Search results
Jump to navigation
Jump to search
Page title matches
- ==Availability Management== Availability Management allows organizations to sustain the IT service availability in order to sup ...1 KB (154 words) - 15:48, 20 March 2007
- ==Financial Management== ...ery section of the [[ITIL]] best practice framework. The aim of Financial Management for IT Services is to give accurate and cost effective stewardship of IT as ...6 KB (885 words) - 10:12, 23 March 2007
- ==Release Management== ...ntation of new hardware and software is also the responsibility of Release Management. This guarantees that all software can be conceptually optimized to meet th ...2 KB (352 words) - 16:42, 20 March 2007
- ==Problem Management== The goal of Problem Management is to resolve the root cause of incidents and thus to minimize the adverse ...3 KB (480 words) - 16:20, 20 March 2007
- ==IT Service Continuity Management== ...[[Contingency Plan Testing]], and [[Risk_Assessment_and_Treatment: | Risk Management]]. ...464 bytes (58 words) - 13:24, 30 April 2007
- ==Incident Management== ...| Service Level Management]] process area. The first goal of the incident management process is to restore a normal service operation as quickly as possible and ...9 KB (1,371 words) - 16:40, 23 May 2007
- ==Change Management== ...anges (fixes) - with minimum risk to IT infrastructure. The goal of Change Management is to ensure that standardized methods and procedures are used for efficien ...4 KB (588 words) - 16:23, 21 March 2007
- ==Security Management== ...urity Management is based on the code of practice for information security management also known as ISO/IEC 17799. ...32 KB (4,804 words) - 14:10, 27 February 2009
- ==Configuration Management == ...re or software upgrade, a computer technician can access the configuration management program and database to see what is currently installed. The technician can ...7 KB (942 words) - 15:09, 23 March 2007
- ==IT Management Booklet== ...risk management processes to ensure effective information technology (IT) management.<br> ...5 KB (645 words) - 18:03, 27 April 2007
- ==Capacity Management== ...agement, Modeling, Capacity Planning, Resource Management, and Performance Management. ...352 bytes (43 words) - 15:46, 20 March 2007
- ...cording to whether the risk management method is in the context of project management, security, risk analysis, industrial processes, financial portfolios, actua Certain aspects of many of the risk management standards have come under criticism for having no measurable improvement on ...27 KB (4,185 words) - 23:45, 10 March 2010
- =='''Asset Management'''== ...mation security perspective is not just about 'IT' Assets. It is about the management, control and protection of '''all''' aspects of Information / Data in whate ...5 KB (705 words) - 13:29, 23 May 2007
- '''MANAGEMENT CONTROL '''<br> ...DOI A.1''']] Is there an IS steering committee or other evidence that top management is involved in the IS function and, if so, who are the members? Please prov ...2 KB (354 words) - 20:12, 25 June 2006
- ==Information Security Aspects of Business Continuity Management== ==Business Continuity Management Considerations== ...9 KB (1,274 words) - 00:17, 1 June 2007
- ==Service Level Management== ...l processes to control their activities. The central role of Service Level Management makes it the natural place for metrics to be established and monitored agai ...2 KB (253 words) - 15:44, 20 March 2007
- ==Communications and Operations Management== ...y and cost effective service to client financial institutions. Institution management should monitor any changes in the current strategies and plans of independe ...19 KB (2,609 words) - 13:51, 23 May 2007
- ==Service Desk Management== A '''Service Desk''' is a primary IT capability called for in IT Service Management (ITSM) as defined by the [[Information Technology Infrastructure Library]] ...4 KB (552 words) - 16:15, 20 March 2007
- ==Software Configuration Management== Software Configuration Management (SCM) is the discipline whose objective is to identify the configuration of ...22 KB (3,132 words) - 19:07, 17 April 2007
- ==IT Risk Management Process== ...he ability to mitigate IT risks is dependent upon risk assessments. Senior management should identify, measure, control, and monitor technology to avoid risks th ...4 KB (528 words) - 16:58, 28 March 2010
- ...ves, or from programs, projects or service improvement initiatives. Change Management can ensure standardized methods, processes and procedures are used for all ==Change management in development projects== ...4 KB (523 words) - 10:24, 23 April 2010
- ==Sample Configuration Management Standard== ...e objectives established in the [[Sample_Asset_Management_Policy:|'''Asset Management Standard''']], and provides specific instructions and requirements for esta ...5 KB (681 words) - 21:56, 15 January 2014
- =='''Vulnerability Management Standard'''== ...jectives for establishing specific standards on the assessment and ongoing management of vulnerabilities.<br> ...9 KB (1,122 words) - 14:12, 1 May 2010
- =='''Sample Management Security Awareness Standard'''== ...ts for providing security awareness education and training for the Company management.<br> ...6 KB (752 words) - 14:02, 1 May 2010
- Click [[File:Records-Management.pdf]] for more information. ...299 bytes (39 words) - 22:00, 15 March 2010
- ==Sample Asset Management Standard== ...ard defines Company objectives for establishing specific standards for the management of the networks, systems, and applications that store, process and transmit ...3 KB (389 words) - 17:40, 14 January 2014
- ...rily out of [[ISO/IEC 17799]], a code of practice for information security management published by the [[International Organization for Standardization]] in 2000 ...can be used as a template to make ISO 9001 compliant information security management systems. While ISO 27001 is controls based, ISM3 is process based. ISM3 has ...2 KB (257 words) - 17:09, 22 March 2007
- ...covered that with an organized, systematic approach, you can approach risk management effectively. Risk simply put is the negative impact to business assets by t ...lping you understanding the core elements of a successful IT security risk management program for a commercial enterprise, the processes of calculating the cost ...23 KB (3,630 words) - 10:19, 27 October 2012
- =='''Sample Life Cycle Management Standard'''== ...Name>''' (the "Company") [[Sample Asset Management Policy:|'''Sample Asset Management Policy''']] defines objectives for establishing specific standards for prop ...16 KB (2,312 words) - 14:14, 1 May 2010
- =='''Sample Management Security Awareness Standard'''== ...ts for providing security awareness education and training for the Company management.<br> ...5 KB (662 words) - 17:54, 25 July 2006
- ==Sample Vulnerability Assessment and Management Standard== ...ectives for establishing specific standards for the assessment and ongoing management of vulnerabilities. ...2 KB (230 words) - 19:16, 14 January 2014
- ...done on time and on budget, you know it can be a challenge. Learn project management practices that make the e-Discovery process easier. You’ll improve planning ...402 bytes (59 words) - 10:44, 16 March 2010
Page text matches
- ==Capacity Management== ...agement, Modeling, Capacity Planning, Resource Management, and Performance Management. ...352 bytes (43 words) - 15:46, 20 March 2007
- ==IT Service Continuity Management== ...[[Contingency Plan Testing]], and [[Risk_Assessment_and_Treatment: | Risk Management]]. ...464 bytes (58 words) - 13:24, 30 April 2007
- ==Service Level Management== ...l processes to control their activities. The central role of Service Level Management makes it the natural place for metrics to be established and monitored agai ...2 KB (253 words) - 15:44, 20 March 2007
- ==Sample Vulnerability Assessment and Management Standard== ...ectives for establishing specific standards for the assessment and ongoing management of vulnerabilities. ...2 KB (230 words) - 19:16, 14 January 2014
- Provides a framework for consistent, timely, and cost-effective management decisions.<br> Management best guesses.<br> ...2 KB (318 words) - 16:08, 3 August 2006
