Search results

==National security systems== ...head of each agency operating or exercising control of a national security system shall be responsible for ensuring that the agency—<br> ...

==National security systems== ...head of each agency operating or exercising control of a national security system shall be responsible for ensuring that the agency—<br> ...

==Federal information security incident center== ...— The Director shall ensure the operation of a central Federal information security incident center to—<br> ...

== Requirement 11: Regularly test security systems and processes. == ...tems, processes, and custom software should be tested frequently to ensure security is maintained over time and through changes. ...

'''2. Risk: Unauthorized execution of privileged system commands may disrupt business processes, and corrupt critical business data :a. [[SOX.4.2.4.5:|'''SOX.4.2.4.5''']] The OS/400 operating application has a session "Time-Out" function enabled.<br> ...

'''2. Risk: Unauthorized execution of privileged system commands may disrupt business processes, and corrupt critical business data :a. [[SOX.4.2.2.5:|'''SOX.4.2.2.5''']] The WINDOWS operating application has a session "Time-Out" function enabled.<br> ...

:a. [[SOX.2.1.1.1:|'''SOX.2.1.1.1''']] The ROUTER operating application has a session "Time-Out" function enabled.<br> :a. [[SOX.2.1.1.3:|'''SOX.2.1.1.3''']] The ROUTER system will not allow identical administrator IDs.<br> ...

'''2. Risk: Unauthorized execution of privileged system commands may disrupt business processes, and corrupt critical business data :a. [[SOX.2.1.3.5:|'''SOX.2.1.3.5''']] The VPN operating application has a session "Time-Out" function enabled.<br> ...

::'''Examine the organization’s system configuration standards for network components and critical servers, includ ...e that they have knowledge of common security parameter settings for their operating systems, database servers, Web servers, and wireless systems.<br> ...

'''2. Risk: Unauthorized execution of privileged system commands may disrupt business processes, and corrupt critical business data :a. [[SOX.2.1.2.5:|'''SOX.2.1.2.5''']] The FIREWALL operating application has a session "Time-Out" function enabled.<br> ...

'''DS 5.1 Management of IT Security'''<br> ...rity at the highest appropriate organizational level, so the management of security actions is in line with business requirements. ...

'''2. Risk: Unauthorized execution of privileged system commands may disrupt business processes, and corrupt critical business data :a. [[SOX.4.2.1.5:|'''SOX.4.2.1.5''']] The UNIX operating application has a session "Time-Out" function enabled.<br> ...

'''2. Risk: Unauthorized execution of privileged system commands may disrupt business processes, and corrupt critical business data :a. [[SOX.2.1.5.5:|'''SOX.2.1.5.5''']] The IDS-IPS operating application has a session "Time-Out" function enabled.<br> ...

:a. SOX.4.2.1.9: The UNIX operating system application has forensic auditing enabled to enable the monitoring of admin ...otification message produced by the system being tested to verify that the security administrators are being proactively notified of possible access violations ...

'''2. Risk: Unauthorized execution of privileged system commands may disrupt business processes, and corrupt critical business data :a. [[SOX.2.1.4.5:|'''SOX.2.1.4.5''']] The SWITCH operating application has a session "Time-Out" function enabled.<br> ...

Implement internal control, security and audit ability measures during configuration, integration and maintenanc ...tection or Prevention System|'''3.2.1.5: Intrusion Detection or Prevention System''']]<br> ...

Controls provide reasonable assurance that IT components, as they relate to security, processing and availability, are well protected, would prevent any unautho ...ensing details. A baseline of configuration items should be kept for every system and service as a checkpoint to which to return after changes. ...

...lidate security. Remember, it only takes one hole to compromise the entire security model. The areas covered are just a portion of the constant and never-endin ...ch one to use should be carefully determined by the environment, operating system, and purpose of the DB2 server.<br> ...

'''DS 11.6 Security Requirements for Data Management '''<br> Establish arrangements to identify and apply security requirements applicable to the receipt, processing, physical storage and ou ...

A '''privilege''' in a computer system is a permission to perform an action. Examples of various privileges includ ...an action. For example, on systems where people are required to log into a system to use it, logging out will not require a privilege. Systems that do not i ...

'''DS 5.6 Security Incident Definition'''<br> ...ent process. Characteristics include a description of what is considered a security incident and its impact level. A limited number of impact levels are define ...

...implement, and maintain a best practice, risk management-based information security program.<br> ...implement, and maintain a best practice, risk management-based Information Security Program.<br> ...

...cilities, technology, and user procedures) and ensure that the information security requirements are met by all components. The test data should be saved for a ISO 17799 12.1 Security requirements of information systems.<br> ...

...plied to both new and legacy information systems within the context of the system development life cycle and the organizational enterprise information techno :Categorize the information system and the information resident within that system based on impact. ...

'''DS 5.5 Security Testing, Surveillance and Monitoring'''<br> ...ly. IT security should be reaccredited periodically to ensure the approved security level is maintained. A logging and monitoring function enables the early de ...

