2 KB (291 words) - 13:41, 6 March 2007
- ISO 17799 6.1 Security in job definition and resourcing.<br> ...2 KB (284 words) - 19:38, 1 May 2006
- ==Information Security== ...nd externally developed software. Institutions should consider information security requirements and incorporate automated controls into internally developed p ...12 KB (1,538 words) - 22:41, 25 April 2007
- ISO 6.3 Responding to security incidents and malfunctions ...2 KB (281 words) - 17:42, 5 May 2006
- ...al part of development in house. During the planning stages of development security, availability, and processing integrity must be considered. ...3 KB (354 words) - 13:39, 22 June 2006
- '''Incident''' refers to an anomalous event that may indicate a security intrusion. ...ccordance with the SIRT Routine Operations Procedure, to routinely process security incidents and intrusion detected by automated or manual detection methods.< ...12 KB (1,720 words) - 14:10, 1 May 2010
- ...at a minimum, legal, financial, organizational, documentary, performance, security, intellectual property and termination responsibilities and liabilities (in ...2 KB (287 words) - 17:04, 3 May 2006
- ...d intrusions. The Company will satisfy these requirements through a formal Security Incident Response Team (SIRT). ### Perform basic forensic process to support security investigations. ...5 KB (737 words) - 15:24, 21 January 2014
- ...lly assessed, at least annually, for content, environmental protection and security. Ensure compatibility of hardware and software to restore archived data and * ISO 7.2 Equipment security<br> ...5 KB (700 words) - 18:07, 23 June 2006
- Computer crime involves not only computers, but accounting, security, and other areas of expertise. Counsel runs the risk of embarrassing cross- ...2 KB (358 words) - 19:18, 22 February 2009
- ...roject plan. The tasks should provide assurance that internal controls and security features meet the defined requirements.<br> ...2 KB (298 words) - 01:59, 2 May 2006
- ISO6.3 Responding to security incidents and malfunctions ...2 KB (299 words) - 17:41, 5 May 2006
- ...tions may include service levels, maintenance procedures, access controls, security, and performance review as a basis for payment and arbitration procedures.< ...2 KB (294 words) - 17:10, 3 May 2006
- ISO 177996.1 Security in job definition and resourcing.<br> ...2 KB (309 words) - 18:13, 1 May 2006
- ISO 17799 6.1 Security in job definition and resourcing.<br> ...2 KB (312 words) - 18:19, 3 May 2006
- [[Category:Operating system security]] ...2 KB (341 words) - 18:37, 14 June 2007
- ISO 17799 6.1 Security in job definition and resourcing.<br> ...2 KB (321 words) - 15:35, 25 June 2006
- ISO 17799 4.1 Information security infrastructure.<br> ...2 KB (303 words) - 18:06, 1 May 2006
- ==Security== ...5 KB (747 words) - 16:25, 29 August 2014
- One of the difficult aspects of computer security is identifying the individual believed to have committed a certain act usin ...2 KB (349 words) - 20:27, 22 February 2009
- ...nvironment should reflect the future operations environment (e.g., similar security, internal controls and workloads) to enable sound testing. Procedures shoul ...2 KB (316 words) - 17:47, 3 May 2006
- ...ver authorization, authentication, nonrepudiation, data classification and security monitoring may result in inaccurate financial reporting.''' ...3 KB (382 words) - 17:41, 25 June 2006
- ...tate, or local law enforcement officers. It may be investigated by private security personnel working for the victim as regular employees or as consultants. As ...2 KB (374 words) - 15:29, 22 February 2009
- ::::* Other security-related wireless vendor defaults, if applicable. ...3 KB (369 words) - 14:23, 27 February 2007
- ...For instance, encrypted data drastically lessens the effectiveness of any security mechanism that relies on inspections of the data, such as anti-virus scanni ...data security. Even if encryption is properly implemented, for example, a security breach at one of the endpoints of the communication can be used to steal th ...13 KB (2,019 words) - 11:46, 28 March 2008
- ...accepted compliance with the organization’s policies and procedures, e.g., security policies and procedures. ...3 KB (385 words) - 16:14, 25 June 2006
- ISO 10.5 Security in development and support processes.<br> ...2 KB (296 words) - 17:59, 3 May 2006
- What are assets? Asset Management from a corporate governance and information security perspective is not just about 'IT' Assets. It is about the management, cont ...is taken from and attributable to UK-National Health Services Information Security it I believe adequately covers what we can do/do with data. ...5 KB (705 words) - 13:29, 23 May 2007