- Provides a framework for consistent, timely, and cost-effective management decisions.<br> Management best guesses.<br> ...2 KB (322 words) - 16:10, 3 August 2006
- ==Change Management== ...anges (fixes) - with minimum risk to IT infrastructure. The goal of Change Management is to ensure that standardized methods and procedures are used for efficien ...4 KB (588 words) - 16:23, 21 March 2007
- ...g to a business and service priority and routed to the appropriate problem management team, and customers kept informed of the status of their queries. ITIL Incident Management<br> ...2 KB (299 words) - 17:41, 5 May 2006
- ...rily out of [[ISO/IEC 17799]], a code of practice for information security management published by the [[International Organization for Standardization]] in 2000 ...can be used as a template to make ISO 9001 compliant information security management systems. While ISO 27001 is controls based, ISM3 is process based. ISM3 has ...2 KB (257 words) - 17:09, 22 March 2007
- ...issues are recorded, analyzed, resolved in a timely manner and reported to management. . ...if a problem management system exists and how it is being used. Review how management has documented how the system is to be used. ...2 KB (325 words) - 19:12, 25 June 2006
- Management should establish quality assurance procedures and update future planning wi Management should conduct quality assurance reviews for all significant activities bot ...2 KB (227 words) - 18:59, 17 April 2007
- ==Sample Asset Management Standard== ...ard defines Company objectives for establishing specific standards for the management of the networks, systems, and applications that store, process and transmit ...3 KB (389 words) - 17:40, 14 January 2014
- ==Availability Management== Availability Management allows organizations to sustain the IT service availability in order to sup ...1 KB (154 words) - 15:48, 20 March 2007
- ITIL Security Management, Security Management Measures<br> ITIL 4.2 Implement Security Management, Security Management Measures<br> ...2 KB (270 words) - 14:54, 5 May 2006
- ==Service Desk Management== A '''Service Desk''' is a primary IT capability called for in IT Service Management (ITSM) as defined by the [[Information Technology Infrastructure Library]] ...4 KB (552 words) - 16:15, 20 March 2007
- ...sourced services is performed in accordance with the organization’s vendor management policy.<br> ...sourced services is performed in accordance with the organization’s vendor management policy. .<br> ...2 KB (306 words) - 18:32, 14 June 2006
- ...sourced services is performed in accordance with the organization's vendor management policy.<br> ...nagement policy and discuss with those responsible for third-party service management if they follow such standards. ...2 KB (295 words) - 15:40, 25 June 2006
- '''PO 9.1 IT and Business Risk Management Alignment'''<br> ...nagement and control framework with the organization’s (enterprise’s) risk management framework. This includes alignment with the organization’s risk appetite an ...3 KB (377 words) - 14:10, 8 August 2006
- =='''Asset Management'''== ...mation security perspective is not just about 'IT' Assets. It is about the management, control and protection of '''all''' aspects of Information / Data in whate ...5 KB (705 words) - 13:29, 23 May 2007
- ==Problem Management== The goal of Problem Management is to resolve the root cause of incidents and thus to minimize the adverse ...3 KB (480 words) - 16:20, 20 March 2007
- =='''Sample Management Security Awareness Standard'''== ...ts for providing security awareness education and training for the Company management.<br> ...5 KB (662 words) - 17:54, 25 July 2006
- '''DS 5.1 Management of IT Security'''<br> Manage IT security at the highest appropriate organizational level, so the management of security actions is in line with business requirements. ...3 KB (394 words) - 17:12, 22 March 2007
- :[[Sample Asset Management Policy:|'''Sample Asset Management Policy''']]<br> :The Asset Management Policy defines objectives for properly managing Information Technology infr ...3 KB (404 words) - 14:53, 25 July 2006
- ...01: "Information technology - Security techniques - [[Information Security Management System]]s" are of particular interest to information security professionals ...s standards and guidelines to increase secure IT planning, implementation, management and operation. NIST is also the custodian of the USA [http://csrc.nist.go ...2 KB (287 words) - 14:29, 8 March 2007
- ==Release Management== ...ntation of new hardware and software is also the responsibility of Release Management. This guarantees that all software can be conceptually optimized to meet th ...2 KB (352 words) - 16:42, 20 March 2007
- :::a. SOX.2.0.1: Organizational policies and management procedures are in place to ensure the IT function is controlled properly.<b ITIL ICT Infrastructure Management.<br> ...3 KB (356 words) - 17:11, 1 May 2006
- ...ves, or from programs, projects or service improvement initiatives. Change Management can ensure standardized methods, processes and procedures are used for all ==Change management in development projects== ...4 KB (523 words) - 10:24, 23 April 2010
- [[DS1.1:| 1.1 Service Level Management Framework]]<br> [[DS2.2:| 2.2 Supplier Relationship Management]]<br> ...4 KB (538 words) - 19:08, 14 June 2007
- ==IT Management Booklet== ...risk management processes to ensure effective information technology (IT) management.<br> ...5 KB (645 words) - 18:03, 27 April 2007
- ...upport the objectives established in the Asset Protection Policy and Asset Management Policy.<br> :1. [[Sample Life Cycle Management Standard:|'''Sample ISO Life Cycle Management Standard''']]<br> ...5 KB (613 words) - 18:14, 25 July 2006
- The problem management system should provide for adequate audit trail facilities that allow tracki ...rs on user services. In the event that this impact becomes severe, problem management should escalate the problem, perhaps referring it to an appropriate board t ...3 KB (451 words) - 17:52, 5 May 2006
- ...nal standard for [[Compliance#ITIL_IT_Infrastructure_Library: | IT Service Management]]. It was developed in 2005, by the BSI Group. It is based on and intended ...ogether, these form a top-down framework to define the features of service management processes that are essential for the delivery of high quality services.<br> ...2 KB (298 words) - 14:25, 23 April 2010
- [[Asset Management:|'''Asset Management''']]<br> [[Communications and Operations Management:|'''Communications and Operations Management''']]<br> ...3 KB (378 words) - 21:27, 18 January 2015
- ==Financial Management== ...ery section of the [[ITIL]] best practice framework. The aim of Financial Management for IT Services is to give accurate and cost effective stewardship of IT as ...6 KB (885 words) - 10:12, 23 March 2007
- ...nd services. The framework should integrate with the corporate performance management system.<br> ...2 KB (301 words) - 12:27, 4 May 2006
- ...c level to deal with related security issues. Obtain direction from senior management on the appetite for IT risk and approval of any residual IT risks.<br> ITIL ICT Infrastructure Management, Design and Planning.<br> ...3 KB (370 words) - 18:04, 1 May 2006
- ...rs, risk managers, the corporate compliance group, outsourcers and offsite management.<br> ITIL 7. Supplier Relationship Management.<br> ...2 KB (342 words) - 18:20, 1 May 2006
- ==Configuration Management== ...an '''Information Technology Infrastructure Library''' [[ITIL]] IT Service Management [[ITSM]] '''process''' that tracks all of the individual Configuration Item ...4 KB (570 words) - 16:12, 23 March 2007
- ...t and disposition of records under chapters 29, 31, or 33 of title 44, the management of information resources under sub-chapter I of chapter 35 of this title, o ...851 bytes (128 words) - 21:01, 3 June 2010
- '''PO 10.2 Project Management Framework'''<br> ...should be integrated with the enterprise portfolio management and program management processes.<br> ...3 KB (367 words) - 16:28, 21 June 2006
