Systems Development and Maintenance:

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search

Systems Development and Maintenance

ISO 17799 defines Systems Development and Maintenance objectives to ensure security is built into operational systems; prevent loss. modification or misuse of user data; protect the confidentiality, authenticity and integrity of information; ensure IT projects and support activities are conducted in a secure manner; and maintain the security of application system software and data. This section provides templates for Information Security standards that are required to comply with ISO Systems Development and Maintenance objectives and support the objectives established in the Asset Protection Policy and Asset Management Policy.

1. Sample ISO Life Cycle Management Standard
The Life Cycle Management Standard is required to comply with ISO Systems Development and Maintenance objectives and builds on the objectives established in the Asset Management Policy by providing specific requirements and instructions for life cycle management of information systems, including hardware and software.


2. Sample ISO Configuration Management Standard
The Configuration Management Standard is required to comply with ISO Systems Development and Maintenance objectives and builds on the objectives established in the Asset Management Policy by providing specific instructions and requirements for establishing and maintaining baseline protection standards for Company network devices, servers, and desktops.


3. Sample ISO Change Control Standard
The Change Control Standard is required to comply with ISO Systems Development and Maintenance objectives and builds on the objectives established in the Asset Management Policy by providing specific instructions and requirements for following approved processes and procedures that ensure only authorized updates and changes are implemented in the production environment.


4. Sample ISO System Development Life Cycle Standard
The System Development Life Cycle Standard is required to comply with ISO Systems Development and Maintenance objectives and builds on the objectives established in the Asset Management Policy by providing specific instructions and requirements for the development of secure enterprise-wide systems.


5. Sample Technical Protection Standards
These technical standards are required to comply with ISO Systems Development and Maintenance objectives and provide detailed best practices for configuring and hardening various technologies in accordance with the Asset Protection Policy.


6. Sample ISO Access Control Standard
The Access Control Standard is required to comply with ISO Systems Development and Maintenance objectives and builds on the objectives established in the Asset Protection Policy by providing specific requirements and instructions for controlling access to information assets.


7. Sample ISO Availability Protection Standard
The Availability Protection Standard is required to comply with ISO Systems Development and Maintenance objectives and builds on the objectives established in the Asset Protection Policy by providing specific requirements for protecting the availability of information assets.


8. Sample ISO Integrity Protection Standard
The Integrity Protection Standard is required to comply with ISO Systems Development and Maintenance objectives and builds on the objectives established in the Asset Protection Policy by providing specific requirements for protecting the integrity of sensitive information.


9. Sample ISO Encryption Standard
The Encryption Standard is required to comply with ISO Systems Development and Maintenance objectives and builds on the objectives established in the Asset Protection Policy by providing specific requirements for encrypting sensitive information.


10. Sample ISO Anti-Virus Standard
This Anti-Virus Standard is required to comply with ISO Systems Development and Maintenance objectives and builds on the objectives established in the Asset Protection Policy by providing specific instructions and requirements for protecting information assets from viruses and malicious code.