- ...accepted compliance with the organization’s policies and procedures, e.g., security policies and procedures • The contracts were reviewed and signed by appropr ...3 KB (379 words) - 18:17, 14 June 2006
- ...who view computing from different perspectives (for instance, the head of security and the EDP auditor) may respond to the same question very differently owin ...2 KB (398 words) - 19:37, 22 February 2009
- ...release of only that part of the software which has been changed. For ex: Security patches to plug bugs in a software ...2 KB (352 words) - 16:42, 20 March 2007
- ISO 17799 4.1 Information security infrastructure.<br> ...2 KB (311 words) - 16:29, 1 May 2006
- ::*Analysis of auditing configurations to ensure that auditing is enabled and security events are logged and processed in accordance with the [[Sample Auditing St ...ities that can be exploited by threats and pose an immediate danger to the security of a system, network, or application.</td><td>Severe to Catastrophic</td></ ...11 KB (1,433 words) - 14:11, 1 May 2010
- ::'''1. Risk: Security and business continuity risks are introduced by technical designs incompati ...2 KB (323 words) - 15:09, 3 May 2006
- ...ance, and capacity for growth, levels of support, continuity planning, and security and demand constraints. <br> ...2 KB (332 words) - 18:24, 5 May 2006
- ISO 10.5 Security in development and support processes.<br> ...2 KB (346 words) - 20:00, 23 June 2006
- ...should include requirements for performance, stress, usability, pilot and security testing.<br> ...2 KB (322 words) - 17:43, 3 May 2006
- :* Information Security :* SP-10; Control And Security Risks in Electronic Imaging Systems, December 1993<br> ...15 KB (2,060 words) - 17:47, 15 June 2007
- ## Users must not adjust the electronic mail software security settings to be less restrictive than the Company approved configuration. ## For security and performance purposes, electronic mail attachments must be less than [35 ...7 KB (974 words) - 19:34, 16 January 2014
- The Chief Information Security Officer (CISO) approves the Social Computing Guidelines. The CISO also is r ...violations of the End User Computing and Technology Policy to Information Security or Management in a timely manner.<br> ...9 KB (1,430 words) - 14:56, 28 August 2009
- ...tware upgrades shall be expedited, as necessary, to effectively respond to security advisories or findings from assessment and monitoring activities. ...nature updates shall be expedited, as necessary, to effectively respond to security advisories of findings from assessment and monitoring activities. ...5 KB (765 words) - 20:00, 15 January 2014
- ISO 177993.1 Information security policy.<br> ...2 KB (346 words) - 18:25, 1 May 2006
- ...g its 50 states. (California alone has more than 25 state privacy and data security laws). These laws address particular problems or industries. They are too d ...sed this authority to pursue companies that fail to implement minimal data security measures or fail to live up to promises in privacy policies. ...14 KB (2,027 words) - 15:57, 29 August 2014
- ...t changes may be obtained by lawful means, an opportunity essential to the security of the Republic, is a fundamental principle of our constitutional system." ...1 KB (184 words) - 18:49, 10 April 2011
- ISO 17799 4.1 Information security infrastructure.<br> ...2 KB (351 words) - 17:03, 21 June 2006
- '''Personally Identifiable Information (PII)''', as used in [[information security]], is information that can be used to uniquely identify, contact, or locate ...distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal ...12 KB (1,899 words) - 12:24, 12 November 2011
- * ISO 17799 6.1 Security in job definition and resource.<br> ...3 KB (366 words) - 16:39, 26 June 2006
- ISO 17799 4.1 Information security infrastructure.<br> ...3 KB (356 words) - 17:11, 1 May 2006
- ::2.) security, ...3 KB (447 words) - 13:36, 23 June 2006
- ::'''1. Risk: Information security and business requirements may be compromised. Inaccurate results are produc ...bility study through maintenance of the completed application. Verify that security, availability, and process integrity requirements are included.<br> ...6 KB (863 words) - 13:12, 23 June 2006
- ...the development of requirements. Risks include threats to data integrity, security, availability, [[Privacy | privacy]], and compliance with laws and regulati ...2 KB (269 words) - 23:52, 14 June 2007