::'''1. Risk: Insufficient configuration controls can lead to security and availability exposures that may permit unauthorized access to systems a ...']] System infrastructure, including firewalls, routers, switches, network operating systems, servers and other related devices, is properly configured to preve ...

...ging scheme such that audit logs are securely written to a centralized log system. ## The centralized log system shall provide a mechanism for archiving audit logs in accordance with appli ...

...h management and upgrade strategies, risks, vulnerabilities assessment and security requirements.<br> ...anges in applications and infrastructure technology, which addresses unit, system, integration and user-acceptance-level testing so that deployed systems ope ...

...op and maintain a risk response to ensure that cost-effective controls and security measures mitigate exposure to risks on a continuing basis. The risk respons All accounts that remain following the comparison to current system accounts should be investigated as they are most likely policy violations a ...

...h agency shall have performed an independent evaluation of the information security program and practices of that agency to determine the effectiveness of such ::'''(A)''' testing of the effectiveness of information security policies, procedures, and practices of a representative subset of the agenc ...

=='''Logical Security'''== ...n a computer network or a computer workstation. It is a subset of computer security.<br> ...

...ort issues and upgrades, periodic review against business needs, risks and security requirements.<br> ...anges in applications and infrastructure technology, which addresses unit, system, integration and user-acceptance-level testing so that deployed systems ope ...

...service requirements, service definitions, service level agreements (SLA), operating level agreements (OLA) and funding sources. These attributes are organized ::'''1. Risk: Development and maintenance of system with potential impact to financial reporting bypass processes for identifyi ...

...h agency shall have performed an independent evaluation of the information security program and practices of that agency to determine the effectiveness of such ::'''(A)''' testing of the effectiveness of information security policies, procedures, and practices of a representative subset of the agenc ...

...t Protection Standard, Company protection standards shall include specific security requirements in the following areas: ## Sample Protection Standards must be reviewed by the Information Security Department to ensure vulnerabilities are not introduced into the Company pr ...

...modern computers and receive hundreds of megabytes of data, poses another security headache. A spy (perhaps posing as a cleaning person) could easily conceal ...ains fully present until overwritten at some later time when the operating system reuses the disk space. With even low-end computers being sold with 30 Gigab ...

...is scheme includes details about data ownership, definition of appropriate security levels and protection controls, and a brief description of data retention a ISO 17799 4.1 Information security infrastructure.<br> ...

...user activity and security related events which are reviewed daily by the security administrators.<br> ...revalidations of user group membership and user accounts are performed by security administration.<br> ...

[[DS1.4:| 1.4 Operating Level Agreements]]<br> [[DS5:| '''5 Ensure Systems Security''']]<br> ...

==Security requirements of information systems== The objective of this category is to ensure that security is an integral part of the organization's information systems, and of the b ...

...ts (NDA), escrow contracts, continued supplier viability, conformance with security requirements, alternative suppliers, penalties and rewards, etc.<br> ...OX.1.24:|'''SOX.1.24''']] Third-party service contracts address the risks, security controls and procedures for information systems and networks in the contrac ...

...nvironment for IT, aligned with the enterprise’s management philosophy and operating style. These elements include expectations/requirements regarding delivery ...performed and appropriately approved (including account management and IT security). Obtain and examine documents associated with requirements analysis from t ...

'''DS 5.2 IT Security Plan '''<br> ...ith appropriate investments in services, personnel, software and hardware. Security policies and procedures are communicated to stakeholders and users. ...

...lication, potentially affecting all Internet users with whatever operating system or application the code needs to function. ...ding patch application and security-minded configurations of the operating system (OS), browsers, and other network-aware software. ...

...release of only that part of the software which has been changed. For ex: Security patches to plug bugs in a software *Packaged Release : is a combination of many changes . For ex : an Operating System image containing the applications as well. ...

...he 501(b) guidelines to ensure service providers have implemented adequate security controls to safeguard customer information. :* Require service providers by contract to implement appropriate security controls to comply with the guidelines ...

Controls provide reasonable assurance that system changes of financial reporting significance are authorized and appropriatel ...intenance and patches) for changes to applications, procedures, processes, system and service parameters, and the underlying platforms.<br> ...

Oracle's security by default is not extremely good. For example, Oracle will allow users to c Guest default accounts, which allow anonymous users to sign on the system, MUST be disabled, changed, or otherwise properly configured to prevent acc ...

...tackers are unlikely to find them. The technique stands in contrast with [[security by design]], although many real-world projects include elements of both str ...aphy was disturbing to the US government, which seems to have been using a security through obscurity analysis to support its opposition to such work. ...

* Systems documentation for computer system allegedly compromised ...ilures, slowdowns, etc. of the Record Update Section, the Criminal History System [[CHS]] as a whole, or any part thereof, or any investigations or analyses ...