- ==Configuration Management == ...re or software upgrade, a computer technician can access the configuration management program and database to see what is currently installed. The technician can ...7 KB (942 words) - 15:09, 23 March 2007
- :'''Assign to an individual or team the following information security management responsibilities:'''<br> ...rity to a Chief Security Officer or other security-knowledgeable member of management. Obtain information security policies and procedures to verify that the fol ...2 KB (293 words) - 16:04, 2 March 2007
- ...is standardized, logged, approved, documented and subject to formal change management procedures. ...xists and is maintained to reflect the current process. Consider if change management procedures exist for all changes to the production environment, including p ...3 KB (447 words) - 13:36, 23 June 2006
- '''ME 4.5 Risk Management'''<br> ...s and report IT-related risks and the impact on the business. Make sure IT management follows up on risk exposures, paying special attention to IT control failur ...2 KB (334 words) - 13:36, 4 May 2006
- :'''Assign to an individual or team the following information security management responsibilities:'''<br> ...rity to a Chief Security Officer or other security-knowledgeable member of management. Obtain information security policies and procedures to verify that the fol ...2 KB (303 words) - 16:00, 2 March 2007
- '''DS 10.4 Integration of Change, Configuration and Problem Management '''<br> ...ents, integrate the related processes of change, configuration and problem management. Monitor how much effort is applied to firefighting rather than enabling bu ...2 KB (248 words) - 17:50, 5 May 2006
- ...y policy exists and has been approved by an appropriate level of executive management. ...been approved by an appropriate level of senior management to demonstrate management’s commitment to security? ...3 KB (351 words) - 16:49, 25 June 2006
- ...t and disposition of records under chapters 29, 31, or 33 of title 44, the management of information resources under sub-chapter I of chapter 35 of this title, o ...940 bytes (143 words) - 21:44, 1 June 2010
- ITIL Service Delivery, IT Service Continuity Management.<br> ITIL 7.5 Risk assessment model ICT Infrastructure Management, Annex 3B.<br> ...2 KB (317 words) - 20:10, 1 May 2006
- :::a. SOX.2.0.1: Organizational policies and management procedures are in place to ensure the IT function is controlled properly.<b ITIL 8. Roles, Responsibilities and Interfaces Application Management.<br> ...3 KB (393 words) - 17:18, 1 May 2006
- <br>Produce reports of service desk activity to enable management to measure service performance and service response times and to identify t ITIL Incident Management<br> ...2 KB (264 words) - 17:42, 5 May 2006
- ...strators cannot connect remotely to the wireless management interface (all management of wireless environments is only from the console).<br> ...3 KB (352 words) - 13:58, 28 February 2007
- ITIL Service Delivery, Financial Management for IT Services.<br> ITIL 5.1.7 Benefits Service Delivery, Financial Management for IT Services.<br> ...2 KB (346 words) - 18:25, 1 May 2006
- ...799]], "Information Technology - Code of practice for information security management." in 2000. [[ISO/IEC 17799]] was then revised in June 2005 and finally inc ...security management system]] (ISMS), referring to the information security management structure and controls identified in BS 7799-2, which later became [[ISO/IE ...2 KB (249 words) - 10:56, 27 October 2012
- ...sks and responsibilities of internal and external service providers, their management and their customers, and the rules and structures to document, test and exe :::a. [[SOX.2.0.1:|'''SOX.2.0.1''']] Organizational policies and management procedures are in place to ensure the IT function is controlled properly. ...3 KB (456 words) - 17:15, 15 February 2007
- ITIL Service Delivery, Capacity Management.<br> ITIL 6.3 Activities in capacity management Service Delivery, Availability Management.<br> ...2 KB (290 words) - 17:49, 25 April 2007
- ...report and classify problems that have been identified as part of incident management. The steps involved in problem classification are similar to the steps in c :::a. SOX.3.1.1: Management should monitor security incidents and the extent of compliance with informa ...4 KB (601 words) - 15:01, 8 August 2006
- ==Sample Configuration Management Standard== ...e objectives established in the [[Sample_Asset_Management_Policy:|'''Asset Management Standard''']], and provides specific instructions and requirements for esta ...5 KB (681 words) - 21:56, 15 January 2014
- '''MANAGEMENT CONTROL '''<br> ...DOI A.1''']] Is there an IS steering committee or other evidence that top management is involved in the IS function and, if so, who are the members? Please prov ...2 KB (354 words) - 20:12, 25 June 2006
- '''PO 5.1 Financial Management Framework'''<br> ...these portfolios to the budget prioritization, cost management and benefit management processes.<br> ...2 KB (353 words) - 18:22, 1 May 2006
- ...puter operations, which are periodically reviewed, updated and approved by management. ...and availability is compromised because emergency changes are made without management approval.''' ...4 KB (537 words) - 13:57, 23 June 2006
- [[ME4.4:| 4.4 Resource Management]]<br> [[ME4.5:| 4.5 Risk Management]]<br> ...2 KB (195 words) - 19:06, 14 June 2007
- * [[KY MANAGEMENT CONTROL:|'''MANAGEMENT CONTROL''']] ...924 bytes (100 words) - 20:14, 25 June 2006
- * [[GA MANAGEMENT CONTROL:|'''MANAGEMENT CONTROL''']] ...923 bytes (100 words) - 20:08, 25 June 2006
- * [[LA MANAGEMENT CONTROL:|'''MANAGEMENT CONTROL''']] ...925 bytes (100 words) - 20:09, 25 June 2006
- * [[TX MANAGEMENT CONTROL:|'''MANAGEMENT CONTROL''']] ...921 bytes (100 words) - 20:10, 25 June 2006
- * [[WI MANAGEMENT CONTROL:|'''MANAGEMENT CONTROL''']] ...925 bytes (100 words) - 20:11, 25 June 2006
- '''PO 1.6 IT Portfolio Management'''<br> ITIL ICT Infrastructure Management.<br> ...3 KB (470 words) - 13:39, 6 March 2007
- ITIL Applications Management.<br> ITIL The Application Management Lifecycle.<br> ...3 KB (377 words) - 14:55, 1 May 2006
- * [[FL MANAGEMENT CONTROL:|'''MANAGEMENT CONTROL''']] ...928 bytes (100 words) - 20:06, 25 June 2006
- ...chnology - Security techniques - Code of practice for information security management''. The current standard is a revision of the version published in [[2000]], ...]] for initiating, implementing or maintaining [[ISMS|Information Security Management Systems]] (ISMS). Information security is defined within the standard in th ...6 KB (847 words) - 16:57, 26 March 2007
- :'''Ensure management approves all media that is moved from a secured area (especially when media ...g logs, and verify the presence in the logs of tracking details and proper management authorization.'''<br> ...2 KB (281 words) - 14:25, 2 March 2007
- :4. [[Sample Asset Management Policy:|'''Sample HIPAA Asset Management Policy''']]<br> :The Asset Management Policy is required to comply with HIPAA (Subpart C Section 164.308(a)1C,2, ...5 KB (614 words) - 16:46, 25 July 2006
- '''PO 8.1 Quality Management System'''<br> ...conformity. The QMS should define the organizational structure for quality management, covering the roles, tasks and responsibilities. All key areas develop thei ...2 KB (337 words) - 19:47, 1 May 2006
- ...ards define Company objectives for establishing specific standards for the management of the networks, systems, and applications that store, process and transmit ...ectives for establishing specific standards for the assessment and ongoing management of vulnerabilities.<br> ...4 KB (465 words) - 15:46, 13 January 2014
- =='''Sample Management Security Awareness Standard'''== ...ts for providing security awareness education and training for the Company management.<br> ...6 KB (752 words) - 14:02, 1 May 2010
- ...DOI A.1''']] Is there an IS steering committee or other evidence that top management is involved in the IS function and, if so, who are the members? Please prov * [[PO10.3:|'''PO 10.3 Project Management Approach''']]<br> ...3 KB (346 words) - 21:58, 23 June 2006