- ISO10.5 Security in development and support processes.<br> ...3 KB (382 words) - 18:02, 3 May 2006
- ...ents at least daily. Log reviews should include those servers that perform security functions like IDS and authentication (AAA) servers (e.g RADIUS).]]<br> ...4 KB (530 words) - 17:53, 7 July 2006
- ...c Operational Readiness Security Evaluation is a comprehensive information security framework designed to be accessible, extensible, comprehensive, and collabo ...| COBIT]]) is another approach to standardize good information technology security and control practices. This is done by providing tools to assess and measu ...12 KB (1,686 words) - 11:47, 30 May 2015
- ...s Layer (SSL), Point-to-Point Tunneling Protocol (PPTP), Internet Protocol Security (IPSEC) to safeguard sensitive cardholder data during transmission over pub ...4 KB (504 words) - 11:48, 28 March 2008
- ==Security== ...ion with the DGCE is mandatory. The main requirements are adherence to the security parameters periodically published by the DGCE, and the performance of annua ...8 KB (1,135 words) - 17:53, 29 August 2014
- ==Security== ...ainst AES implementations have been [[side channel attack]]s. The National Security Agency (NSA) reviewed all the AES finalists, including Rijndael, and stated ...18 KB (2,766 words) - 11:41, 28 March 2008
- ISO 4.2 Security of third-party access ...3 KB (408 words) - 16:10, 25 June 2006
- ::4. Access logs and security reports should be reviewed weekly for violations, compromises, and abnormal ::7. Access logs and security reports should be reviewed daily for violations, compromises, and abnormal ...12 KB (1,711 words) - 14:16, 1 May 2010
- ...sed on his or her own recognizance need not post any bail or other form of security but must simply execute a promise to appear at all scheduled court appearan ...3 KB (500 words) - 16:26, 18 February 2009
- The Chief Information Security Officer (CISO) approves the Telecommunications Acceptable Use Standard. The ...Company Telecommunications Resources and cooperating with official Company security investigations relating to misuse of such resources.<br> ...10 KB (1,473 words) - 14:13, 1 May 2010
- ::'''2. Risk: Security and business requirements are not check listed adequately, enforced, and te ...3 KB (403 words) - 12:37, 23 June 2006
- ...hreat assessment activities should be integrated, as appropriate, into the Security Awareness Program.<br> The Chief Information Security Officer (CISO) approves the Threat Assessment Standard. The CISO also is re ...8 KB (1,149 words) - 14:09, 1 May 2010
- ISO 4.1 Information security infrastructure. ...2 KB (303 words) - 18:16, 25 April 2007
- ...migration between environments, version control, test data and tools, and security.<br> ...3 KB (432 words) - 13:02, 23 June 2006
- As a career security practitioner and Chief Security Officer to several companies over the years, my significant responsibility ...focused on helping you understanding the core elements of a successful IT security risk management program for a commercial enterprise, the processes of calcu ...23 KB (3,630 words) - 10:19, 27 October 2012
- ..., arbitration procedures, upgrade terms, and fitness for purpose including security, escrow and access rights.<br> ...3 KB (428 words) - 14:05, 23 June 2006
- ::'''1. Risk: Security and business continuity risks are introduced by technical designs incompati ...3 KB (442 words) - 13:59, 23 June 2006
- Oracle's security by default is not extremely good. For example, Oracle will allow users to c ...entication MUST use a password security policy to maintain database access security. You MUST implement password constraints for all users that have the abilit ...22 KB (3,612 words) - 16:20, 15 November 2007
- :* What critical operational or security controls require implementation prior to recovery? ...3 KB (453 words) - 18:45, 25 April 2007
- ...performed and appropriately approved (including account management and IT security). Obtain and examine documents associated with requirements analysis from t ...3 KB (446 words) - 16:36, 1 May 2006
- ISO 4.1 Information security infrastructure<br> ...3 KB (456 words) - 17:15, 15 February 2007
- ::4. Remote Users must receive Company-approved technical and security training prior to being granted privileges to remotely access Company infor The Chief Information Security Officer (CISO) approves the Remote Access Control Standard. The CISO also i ...14 KB (1,956 words) - 14:16, 1 May 2010
- ...er career. There are several cases of computer criminals becoming computer security consultants, and benefiting from the notoriety of involvement in a computer ...3 KB (603 words) - 17:57, 22 February 2009
