Search results
Jump to navigation
Jump to search
- '''DS 5.6 Security Incident Definition'''<br> ...ent process. Characteristics include a description of what is considered a security incident and its impact level. A limited number of impact levels are define ...4 KB (548 words) - 14:21, 4 May 2006
- ...implement, and maintain a best practice, risk management-based information security program.<br> ...implement, and maintain a best practice, risk management-based Information Security Program.<br> ...5 KB (705 words) - 11:39, 30 May 2015
- ...cilities, technology, and user procedures) and ensure that the information security requirements are met by all components. The test data should be saved for a ISO 17799 12.1 Security requirements of information systems.<br> ...5 KB (730 words) - 19:05, 17 April 2007
- ...plied to both new and legacy information systems within the context of the system development life cycle and the organizational enterprise information techno :Categorize the information system and the information resident within that system based on impact. ...4 KB (528 words) - 16:58, 28 March 2010
- '''DS 5.5 Security Testing, Surveillance and Monitoring'''<br> ...ly. IT security should be reaccredited periodically to ensure the approved security level is maintained. A logging and monitoring function enables the early de ...7 KB (975 words) - 16:57, 9 April 2007
- ::'''1. Risk: Insufficient configuration controls can lead to security and availability exposures that may permit unauthorized access to systems a ...']] System infrastructure, including firewalls, routers, switches, network operating systems, servers and other related devices, is properly configured to preve ...2 KB (315 words) - 18:38, 25 June 2006
- ...ging scheme such that audit logs are securely written to a centralized log system. ## The centralized log system shall provide a mechanism for archiving audit logs in accordance with appli ...3 KB (444 words) - 20:12, 15 January 2014
- ...h management and upgrade strategies, risks, vulnerabilities assessment and security requirements.<br> ...anges in applications and infrastructure technology, which addresses unit, system, integration and user-acceptance-level testing so that deployed systems ope ...6 KB (819 words) - 13:54, 23 June 2006
- ...op and maintain a risk response to ensure that cost-effective controls and security measures mitigate exposure to risks on a continuing basis. The risk respons All accounts that remain following the comparison to current system accounts should be investigated as they are most likely policy violations a ...5 KB (738 words) - 20:24, 1 May 2006
- ...h agency shall have performed an independent evaluation of the information security program and practices of that agency to determine the effectiveness of such ::'''(A)''' testing of the effectiveness of information security policies, procedures, and practices of a representative subset of the agenc ...4 KB (682 words) - 19:17, 3 June 2010
- =='''Logical Security'''== ...n a computer network or a computer workstation. It is a subset of computer security.<br> ...7 KB (1,093 words) - 19:00, 5 March 2007
- ...ort issues and upgrades, periodic review against business needs, risks and security requirements.<br> ...anges in applications and infrastructure technology, which addresses unit, system, integration and user-acceptance-level testing so that deployed systems ope ...6 KB (878 words) - 13:34, 23 June 2006
- ...service requirements, service definitions, service level agreements (SLA), operating level agreements (OLA) and funding sources. These attributes are organized ::'''1. Risk: Development and maintenance of system with potential impact to financial reporting bypass processes for identifyi ...4 KB (524 words) - 15:03, 25 June 2006
- ...h agency shall have performed an independent evaluation of the information security program and practices of that agency to determine the effectiveness of such ::'''(A)''' testing of the effectiveness of information security policies, procedures, and practices of a representative subset of the agenc ...4 KB (634 words) - 13:00, 4 June 2010
- ...t Protection Standard, Company protection standards shall include specific security requirements in the following areas: ## Sample Protection Standards must be reviewed by the Information Security Department to ensure vulnerabilities are not introduced into the Company pr ...5 KB (681 words) - 21:56, 15 January 2014
- ...modern computers and receive hundreds of megabytes of data, poses another security headache. A spy (perhaps posing as a cleaning person) could easily conceal ...ains fully present until overwritten at some later time when the operating system reuses the disk space. With even low-end computers being sold with 30 Gigab ...4 KB (702 words) - 15:52, 14 June 2007
- ...is scheme includes details about data ownership, definition of appropriate security levels and protection controls, and a brief description of data retention a ISO 17799 4.1 Information security infrastructure.<br> ...3 KB (363 words) - 16:53, 9 April 2007
- ...user activity and security related events which are reviewed daily by the security administrators.<br> ...revalidations of user group membership and user accounts are performed by security administration.<br> ...4 KB (550 words) - 14:34, 1 May 2006
- [[DS1.4:| 1.4 Operating Level Agreements]]<br> [[DS5:| '''5 Ensure Systems Security''']]<br> ...4 KB (538 words) - 19:08, 14 June 2007
- ==Security requirements of information systems== The objective of this category is to ensure that security is an integral part of the organization's information systems, and of the b ...9 KB (1,170 words) - 14:05, 22 May 2007