- ==IT Risk Management Process== ...he ability to mitigate IT risks is dependent upon risk assessments. Senior management should identify, measure, control, and monitor technology to avoid risks th ...4 KB (528 words) - 16:58, 28 March 2010
- :::a. SOX.2.0.1: Organizational policies and management procedures are in place to ensure the IT function is controlled properly.<b ITIL Security Management, Security Management Measures.<br> ...2 KB (338 words) - 19:03, 17 April 2007
- ...y to explain deviations and performance problems. Upon review, appropriate management action should be initiated and controlled.<br> ...2 KB (347 words) - 13:38, 4 May 2006
- ITIL Security Management, Security Management Measures.<br> ITIL 4.2 Implement Security Management, Security Management Measures.<br> ...3 KB (420 words) - 14:06, 8 August 2006
- :::a. [[SOX.2.7.7:|'''SOX.2.7.7''']] The problem management system provides for adequate audit trail facilities, which allow tracing fr 2. Review a sample of problems recorded on the problem management system to consider whether a proper audit trail exists and is used. ...2 KB (297 words) - 19:19, 25 June 2006
- '''PO 10.1 Program Management Framework'''<br> ITIL ICT Infrastructure Management.<br> ...2 KB (345 words) - 01:18, 2 May 2006
- ...Standard (ISO 17799) is an internationally recognized information Security Management standard consisting of security clauses, controls, and objectives comprisin ::ISO 17799 defines Security Policy objectives to provide management direction and support for information security. This section provides templ ...8 KB (1,023 words) - 17:25, 24 October 2006
- ...| governance]], [[Risk_management | risk]], and [[compliance]] activities; management reviews, and Microsoft Solutions Framework (MSF) best practices.<br> ...tivities through the use of [[risk management]], [[Change_control | change management]], and controls. It also provides guidance relating to accountability and r ...3 KB (461 words) - 14:19, 23 April 2010
- :::a. [[SOX.2.0.13:|'''SOX.2.0.13''']] IT management determines that, before selection, potential third parties are properly qua ...hird party’s financial stability, skill and knowledge of the systems under management, and controls over security, availability and processing integrity. .<br> ...2 KB (317 words) - 18:30, 14 June 2006
- :'''Assign to an individual or team the following information security management responsibilities:'''<br> ...rity to a Chief Security Officer or other security-knowledgeable member of management. Obtain information security policies and procedures to verify that the fol ...2 KB (294 words) - 20:02, 2 March 2007
- '''DS 5.8 Cryptographic Key Management '''<br> ITIL Security Management<br> ...3 KB (413 words) - 19:02, 4 May 2006
- :::a. SOX.3.1.1: Management should monitor security incidents and the extent of compliance with informa ITIL Service Delivery, Availability Management <br> ...2 KB (351 words) - 13:57, 4 May 2006
- :'''Assign to an individual or team the following information security management responsibilities:'''<br> ...rity to a Chief Security Officer or other security-knowledgeable member of management. Obtain information security policies and procedures to verify that the fol ...2 KB (293 words) - 15:59, 2 March 2007
- :::a. [[SOX.2.7.15:|'''SOX.2.7.15''']] Management has established, documented and followed standard procedures for IT operati 1. Determine if management has documented its procedures for IT operations, and operations are reviewe ...2 KB (315 words) - 20:11, 25 June 2006
- ::'''Verify the existence of key management procedures.'''<br> ::Examine the key management procedures and determine the procedures require the following: ...2 KB (311 words) - 17:11, 28 February 2007
- :'''Assign to an individual or team the following information security management responsibilities:'''<br> ...rity to a Chief Security Officer or other security-knowledgeable member of management. Obtain information security policies and procedures to verify that the fol ...2 KB (296 words) - 16:02, 2 March 2007
- ...ments analysis was performed and appropriately approved (including account management and IT security). Obtain and examine documents associated with requirements ITIL ICT Infrastructure Management, Design and Planning.<br> ...3 KB (446 words) - 16:36, 1 May 2006
- :[[Executive Management Awareness:|'''Executive Management Awareness''']]<br> :This presentation on executive management awareness covers security and business risks, anatomy of an attack, and a s ...5 KB (653 words) - 12:45, 25 April 2007
- ::'''Verify the existence of key management procedures.'''<br> ::Examine the key management procedures and determine the procedures require the following: ...2 KB (311 words) - 17:07, 28 February 2007
- ::'''Verify the existence of key management procedures.'''<br> ::Examine the key management procedures and determine the procedures require the following: ...2 KB (311 words) - 17:09, 28 February 2007
- ::'''Verify the existence of key management procedures.'''<br> ::Examine the key management procedures and determine the procedures require the following: ...2 KB (312 words) - 17:12, 28 February 2007
- '''DS 1.1 Service Level Management Framework'''<br> ...ogue. The framework defines the organizational structure for service level management, covering the roles, tasks and responsibilities of internal and external se ...4 KB (524 words) - 15:03, 25 June 2006
- ::'''Verify the existence of key management procedures.'''<br> ::Examine the key management procedures and determine the procedures require the following: ...2 KB (312 words) - 17:06, 28 February 2007
- ::'''Verify the existence of key management procedures.'''<br> ::Examine the key management procedures and determine the procedures require the following: ...2 KB (314 words) - 17:14, 28 February 2007
- ::'''Verify the existence of key management procedures.'''<br> ::Examine the key management procedures and determine the procedures require the following: ...2 KB (315 words) - 17:14, 28 February 2007
- ::'''Verify the existence of key management procedures.'''<br> ::Examine the key management procedures and determine the procedures require the following: ...2 KB (318 words) - 17:15, 28 February 2007
- ...on and database, and identified security violations are reported to senior management. ...s the nature and extent of such events over the past year and discuss with management how they have responded with controls to prevent unauthorized access or man ...2 KB (321 words) - 18:06, 25 June 2006
- ::'''Verify the existence of key management procedures.'''<br> ::Examine the key management procedures and determine the procedures require the following: ...2 KB (323 words) - 17:20, 28 February 2007
- 1. Conduct an evaluation of the frequency and timeliness of management’s review of configuration records. 2. Assess whether management has documented the configuration management procedures. ...2 KB (324 words) - 18:46, 25 June 2006
- '''PO 2.4 Integrity Management'''<br> ....1.6: Database access is granted through a service request and approved by management.<br> ...4 KB (550 words) - 14:34, 1 May 2006
- ISO 27002 (17799) defines Security Policy objectives to provide management direction and support for information security. This section provides templ ...ling Standard is required to comply with ISO Communications and Operations Management objectives and builds on the objectives established in the Asset Protection ...2 KB (202 words) - 12:40, 15 June 2007
- '''PO 10.3 Project Management Approach'''<br> Establish a project management approach commensurate with the size, complexity and regulatory requirements ...4 KB (594 words) - 19:50, 25 June 2006
- ::'''Verify the existence of key management procedures.'''<br> ::Examine the key management procedures and determine the procedures require the following: ...2 KB (334 words) - 17:13, 28 February 2007
- ITIL IT Service Continuity Management<br> ITIL 7.3 Service continuity management generic recovery plan<br> ...2 KB (270 words) - 18:10, 25 April 2007
- ITIL IT Service Continuity Management.<br> ITIL 7.3.4 Stage 4 - Operational management.<br> ...2 KB (278 words) - 18:21, 25 April 2007