- ::'''2. Risk: Security and business continuity risks are introduced by technical designs incompati ...3 KB (471 words) - 12:32, 23 June 2006
- ...regation of duties, automated business controls, backup/recovery, physical security and source document archival.<br> ...3 KB (362 words) - 23:55, 14 June 2007
- The Chief Information Security Officer (CISO) approves the Change Control Standard. The CISO also is respo ...d should be submitted to <Insert Title> in accordance with the Information Security Standards Exception Procedure. Prior to official management approval of any ...12 KB (1,684 words) - 14:14, 1 May 2010
- ...clude source code reviews and other more advanced techniques to circumvent security measures.<br> ...WASP) web site is also a good resource to learn more about web application security.<br> ...14 KB (2,387 words) - 13:41, 4 April 2007
- Technical standards guides provide a security overview, as well as list requirements with detailed descriptions and expla ...4 KB (512 words) - 12:05, 25 July 2006
- ...ated Company policies are first accepted and subsequent Company supporting security, privacy and risk technology and processes are fully implemented. ...y Technology Resources if it adversely impacts the intended performance of security software, data leakage controls and risk mitigating controls implemented by ...10 KB (1,433 words) - 18:15, 14 January 2014
- ...ecks and dependence on key personnel that might present a threat to system security or services, and plan appropriate action. ...3 KB (490 words) - 13:42, 4 May 2006
- ...hing attacks to the Company email address that is monitored by Information Security Incident Response team members. This email address is: abuse@yourcompany.co ...y representative who should in turn report this information to Information Security.<br> ...14 KB (2,165 words) - 16:53, 22 September 2009
- * Where justified for purposes of national security, public order, public health, or for the protection of third party rights, ==Security== ...18 KB (2,869 words) - 17:46, 29 August 2014
- Technical standards guides provide a security overview, as well as list requirements with detailed descriptions and expla ...5 KB (597 words) - 15:27, 16 November 2006
- '''Can you mitigate database security risks?'''<br> ...ng data for order fulfillment, employee identification data such as social security numbers, and storing customer data such as shipping addresses and credit ca ...28 KB (4,261 words) - 11:45, 28 March 2008
- ISO 8.1 Operational procedures and responsibilities 10.5 Security in development and support processes. ...4 KB (537 words) - 13:57, 23 June 2006
- ...2: An assessment was made of the potential impact of the change, including security.<br> ...risk assessment, analysis of the impacts of changes, and specification of security controls which are required.<br> ...10 KB (1,393 words) - 14:28, 23 June 2006
- ...g, testing, and enhancing systems to ensure the integration of appropriate security controls. Specific instructions and requirements for systems development ar ...3 KB (389 words) - 17:40, 14 January 2014
- ...s used in many applications encountered in everyday life; examples include security of automated teller machine cards, computer passwords, and electronic comme ...ccessive blocks is required. Several have been developed, some with better security in one aspect or another than others. They are the mode of operations and m ...26 KB (3,873 words) - 11:44, 28 March 2008
- ...security for such documentation, including distribution control (see also "security of system documentation" control)<br> :* Regulatory requirements (e.g., privacy, security, consumer disclosures) ...19 KB (2,609 words) - 13:51, 23 May 2007
- ...r IT operations, including job scheduling and monitoring and responding to security, availability and processing integrity events. ...4 KB (522 words) - 20:12, 25 June 2006
- ...s Layer (SSL), Point-to-Point Tunneling Protocol (PPTP), Internet Protocol Security (IPSEC) to safeguard sensitive cardholder data during transmission over pub ...2 KB (346 words) - 12:22, 31 January 2014
- ::'''(B)''' security of information, including section 11332 of title 40 [1] ; and<br> ...3 KB (414 words) - 10:37, 1 June 2010
- ...ecks and dependence on key personnel that might present a threat to system security or services, and plan appropriate action.<br> ...4 KB (586 words) - 01:37, 1 May 2006
