Search results
Jump to navigation
Jump to search
- ...ormation requirements, IT configuration, information risk action plans and information security culture into an overall IT security plan. The plan is implemented ...y policy exists and has been approved by an appropriate level of executive management. ...10 KB (1,333 words) - 17:44, 25 June 2006
- ==FFIEC Information Technology Examination Handbook Executive Summary== ...ve effort of the FFIEC’s five member agencies, has replaced the 1996 FFIEC Information Systems Examination Handbook (1996 Handbook). ...15 KB (2,060 words) - 17:47, 15 June 2007
- ...1)''' The term '''information security''' means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification ...st improper information modification or destruction, and includes ensuring information non-repudiation and authenticity; ...2 KB (327 words) - 00:58, 1 June 2010
- ...financial resources expended by persons to generate, maintain, or provide information to or for a Federal agency, including the resources expended for—<br> :'''(B)''' acquiring, installing, and utilizing technology and systems; ...5 KB (795 words) - 00:35, 1 June 2010
- ...bility to identify, acquire, install, and maintain appropriate information technology systems.” The process includes the internal development of software applic ...o deliver products or services, maintain a competitive position, or manage information.<br> ...12 KB (1,538 words) - 22:41, 25 April 2007
- =='''Vulnerability Management Standard'''== ...jectives for establishing specific standards on the assessment and ongoing management of vulnerabilities.<br> ...9 KB (1,122 words) - 14:12, 1 May 2010
- '''Federal Information Security Management Act (FISMA)''' ...the implementation of and compliance with the Federal Information Security Management Act including: ...9 KB (1,252 words) - 19:19, 19 April 2010
- ...hanges to business processes, technology and skills are assessed. Business management, supported by the IT function, should assess the feasibility and alternativ Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...2 KB (357 words) - 14:15, 3 May 2006
- ...igence Directives.''' Protecting Special Access Program Information Within Information Systems policy excerpt: [[Media:JAFAN_6_3.pdf]]<br> :'''Avoid Session Management Pitfalls:''' [[Media:session-management-security.pdf]]<br> ...6 KB (839 words) - 16:22, 23 April 2007
- == Requirement 12: Maintain a policy that addresses information security. == ::[[Image:Key-control.jpg]][[PCI-12.3.1:|PCI-12.3.1 Explicit management approval.]]<br> ...7 KB (988 words) - 19:11, 7 July 2006
- ...virus control) across the organization to protect information systems and technology from malware (viruses, worms, spy-ware, spam, internally developed fraudule ...shed procedures across the organization to protect information systems and technology from computer viruses. ...8 KB (1,177 words) - 19:00, 25 June 2006
- ==Security requirements of information systems== ...egory is to ensure that security is an integral part of the organization's information systems, and of the business processes associated with those systems.<br> ...9 KB (1,170 words) - 14:05, 22 May 2007
- ...mation technology (IT) systems and their performance management and [[risk management]]. The rising interest in IT governance is partly due to compliance initiat ...bility framework to encourage desirable behavior in the use of information technology."''<br> ...12 KB (1,686 words) - 11:47, 30 May 2015
- ...ding networks, systems, and applications that store, process, and transmit information assets.<br> ...tives established in the [[Sample Asset Management Policy:|'''Sample Asset Management Standard''']], and provides specific instructions and requirements for esta ...9 KB (1,213 words) - 13:20, 9 March 2009
- ...rization controls over the initiation of transactions, resulting financial information may not be reliable. :::a. [[SOX.2.7.10:|'''SOX.2.7.10''']] Management protects sensitive information— logically and physically, in storage and during transmission—against unaut ...5 KB (721 words) - 11:49, 28 March 2008
- ==Incident Management== ...| Service Level Management]] process area. The first goal of the incident management process is to restore a normal service operation as quickly as possible and ...9 KB (1,371 words) - 16:40, 23 May 2007
- ...odies, such as an IT strategy committee, to provide strategic direction to management relative to IT, ensuring that the strategy and objectives are cascaded down Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...3 KB (410 words) - 13:30, 4 May 2006
- ...ings are well known in hacker communities and easily determined via public information.<br> ...ngs, and disabling of SSID broadcasts. Enable Wi-Fi Protected Access (WPA) technology for encryption and authentication when WPA-capable.]]<br> ...2 KB (283 words) - 17:00, 26 June 2006
- ...bjective of this category is to ensure the correct and secure operation of information processing facilities.<br> ==Communications and Operations Management== ...19 KB (2,609 words) - 13:51, 23 May 2007
- ...nd followed for all significant changes in applications and infrastructure technology, which addresses unit, system, integration and user-acceptance-level testin Insert remediation plan, applicability, or any information that indicates what needs to be done.<br> ...6 KB (878 words) - 13:34, 23 June 2006