- The objective of this category is to provide management direction and support for information security in accordance with business One or more information security policy documents should be approved by management, and published and communicated to all employees and relevant external part ...8 KB (1,063 words) - 13:25, 23 May 2007
- ...nd discussions, that procedures exist for user authentication and password management, by performing the following:'''<br> ::'''PCI-8.5.1 B:''' Determine that only administrators have access to management consoles for wireless networks.'''<br> ...3 KB (345 words) - 14:24, 1 March 2007
- ...th the business continuity planner). The RTOs are then presented to senior management for acceptance. The RTO attaches to the business process and not the resour * [http://www.pas56.com/ BS25999 Business Continuity Management] ...2 KB (272 words) - 11:15, 27 October 2012
- '''AI 2.9 Applications Requirements Management'''<br> ...being approved through an established [[Change_control | change control]] management process.<br> ...2 KB (274 words) - 13:47, 6 March 2007
- Through the development and management of key information security processes.<br> '''True or False: Organizations need process-management tools and resources to help develop and manage these critical information s ...2 KB (305 words) - 17:31, 3 August 2006
- '''''Through the development and management of key information security processes.'''''<br> '''True or False: Organizations need process-management tools and resources to help develop and manage these critical information s ...2 KB (309 words) - 17:34, 3 August 2006
- '''DS 2.2 Supplier Relationship Management'''<br> Formalize the supplier relationship management process for each supplier. The relationship owners must liaise on customer ...3 KB (408 words) - 16:10, 25 June 2006
- ...steering committee (or equivalent) composed of executive, business and IT management to: Determine prioritization of IT-enabled investment programs in line with ...d systems development methodology should be established and implemented by management. This systems development life cycle (SDLC) describes the stages involved i ...4 KB (506 words) - 20:00, 25 June 2006
- ...r [[AES | Advanced Encryption Standard]] (AES) 256-bit with associated key management processes and procedures. :'''PCI-3.6 Fully document and implement all key management processes and procedures, including:'''<br> ...4 KB (635 words) - 11:52, 28 March 2008
- ...ual responsible for the function and which exceptions should be escalated. Management is also responsible to inform affected parties.<br> ...2 KB (289 words) - 13:11, 4 May 2006
- ...ual responsible for the function and which exceptions should be escalated. Management is also responsible to inform affected parties.<br> ...2 KB (289 words) - 12:56, 4 May 2006
- ITIL Incident Management<br> ITIL Incident Management<br> ...2 KB (281 words) - 17:42, 5 May 2006
- ...and availability is compromised because emergency changes are made without management approval.''' ...'']] Emergency change requests are documented and subject to formal change management procedures. ...3 KB (372 words) - 13:56, 23 June 2006
- [[PO1.1:| 1.1 IT Value Management]]<br> [[PO1.6:| 1.6 IT Portfolio Management]]<br> ...4 KB (517 words) - 19:07, 14 June 2007
- '''PO 5.4 Cost Management'''<br> Implement a cost management process comparing actual costs to budgets. Costs should be monitored and re ...2 KB (303 words) - 18:29, 1 May 2006
- ITIL Security Management, Guidelines for Implementing Security Management.<br> ITIL 5.2.1 The role of the security manager ICT Infrastructure Management.<br> ...3 KB (427 words) - 17:58, 1 May 2006
- Encourage IT management to define and execute ` procedures to ensure that the IT continuity plan is ::'''5. PCI-6.4.2 Management sign-off by appropriate parties.''' ...3 KB (436 words) - 14:30, 4 May 2006
- :'''Description of groups, roles, and responsibilities for logical management of network components.'''<br> ...s include a description of groups, roles, and responsibilities for logical management of network components. ...2 KB (265 words) - 12:24, 16 June 2010
- ...n repository and be properly integrated with change management and problem management procedures. '''Rationale —''' Configuration management includes procedures such that security, availability and processing integri ...3 KB (429 words) - 18:55, 25 June 2006
- ...d so security incidents can be properly treated by the incident or problem management process. Characteristics include a description of what is considered a secu :::a. SOX.3.1.1: Management should monitor security incidents and the extent of compliance with informa ...4 KB (548 words) - 14:21, 4 May 2006
- ...izing tasks, error tolerance mechanisms and resource allocation practices. Management should ensure that contingency plans properly address availability, capacit ITIL Service Delivery, Availability Management<br> ...2 KB (284 words) - 14:37, 21 June 2006
- • Computing environment management <br> • Network environment management <br> ...3 KB (360 words) - 16:59, 25 June 2006
- ...r Independent Computer Consultants,[[FN43]] or the Association for Systems Management.[[FN44]] ...2 KB (298 words) - 15:17, 22 February 2009
- Data Processing Management Association, 505 Busse Highway, Park Ridge IL 60068-3191 (312) 825-8124. ...606 bytes (76 words) - 02:57, 5 March 2009
- ...urable and predictable by users to encourage proper use of resources. User management should be able to verify actual usage and charging of services. ITIL Financial Management for IT Services<br> ...2 KB (305 words) - 14:51, 5 May 2006
- ITIL Service Support, Release Management.<br> ITIL Release Management.<br> ...2 KB (296 words) - 17:59, 3 May 2006
- Association for Systems Management, 24587 Bagley Rd., Cleveland, OH 44138 (216) 243-6900. ...516 bytes (62 words) - 03:00, 5 March 2009
- ITIL ICT Infrastructure Management, Operations<br> ITIL 4.6.2 The tools - scheduling tools ICT Infrastructure Management<br> ...3 KB (467 words) - 18:39, 5 May 2006
- '''ME 4.4 Resource Management'''<br> ...current and future strategic objectives and keep up with business demands. Management should put clear, consistent and enforced human resources policies and proc ...2 KB (329 words) - 13:34, 4 May 2006
- ...management are provided in the [[Sample Management Awareness Standard:|'''Management Awareness Standard''']].<br> ...3 KB (418 words) - 19:53, 14 January 2014
- :[[Sample Asset Management Policy:|'''Sample Asset Management Standard''']]<br> :The Asset Management Standard defines objectives for properly managing Information Technology in ...4 KB (581 words) - 17:06, 30 December 2013
- ==Information Security Aspects of Business Continuity Management== ==Business Continuity Management Considerations== ...9 KB (1,274 words) - 00:17, 1 June 2007
- ...list to a control list of exceptions that has been previously certified by management. Any accounts that remain should be investigated as they are most likely po ITIL Service Delivery, Availability Management.<br> ...3 KB (459 words) - 17:56, 21 June 2006
- '''DS 5.4 User Account Management'''<br> ...rmation are contractually arranged for all types of users. Perform regular management review of all accounts and related privileges.<br> ...6 KB (846 words) - 13:52, 4 May 2006
- ITIL IT Service Continuity Management<br> ITIL 7.3.4 Stage 4 - Operational management<br> ...2 KB (324 words) - 14:50, 4 May 2006
- ==AI 4.2 Knowledge Transfer to Business Management== ...rocesses. The knowledge transfer should include access approval, privilege management, segregation of duties, automated business controls, backup/recovery, physi ...3 KB (362 words) - 23:55, 14 June 2007
- :::a. [[SOX.2.0.1:|'''SOX.2.0.1''']] Organizational policies and management procedures are in place to ensure the IT function is controlled properly. ITIL The Business Perspective, Supplier Relationship Management<br> ...3 KB (366 words) - 18:00, 25 April 2007
- ...deviations from expected performance should be identified, and appropriate management action should be initiated and reported.<br> ...2 KB (332 words) - 12:39, 4 May 2006
- ...iew, basis for payment, warranties, arbitration procedures, human resource management and compliance with the organization’s policies.<br> ...2 KB (319 words) - 17:09, 3 May 2006