- ...rtise, and testing. Institutions should determine the appropriate level of security controls based on their assessment of the sensitivity of the information to :* Potential increase in volatility of funds should E-banking security problems negatively impact customer confidence or the market’s perception o ...11 KB (1,523 words) - 10:04, 28 April 2007
- ...ommerce to promulgate standards and guidance pertaining to the efficiency, security, and privacy of Federal computer systems. Authorizes the President to disap ...itle E:''' National Security Systems - Excludes, with exceptions, national security systems from the provisions of this title.<br> ...10 KB (1,502 words) - 19:27, 4 April 2010
- ...ations where the terminology is similar. For example, from the information security point of view, "digital signature" means the result of applying to specific ...These Guidelines use "digital signature" only as it is used in information security terminology, as meaning the result of applying the technical processes desc ...22 KB (3,420 words) - 15:18, 3 April 2007
- ...h only peripherally addressed BCP to improve an organization's information security procedures. BS 25999's applicability extends to all organizations. In 2007, * Hacker (computer security)|Cyber attack ...15 KB (2,046 words) - 11:39, 27 October 2012
- :* Host hardening, including patch application and security-minded configurations of the operating system (OS), browsers, and other net ...4 KB (568 words) - 17:25, 10 April 2007
- [[AI2.4:| 2.4 Application Security and Availability]]<br> ...3 KB (341 words) - 19:07, 14 June 2007
- * Security of the computer system: The fact that a person is charged with computer cri ...4 KB (684 words) - 20:10, 22 February 2009
- ...privacy and security requirements and payment card industry ([[PCI:|PCI]]) security standards put a further onus on companies to stay abreast of ever-changing ==Privacy and Security Trade-offs== ...19 KB (2,886 words) - 16:53, 29 August 2014
- ::* Regulatory, audit, and security reports from key service providers ...rts, resolution of audit findings, format and contents of work papers, and security over audit materials.<br> ...32 KB (4,518 words) - 17:53, 11 April 2007
- ...mercial credit and asset management, or enterprise-wide activities such as security and business continuity planning. This dual role and the increasing use of ...5 KB (645 words) - 18:03, 27 April 2007
- * ISO 17799 4.1 Information security infrastructure.<br> ...5 KB (699 words) - 19:59, 25 June 2006
- ...0.14:| '''SOX.2.0.14''']] Third-party service contracts address the risks, security controls and procedures for information systems and networks in the contrac :::f. [[SOX.2.0.16:| '''SOX.2.0.16''']] A regular review of security, availability and processing integrity is performed by third-party service ...39 KB (5,914 words) - 17:55, 13 April 2007
- ...nsider retrieval requirements, cost-effectiveness, continued integrity and security requirements. Establish storage and retention arrangements to satisfy legal ...5 KB (721 words) - 11:49, 28 March 2008
- ...took the premise and integrated the Security Trifecta philosophy of cyber security with Governance, Technology and Vigilance. The process is technically relia ===Security=== ...15 KB (2,212 words) - 17:29, 19 February 2015
- ==National Security Letters== ...ange of Internet-related communications service providers through National Security Letters. It requires only that the FBI director or his designee makes the r ...11 KB (1,707 words) - 20:01, 13 April 2011
- ...ensures that the final block is the right length, and is a key part of the security proof for this way of building hash functions, which is known as the Merkle ...6 KB (951 words) - 16:42, 14 June 2007
- Users' Security Handbook The Users' Security Handbook is the companion to the Site Security ...75 KB (10,622 words) - 14:38, 3 April 2007
- The National Security Agency has an active campaign to penetrate and destroy popular online priva ...3 KB (411 words) - 12:27, 16 October 2014
- #[[Amazon Web Services Security White Paper | Amazon Web Services Security White Paper]] #[[Applied Discovery Data Security & Privacy | Applied Discovery Data Security & Privacy]] ...16 KB (2,124 words) - 11:06, 16 March 2010
- ...trol and governance that influence a wide variety of factors, ranging from security to IP risk mitigation. In other words, well-run projects (whether nonprofit ...ware. Although open-source solutions are not inherently more vulnerable to security issues than closed source, they are not immune to these risks either.<br> ...11 KB (1,601 words) - 12:58, 10 April 2007
