Search results

...that are needed to create, implement, and maintain a risk management-based Information Security Program that complies with SOX Section 404.<br> ...cies, and standards) that are needed to create, implement, and maintain an Information Security Program that complies with SOX Section 404.<br> ...

'''Risk Association Control Activities:''' ::'''1. Risk: Controls provide reasonable assurance that policies and procedures that de ...

'''PO 10.9 Project Risk Management'''<br> ...at have the potential to cause unwanted change. Risks faced by the project management process and the project deliverable should be established and centrally rec ...

...anagement procedure. Include periodic review against business needs, patch management and upgrade strategies, risks, vulnerabilities assessment and security requ '''Risk Association Control Activities:'''<br> ...

'''DS 12.5 Physical Facilities Management '''<br> '''Risk Association Control Activities:'''<br> ...

...er include access rights and privilege management, protection of sensitive information at all stages, authentication and transaction integrity, and automatic reco '''Risk Association Control Activities:'''<br> ...

...t Operations Framework (MOF) 4.0''' is a series of guides aimed at helping information technology (IT) professionals establish and implement reliable, cost-effect ...| governance]], [[Risk_management | risk]], and [[compliance]] activities; management reviews, and Microsoft Solutions Framework (MSF) best practices.<br> ...

...ual responsible for the function and which exceptions should be escalated. Management is also responsible to inform affected parties.<br> '''Risk Association Control Activities:'''<br> ...

'''Risk Association Control Activities:'''<br> ::'''1. Risk: Operational failures may not be identified and resolved in an appropriate, ...

...nd prioritization of any reported issue as an incident, service request or information request. Measure end users’ satisfaction with the quality of the service de '''Risk Association Control Activities:'''<br> ...

...ual responsible for the function and which exceptions should be escalated. Management is also responsible to inform affected parties.<br> '''Risk Association Control Activities:'''<br> ...

'''Risk Association Control Activities:'''<br> ::'''1. Risk: Systems do not meet business needs because not all business functional and ...

...ange processes. The IT process framework should be integrated in a quality management system and the internal control framework.<br> ...ay provide invalid information, which could result in unreliable financial information and reports.<br> ...

'''MANAGEMENT CONTROL '''<br> '''Risk Association Control Activities:'''<br> ...

'''Risk Association Control Activities:'''<br> ::'''1. Risk: Security incidents and incompliance with information security procedures may go overlooked and not addressed.''' ...

==Information Security Policy== ...ective of this category is to provide management direction and support for information security in accordance with business requirements and all relevant laws, re ...

...d so security incidents can be properly treated by the incident or problem management process. Characteristics include a description of what is considered a secu '''Risk Association Control Activities:'''<br> ...

...ata classification policy and the enterprise’s media storage practices. IT management should ensure that offsite arrangements are periodically assessed, at least '''Risk Association Control Activities:'''<br> ...

'''DS 2.3 Supplier Risk Management'''<br> ...iness standards in accordance with legal and regulatory requirements. Risk management should further consider non-disclosure agreements (NDA), escrow contracts, ...

'''PO 5.1 Financial Management Framework'''<br> ...these portfolios to the budget prioritization, cost management and benefit management processes.<br> ...