- ITIL Problem Management <br> ITIL 6.8 Proactive problem management<br> ...2 KB (333 words) - 16:42, 5 May 2006
- ...nts to address: a definition of services; performance measurement; problem management; customer duties; warranties; disaster recovery; termination of agreement.< *[[IT Service Management]] ...3 KB (527 words) - 16:06, 22 March 2007
- ...done on time and on budget, you know it can be a challenge. Learn project management practices that make the e-Discovery process easier. You’ll improve planning ...402 bytes (59 words) - 10:44, 16 March 2010
- ::[[Image:Key-control.jpg]][[PCI-6.4.2:|PCI-6.4.2 Management sign-off by appropriate parties.]]<br> ...mage:Key-control.jpg]][[PCI-6.5.3:|PCI-6.5.3 Broken authentication/session management (use of account credentials and session cookies).]]<br> ...4 KB (578 words) - 18:46, 28 February 2007
- ...ments analysis was performed and appropriately approved (including account management and IT security). Obtain and examine documents associated with requirements ITIL ICT Infrastructure Management, Appendix C.1.<br> ...4 KB (510 words) - 13:54, 1 May 2006
- ITIL Security Management<br> ITIL Security Management Measures<br> ...3 KB (377 words) - 18:52, 4 May 2006
- :::a. [[SOX.3.1.4:|'''SOX.3.1.4''']] Management ensures that authorized access to corporate resources terminated entities o * ISO 17799 9.2 User access management.<br> ...3 KB (366 words) - 16:39, 26 June 2006
- .... While not a control, insurance can be an effective risk mitigation tool. Management should balance controls against business operations requirements, cost, eff ...655 bytes (85 words) - 19:15, 17 April 2007
- ==Incident Management== ...| Service Level Management]] process area. The first goal of the incident management process is to restore a normal service operation as quickly as possible and ...9 KB (1,371 words) - 16:40, 23 May 2007
- Ensure that IT management, working with the business, defines a balanced set of performance objective ITIL ICT Infrastructure Management.<br> ...3 KB (362 words) - 12:33, 4 May 2006
- ...essment and Management Policy:|'''Sample GLBA Vulnerability Assessment and Management Policy''']]<br> :The Vulnerability Assessment and Management Policy is required to comply with GLBA (Interagency Guideline III.E), and b ...4 KB (535 words) - 16:51, 25 July 2006
- '''DS 11.3 Media Library Management System '''<br> ...r [[AES | Advanced Encryption Standard]] (AES) 256-bit with associated key management processes and procedures.''' ...3 KB (401 words) - 11:50, 28 March 2008
- * Statement of general principles and management approach to the use of cryptographic controls ...ough risk assessment, that considers appropriate algorithm selections, key management and other core features of cryptographic implementations ...9 KB (1,170 words) - 14:05, 22 May 2007
- :::a. [[SOX.1.2:|'''SOX.1.2''']] IT management involves users in the design of applications, selection of packaged softwar ...puter operations, which are periodically reviewed, updated and approved by management.<br> ...4 KB (530 words) - 11:58, 23 June 2006
- =='''Vulnerability Management Standard'''== ...jectives for establishing specific standards on the assessment and ongoing management of vulnerabilities.<br> ...9 KB (1,122 words) - 14:12, 1 May 2010
- ...ange processes. The IT process framework should be integrated in a quality management system and the internal control framework.<br> ...DOI A.1''']] Is there an IS steering committee or other evidence that top management is involved in the IS function and, if so, who are the members? Please prov ...5 KB (699 words) - 19:59, 25 June 2006
- ...demands. Enforce a disciplined approach to portfolio, program and project management, insisting that the business takes ownership of all IT-enabled investments ...3 KB (393 words) - 14:35, 21 June 2006
- ...nt practicable and appropriate, make uniform Federal information resources management policies and practices as a means to improve the productivity, efficiency, ...lementing the information collection review process, information resources management, and related policies and guidelines established under this sub-chapter. ...3 KB (414 words) - 10:37, 1 June 2010
- ::5. Users and management should not directly discuss the violation with the individual(s) involved i ...nicated and understood within its respective organizational units. Company management also is responsible for defining, approving, and implementing processes and ...6 KB (857 words) - 12:22, 19 July 2007
- ===Management commitment to information security=== Management at all levels should actively support security within the organization with ...8 KB (996 words) - 12:49, 22 May 2007
- ...The Application Management Life Cycle, 5.2 Requirements ICT Infrastructure Management, Appendix F3, Requirements Analysis.<br> ...4 KB (538 words) - 13:16, 23 June 2006
- ...y policy exists and has been approved by an appropriate level of executive management. ...on and database, and identified security violations are reported to senior management. ...10 KB (1,333 words) - 17:44, 25 June 2006
- '''PO 10.9 Project Risk Management'''<br> ...at have the potential to cause unwanted change. Risks faced by the project management process and the project deliverable should be established and centrally rec ...3 KB (403 words) - 12:37, 23 June 2006
- ...nformation sharing outside of that required for legitimate business needs. Management should obtain signed confidentiality agreements before granting new employe ...hey will protect and the control processes for which they are responsible. Management can take similar steps to ensure contractors and consultants understand the ...10 KB (1,327 words) - 12:54, 10 April 2007
- ...ata classification policy and the enterprise’s media storage practices. IT management should ensure that offsite arrangements are periodically assessed, at least ...puter operations, which are periodically reviewed, updated and approved by management.<br> ...5 KB (700 words) - 18:07, 23 June 2006
- ...he elements of a control environment for IT, aligned with the enterprise’s management philosophy and operating style. These elements include expectations/require ...ments analysis was performed and appropriately approved (including account management and IT security). Obtain and examine documents associated with requirements ...4 KB (580 words) - 18:00, 23 June 2006
- ITIL IT Service Continuity Management<br> ISO 11.1 Aspects of [[Business_Continuity_Management: | business continuity management]]. ...2 KB (297 words) - 18:35, 25 April 2007
- ITIL IT Service Continuity Management.<br> ISO 11.1 Aspects of [[Business_Continuity_Management: | business continuity management]].<br> ...2 KB (303 words) - 18:16, 25 April 2007
- ...tandard in the field of [[Business continuity planning|Business Continuity Management]] (BCM). This standard replaces PAS 56, a publicly available specification, BS 25999 is a Business Continuity Management (BCM) standard published by the British Standards Institution (BSI). ...7 KB (1,040 words) - 10:48, 27 October 2012
- Among the areas top management analyzes are:<br> ...tioned customer KPIs are developed and improved with customer relationship management.<br> ...5 KB (786 words) - 16:48, 22 March 2007
- ...puter operations, which are periodically reviewed, updated and approved by management.<br> ...es in the business. When policies and procedures are changed, determine if management approves such changes. Select a sample of projects and determine that user ...3 KB (432 words) - 12:23, 23 June 2006
- '''DS 11.6 Security Requirements for Data Management '''<br> :::If considered appropriate, for example for cost reasons, management may wish to make use of independently evaluated and certified products. Fur ...5 KB (649 words) - 18:23, 5 May 2006
- ::*[[Sample Asset Management Policy:|'''Sample Asset Management Policy''']]<br> ...y Assessment and Management Policy:|'''Sample Vulnerability Assessment and Management Policy''']]<br> ...10 KB (1,206 words) - 14:05, 1 May 2010