- ...aused by thousands of employees distracted from their work and by time its security department spent trying to halt the distractions after employee refused to ...5 KB (763 words) - 12:30, 18 February 2009
- ...h Cir. 1991). The owner of the trade secret must, however, take reasonable security measures when it does disclose the information, such as requiring non-discl ## The extent of the security measures taken by the owner of the trade secret need not be absolute, but m ...7 KB (1,065 words) - 16:48, 13 April 2011
- Auditing must be activated to record relevant security events. The audit logs must be securely maintained for a reasonable period ...5 KB (673 words) - 18:16, 14 January 2014
- ...collection, use, disclosure and retention of information; and employ data security practices. The European Commission has deemed the PIPED Act “adequate” unde (4) Security of personal data. This principle requires appropriate security measures to be applied to all personal data (including data that is not in ...19 KB (2,863 words) - 16:43, 21 September 2011
- ...PATRIOT Act, the Homeland Security Act and other laws focused on national security, Congress has been active in changing the legal landscape for access to rea ...mation without delay.” This provision was further modified by the Homeland Security Act to increase the number of governmental agencies to which service provid ...22 KB (3,315 words) - 00:16, 16 September 2011
- ...professionals who have experience in accounting, auditing, and information security. A SSAE 16 engagement allows a service organization to have its control pol * [http://www.it-audit.de A web based portal devoted to IT auditing and security. Please note that the site is programmed in German only.] ...10 KB (1,457 words) - 21:20, 21 August 2012
- ...use. The rapid growth of credit card use on the Internet has made database security lapses particularly costly; in some cases, millions of accounts have been c ...make unauthorized purchases on a card until it is canceled. Without other security measures, a thief could potentially purchase thousands of dollars in mercha ...25 KB (3,921 words) - 12:53, 12 November 2011
- ...a law enforcement problem, but poses a serious national and international security threat as well. ...inst hostile foreign countries to further U.S. foreign policy and national security objectives. OFAC is also responsible for issuing regulations that restrict ...13 KB (1,838 words) - 14:57, 20 April 2007
- The Administration Simplification provisions also address the security and privacy of health data. The standards are meant to improve the efficien ...security-rule/ Health Insurance Portability and Accountability Act (HIPAA) Security Rule]. The audit framework is available for purchase to implement it in you ...32 KB (4,732 words) - 19:36, 29 November 2013
- ...e hidden data, firm-wide understanding about metadata management as a real security concern still lags. ...4 KB (587 words) - 22:52, 15 March 2010
- ...ount management]], [[fault management]], [[performance management]], and [[security management]].<br> ...7 KB (942 words) - 15:09, 23 March 2007
- ==Security== ...would require that organizations report to the OPC 'any material breach of security safeguards involving personal information under its control'. The proposed ...18 KB (2,700 words) - 16:17, 29 August 2014
- ...se, each new or significantly modified business application must include a Security Impact Statement and Business Impact Analysis. ...5 KB (646 words) - 21:03, 15 January 2014
- Government expert's report: Proposed testimony of government computer security and forensic practitioners was expert testimony, so that federal rule of cr ...5 KB (816 words) - 15:41, 22 February 2009
- ...of all services, protocols, and ports allowed, including documentation of security features implemented for those protocols considered to be insecure.]]<br> ...5 KB (702 words) - 12:20, 16 June 2010
- ...the [[Sample_Third_Party_Security_Awareness_Standard:|Sample Third Party Security Awareness Standard]] policy example.<br> :* Security – The system is protected against unauthorized access, both physical and lo ...28 KB (4,089 words) - 14:37, 16 April 2007
- ...PATRIOT Act, the Homeland Security Act and other laws focused on national security, Congress has been active in changing the legal landscape for access to rea ...4-528 (2005); Anita Ramasastry, Lost In Translation? Data Mining, National Security and the “Adverse Inference” Problem, 22 SANTA CLARA COMPUTER & HIGH TECH. L ...23 KB (3,434 words) - 17:34, 13 April 2011
- ...e a policy in place to protect the information from foreseeable threats in security and data integrity ...ards Rule requires financial institutions to develop a written information security plan that describes how the company is prepared for, and plans to continue ...15 KB (2,184 words) - 17:02, 15 June 2007
- ...n and are not subject to sampling. Other controls, such as programming and security authorization, are conducive to audit trail inspection and are subject to s ...8 KB (1,155 words) - 20:14, 25 June 2006
- ...gly accessing a computer without authorization in order to obtain national security data *[[Computer security audit]] ...14 KB (2,101 words) - 11:35, 27 August 2011
- [[PO4.8:| 4.8 Responsibility for Risk, Security and Compliance]]<br> ...4 KB (517 words) - 19:07, 14 June 2007
- :4. '''[[Information Technology Infrastructure Library#Systems Management|Security Management]]''' ...release of only that part of the software which has been changed. For ex: Security patches to plug bugs in a software ...37 KB (5,348 words) - 10:12, 8 September 2011
- ...given that term in section 11101 of title 40 but does not include national security systems as defined in section 11103 of title 40;<br> ...5 KB (795 words) - 00:35, 1 June 2010
- [[Category:Computer network security]] ...5 KB (773 words) - 11:40, 27 August 2011
- # Security of personal information; and ...monitor the development of new wireless services, along with the privacy, security, advertising, and other consumer protection issues they raise. See http://w ...31 KB (4,666 words) - 13:19, 26 April 2011
- ...viduals and network access issues. A subsequent section addresses physical security controls. ...he minimum required for work to be performed. The financial institution’s security policy should address access rights to system resources and how those right ...78 KB (11,440 words) - 02:00, 10 April 2007
- * [http://safetynet-info.com SafetyNET] Security Appliance and suite of products. ...is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.<br> ...8 KB (1,058 words) - 12:30, 5 August 2011
- ...nformation, important documents, and even documents necessary for homeland security. If the hacker were to gain this information, it would mean identity theft ...lly fabricated. The most common technique involves combining a real social security number with a name and birth date other than the ones associated with the n ...37 KB (5,577 words) - 14:50, 12 November 2011
- ...hether the risk management method is in the context of project management, security, risk analysis, industrial processes, financial portfolios, actuarial asses ...E (annualized loss expectancy) and compares the expected loss value to the security control implementation costs (cost-benefit analysis). ...27 KB (4,185 words) - 23:45, 10 March 2010
- ...ly for the purpose of good faith testing for, investigating, or correcting security flaws or vulnerabilities, if: ...rmation derived from the security testing is used primarily to promote the security of the owner or operator of a computer, computer system, or computer networ ...26 KB (3,969 words) - 11:00, 30 October 2011
- # Security—collected data should be kept secure from any potential abuses; * a general description of the measures taken to ensure security of processing. ...15 KB (2,297 words) - 16:59, 21 September 2011
- * [[physical security]] ...7 KB (1,040 words) - 10:48, 27 October 2012
- ...to IT security risk management and may be found here: Risky Business: [[IT Security Risk Management Demystified]] ...] risk assessments should cover all IT risk management functions including security, outsourcing, and business continuity. Senior management should ensure IT-r ...43 KB (6,368 words) - 11:22, 4 July 2015
- * [[Use of computer security consultants, EDP auditors, and computer professionals]] ...9 KB (1,069 words) - 20:29, 22 February 2009
- ...son may be shown in any manner, including a showing of the efficacy of any security procedure applied to determine the person to which the electronic record or ...9 KB (1,499 words) - 11:31, 30 October 2011
- ...de in a traditionally business-related AS2 transmission usually involves a security certificate, routing a large number of partners through a VAN can make cert ...e Internet using HTTP, a standard used by the World Wide Web. AS2 provides security for the transport payload through digital signatures and data encryption, a ...18 KB (2,828 words) - 11:22, 27 August 2011
- ...n to companies such as electronic marketing, online privacy, registration, security, transfer, and breach notification, with analysis provided by [http://www.l *[[Computer_Security_Act_1987 | Computer Security Act of 1987]] ...20 KB (2,921 words) - 16:47, 29 August 2014