- ...r [[AES | Advanced Encryption Standard]] (AES) 256-bit with associated key management processes and procedures. ...[[AES | Advanced Encryption Standard]] (AES) 256-bit, with associated key management processes and procedures. ...4 KB (486 words) - 11:53, 28 March 2008
- ...anagement procedure. Include periodic review against business needs, patch management and upgrade strategies, risks, vulnerabilities assessment and security requ :::*If considered appropriate, for example for cost reasons, management may wish to make use of independently evaluated and certified products. Fur ...6 KB (819 words) - 13:54, 23 June 2006
- ...us communication program, supported by top management in action and words. Management should give specific attention to communicating IT security awareness and t ...3 KB (442 words) - 18:58, 1 May 2006
- ...ents and files include hidden data, firm-wide understanding about metadata management as a real security concern still lags. ===Controlling and managing metadata with third-party metadata scrubbing and management software.=== ...4 KB (587 words) - 22:52, 15 March 2010
- ...) that are needed to create, implement, and maintain a best practice, risk management-based information security program.<br> ...) that are needed to create, implement, and maintain a best practice, risk management-based Information Security Program.<br> ...5 KB (705 words) - 11:39, 30 May 2015
- :'''Avoid Session Management Pitfalls:''' [[Media:session-management-security.pdf]]<br> ...actices in Configuration Management for Security:''' [[Media:configuration-management-security.pdf]] <br> ...6 KB (839 words) - 16:22, 23 April 2007
- [[AI2.9:| 2.9 Applications Requirements Management]]<br> [[AI4.2:| 4.2 Knowledge Transfer to Business Management]]<br> ...3 KB (341 words) - 19:07, 14 June 2007
- ...Name>''' (the "Company") [[Sample Asset Management Policy:|'''Sample Asset Management Standard''']] defines objectives for establishing specific standards for pr ...tives established in the [[Sample Asset Management Policy:|'''Sample Asset Management Standard''']], and provides specific instructions and requirements for esta ...9 KB (1,213 words) - 13:20, 9 March 2009
- ...puter operations, which are periodically reviewed, updated and approved by management.<br> ITIL ICT Infrastructure Management<br> ...3 KB (471 words) - 12:32, 23 June 2006
- '''DS 2.3 Supplier Risk Management'''<br> ...iness standards in accordance with legal and regulatory requirements. Risk management should further consider non-disclosure agreements (NDA), escrow contracts, ...7 KB (958 words) - 16:01, 25 June 2006
- ...formation systems, a formal evaluation and approval of the test results by management of the affected user department(s) and the IT function. The tests should co :::*If considered appropriate, for example for cost reasons, management may wish to make use of independently evaluated and certified products. Fur ...5 KB (730 words) - 19:05, 17 April 2007
- ...sition, and maintenance process includes numerous risks. Effective project management influences operational risks (also referred to as transactional risks). The ...uctured project management techniques. The section details general project management standards, procedures, and controls and discusses various development, acqu ...12 KB (1,538 words) - 22:41, 25 April 2007
- ...d systems development methodology should be established and implemented by management. This systems development life cycle (SDLC) describes the stages involved i ...puter operations, which are periodically reviewed, updated and approved by management.<br> ...6 KB (804 words) - 12:14, 23 June 2006
- :::a. [[SOX.2.7.10:|'''SOX.2.7.10''']] Management protects sensitive information— logically and physically, in storage and du :::a. [[SOX.2.7.12:|'''SOX.2.7.12''']] Management has implemented a strategy for cyclical backup of data and programs. ...5 KB (721 words) - 11:49, 28 March 2008
- :::a. [[SOX.3.1.1:|'''SOX.3.1.1''']] Management should monitor security incidents and the extent of compliance with informa ISO 8.5 Network management<br> ...4 KB (517 words) - 18:12, 21 June 2006
- ==Security Management== ...urity Management is based on the code of practice for information security management also known as ISO/IEC 17799. ...32 KB (4,804 words) - 14:10, 27 February 2009
- ...ines a DoD-wide formal and standard set of activities, general tasks and a management structure process for the [[Cyber security certification|certification]] an ...2 KB (322 words) - 10:16, 15 April 2012
- ** '''IT [[Project Portfolio Management]]''' - An inventory of current projects being managed by the information te *** Example: Availability of open-source [[learning management system]]s such as [[Moodle]] ...5 KB (777 words) - 17:59, 16 February 2007
- Management should update BCPs as business processes change. For example, financial ins :* Risk management ...5 KB (705 words) - 13:42, 30 May 2007
- '''Rationale —''' Configuration management includes procedures such that security, availability and processing integri ITIL Configuration Management<br> ...4 KB (506 words) - 18:44, 25 June 2006
- '''Rationale —''' Configuration management includes procedures such that security, availability and processing integri :::a. [[SOX.1.2:|'''SOX.1.2''']] IT management involves users in the design of applications, selection of packaged softwar ...4 KB (501 words) - 18:24, 25 June 2006
- ...chnology - Security techniques - Code of practice for information security management''. ...le for initiating, implementing or maintaining [[ISMS|Information Security Management Systems]] (ISMS). Information security is defined within the standard in th ...8 KB (1,111 words) - 10:30, 15 April 2012
- Determine if the management of third-party services has been assigned to appropriate individuals. Revie ...2 KB (285 words) - 18:35, 14 June 2006
- ...usiness applications (including payroll, finance, logistics, and personnel management applications);<br> ...quipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or recep ...3 KB (368 words) - 00:50, 1 June 2010
- ...equiring expertise in accounting, fraud examination, [[forensic science]], management science, systems engineering, [[security engineering]], and [[criminology]] ...complete, the IA practitioner then develops a [[Risk Management Plan|risk management plan]]. This plan proposes countermeasures that involve mitigating, elimina ...7 KB (983 words) - 10:41, 15 April 2012
- ...pecified in the [[Sample Management Security Awareness Standard:|'''Sample Management Security Awareness Standard''']].<br> Company management is responsible for ensuring employees within their area of responsibility c ...5 KB (728 words) - 14:07, 1 May 2010
- :::a. [[SOX.2.7.12:|'''SOX.2.7.12''']] Management has implemented a strategy for cyclical backup of data and programs. ...2 KB (280 words) - 19:58, 25 June 2006
- :::a. [[SOX.2.0.8:|'''SOX.2.0.8''']] IT management has established procedures across the organization to protect information s ...2 KB (279 words) - 19:02, 25 June 2006
- :::a. [[SOX.2.7.10:|'''SOX.2.7.10''']] Management protects sensitive information— logically and physically, in storage and du ...2 KB (274 words) - 19:44, 25 June 2006
- ==Communications and Operations Management== ...y and cost effective service to client financial institutions. Institution management should monitor any changes in the current strategies and plans of independe ...19 KB (2,609 words) - 13:51, 23 May 2007
- :::a. [[SOX.2.0.8:|'''SOX.2.0.8''']] IT management has established procedures across the organization to protect information s :::a. SOX.3.1.1: Management should monitor security incidents and the extent of compliance with informa ...8 KB (1,177 words) - 19:00, 25 June 2006
- :::a. [[SOX.2.7.15:|'''SOX.2.7.15''']] Management has established, documented and followed standard procedures for IT operati ITIL ICT Infrastructure Management<br> ...4 KB (522 words) - 20:12, 25 June 2006
- ...ewed for financial reporting systems and subsystems on a periodic basis by management. ...2 KB (292 words) - 17:47, 25 June 2006
- ::'''PCI-12.3.1:''' Explicit management approval to use the devices. ...2 KB (286 words) - 15:19, 2 March 2007
- Determine if the management of third-party services has been assigned to appropriate individuals.<br> ...2 KB (295 words) - 15:33, 25 June 2006