- ...a monitoring tool. This information includes opening balances, funds and security transfers, accounting activity, and DI cap and collateral limits. ...er and corporate bill payments, interest and dividend payments, and Social Security payments. ...74 KB (11,078 words) - 13:08, 9 April 2007
- Florida Statutes (Full Volume 1995): CHAPTER 934 - CHAPTER 934: SECURITY OF COMMUNICATIONS ...9 KB (1,358 words) - 22:11, 5 September 2011
- ...urtherance of the administration of justice, national defense, or national security;<br> ...15 KB (2,463 words) - 11:31, 1 May 2010
- ...urtherance of the administration of justice, national defense, or national security; or ...urtherance of the administration of justice, national defense, or national security;”. ...85 KB (12,600 words) - 16:49, 1 March 2009
- * national security messages. ...ck of authentication of email would undermine the list, and it could raise security concerns. ...26 KB (4,026 words) - 12:15, 5 May 2011
- ...or the occupant’s permission or knowledge; the expanded use of [[National Security Letters]], which allows the [[Federal Bureau of Investigation]] (FBI) to se .../cgi-bin/bdquery/z?d108:H.R.3171: H.R. 3171], [[THOMAS]]</ref> and the ''[[Security and Freedom Ensured Act]]'' (SAFE),<ref name="SAFE-THOMAS"> ...142 KB (21,198 words) - 10:23, 23 August 2011
- ...ajor banking crisis caused mostly by credit default swaps, mortgage-backed security markets and similar derivatives. As [[Basel III]] was negotiated, this was ...19 KB (2,934 words) - 21:46, 2 September 2012
- ...y and legitimacy online, and the simplicity with which [[cracker (computer security)|cracker]]s can divert browsers to dishonest sites and steal credit card de ...15 KB (2,222 words) - 15:20, 12 November 2011
- ...ecords; the party opposing admission would have to show only that a better security system was feasible."). ...43 KB (6,432 words) - 13:22, 5 August 2011
- ...stalking. The court also held that if a broker obtained a person’s social security number without the person’s permission and sold the number to a client, the ...21 KB (3,283 words) - 13:26, 26 April 2011
- ...any special time considerations. Note that it is a violation of Department security regulations to transmit the sensitive information in electronic surveillanc ...29 KB (4,458 words) - 12:24, 16 October 2014
- ...even types of criminal activity enumerated in the CFAA: obtaining national security information, compromising confidentiality, trespassing in a government comp ...violate the CFAA by releasing the findings of their research regarding the security holes associated with the MBTA fare charging system. The court found that a ...53 KB (7,910 words) - 21:25, 13 April 2011
- ...description of the goods so that they can be recognized and (c) provide a security to indemnify the importer, the owner of the goods, and the customs authorit ...46 KB (7,265 words) - 12:09, 2 May 2010
- ...t changes may be obtained by lawful means, an opportunity essential to the security of the Republic, is a fundamental principle of our constitutional system." ...32 KB (4,920 words) - 19:22, 10 April 2011
- ...ystem operator" whose job is to keep the network running smoothly, monitor security, and repair the network when problems arise. System operators have "root le ...s search based simply on actions taken in the light of a posted notice."); Security and Law Enforcement Employees, Dist. Council 82 v. Carey, 737 F.2d 187, 202 ...154 KB (23,956 words) - 13:16, 5 August 2011
- *[[Financial Security Law of France]] ("Loi sur la Sécurité Financière") — French equivalent of S ...38 KB (5,614 words) - 14:31, 15 April 2010
- ...oint of view came under substantial criticism circa in the wake of various security scandals including mutual fund timing episodes and, in particular, the back ...45 KB (6,604 words) - 15:20, 15 April 2010
- ...ration reserves the right to monitor use of this network to ensure network security and to respond to specific allegations of employee misuse. Use of this netw ...83 KB (12,981 words) - 12:42, 5 August 2011
- ...e . . . residence so that a computer expert could attempt to 'crack' these security measures, a process that takes some time and effort. Like the seizure of do ...138 KB (21,660 words) - 13:18, 5 August 2011
- ...s characteristic of organized crime; (3) an immediate threat to a national security interest; or (4) an ongoing attack on a protected computer (as defined in 1 ...97 KB (14,928 words) - 13:21, 5 August 2011