- '''Federal Information Security Management Act (FISMA)''' ...the implementation of and compliance with the Federal Information Security Management Act including: ...9 KB (1,252 words) - 19:19, 19 April 2010
- ITIL Security Management<br> ITIL Security Management Measures<br> ...4 KB (544 words) - 17:11, 5 May 2006
- :::a. [[SOX.1.3:|'''SOX.1.3''']] IT management implements system software that does not jeopardize the security of the dat ...2 KB (303 words) - 19:58, 23 June 2006
- <br>Ensure that security techniques and related management procedures (e.g., firewalls, security appliances, network segmentation, and ...puter operations, which are periodically reviewed, updated and approved by management.<br> ...6 KB (781 words) - 12:31, 23 June 2006
- ..., information about responsibilities for classification of information and management of organizational information facilities that the person may use<br> ===Management responsibilities=== ...10 KB (1,387 words) - 14:04, 22 May 2007
- ...-9.7.2:''' All media sent outside the facility is logged and authorized by management and sent via secured courier or other delivery mechanism that can be tracke ...2 KB (307 words) - 14:24, 2 March 2007
- ...of scenarios have been calculated with risk analysis, the process of risk management can be applied to help manage the risk. ...1 KB (215 words) - 18:32, 13 April 2007
- 1.Inquire as to the type of information that is used by management to determine the completeness and timeliness of system and data processing. ...2 KB (301 words) - 20:18, 25 June 2006
- ...hird party’s financial stability, skill and knowledge of the systems under management, and controls over security, availability and processing integrity. ...2 KB (302 words) - 15:57, 25 June 2006
- ...the agencies and revised, if necessary, based on examiner feedback. Senior management of each agency performed the final review and approval and then formally re :* IT Management ...15 KB (2,060 words) - 17:47, 15 June 2007
- ...s and standards) that are needed to create, implement, and maintain a risk management-based Information Security Program that complies with SOX Section 404.<br> ...1 KB (204 words) - 13:03, 14 July 2006
- ::* Requirement for an authorization form that is signed by management and specifies required privileges. ...2 KB (314 words) - 14:09, 1 March 2007
- ...tify trends in usage, particularly in relation to business applications or management information system tools. Managers should use this information to identify ITIL 4.5 Establishing the IS direction ICT Infrastructure Management, Design and Planning.<br> ...4 KB (586 words) - 01:37, 1 May 2006
- '''DS 11.1 Business Requirements for Data Management '''<br> ...2 KB (244 words) - 17:51, 5 May 2006
- :a. [[SOX.2.1.5.18:|'''SOX.2.1.5.18''']] Routing protocols are approved by management.<br> ...9''']] Unauthorized network tapping does not occur without the approval of management.<br> ...7 KB (901 words) - 13:44, 23 June 2006
- '''DS 5.3 Identity Management'''<br> ...iness needs and job requirements. User access rights are requested by user management, approved by system owner and implemented by the security-responsible perso ...6 KB (870 words) - 18:08, 21 June 2006
- '''Risk assessment''' is a step in the [[risk management]] process. Risk assessment is [[measurement|measuring]] two quantities of Risk assessment may be the most important step in the risk management process, and may also be the most difficult and prone to error. Once risks ...10 KB (1,633 words) - 16:03, 22 December 2007
- ::'''PCI-6.4.2:''' Obtain evidence that management sign-off by appropriate parties is present for each sampled change.<br> ...2 KB (307 words) - 18:42, 28 February 2007
- :a. [[SOX.2.1.4.18:|'''SOX.2.1.4.18''']] Routing protocols are approved by management.<br> ...9''']] Unauthorized network tapping does not occur without the approval of management.<br> ...7 KB (901 words) - 13:43, 23 June 2006
- Determine if the management of third-party services has been assigned to appropriate individuals.<br> ...3 KB (335 words) - 14:05, 26 February 2007
- ...jectives for establishing specific standards on the assessment and ongoing management of wireless technologies utilized for the extension of network infrastructu ==Access Point Management== ...8 KB (1,123 words) - 16:01, 2 August 2009
- ...nicated and understood within its respective organizational units. Company management also is responsible for defining, approving, and implementing processes and ...are responsible for reporting software copyright violations and misuse to management, and cooperating with official Company security investigations relating to ...7 KB (953 words) - 14:13, 1 May 2010
- ::'''PCI-12.7:''' Inquire of Human Resource department management and determine that there is a process in place to perform background checks ...2 KB (319 words) - 20:10, 2 March 2007
- ITIL Financial Management for IT Services<br> ...2 KB (258 words) - 14:48, 5 May 2006
- ==Information Technology Management Reform Act of 1996== ...ision E: Information Technology Management Reform - Information Technology Management Reform Act of 1996 - Title LI (sic): Responsibility for Acquisitions of Inf ...10 KB (1,502 words) - 19:27, 4 April 2010
- ITIL ICT Infrastructure Management.<br> ...2 KB (263 words) - 12:37, 4 May 2006
- ...f making data unavailable should anything go wrong with data handling, key management, or the actual encryption. For example, a loss of encryption keys or other # Effective key management practices ...13 KB (2,019 words) - 11:46, 28 March 2008
- Ensure that quality management focuses on customers by determining their requirements and aligning them to ...2 KB (273 words) - 20:01, 1 May 2006
- ::'''(C)''' ensuring that information security management processes are integrated with agency strategic and operational planning pro ::'''(A)''' shall include testing of management, operational, and technical controls of every information system identified ...10 KB (1,576 words) - 12:50, 4 June 2010
- ==PO 1.1 IT Value Management== ...d systems development methodology should be established and implemented by management. This systems development life cycle (SDLC) describes the stages involved i ...6 KB (847 words) - 17:21, 25 April 2007
- ==Software Configuration Management== Software Configuration Management (SCM) is the discipline whose objective is to identify the configuration of ...22 KB (3,132 words) - 19:07, 17 April 2007
- ISO 8.5 Network management.<br> ...2 KB (291 words) - 13:41, 6 March 2007
- ...ssful resumption of the IT function after a disaster, determine whether IT management has established procedures for assessing the adequacy of the plan and updat ...2 KB (299 words) - 19:17, 22 June 2006
- ..., so all stakeholders can take timely responsibility for the production of management, user and operational procedures, as a result of the introduction or upgrad ...2 KB (286 words) - 16:55, 3 May 2006
- ::'''(C)''' ensuring that information security management processes are integrated with agency strategic and operational planning pro ::'''(A)''' shall include testing of management, operational, and technical controls of every information system identified ...11 KB (1,610 words) - 19:37, 3 June 2010
- ITIL Service Delivery, Service Level Management.<br> ...2 KB (279 words) - 14:17, 3 May 2006
- '''DS 12.5 Physical Facilities Management '''<br> ...2 KB (268 words) - 15:01, 8 May 2006
- ...security staff, and specialist skills in areas such as insurance and risk management.<br> ITIL 4.3 The management governance framework ICT Infrastructure Management, Annex 2B.<br> ...9 KB (1,301 words) - 16:55, 25 April 2007
- :::a. SOX.1.2: IT management involves users in the design of applications, selection of packaged softwar ...3 KB (354 words) - 13:39, 22 June 2006
- * Review, negotiation and establishment of management responses.<br> ...2 KB (284 words) - 12:41, 4 May 2006
- Prepare a quality management plan that describes the project quality system and how it will be implement ...2 KB (295 words) - 01:42, 2 May 2006
- * Review, negotiation and establishment of management responses.<br> ...2 KB (286 words) - 13:05, 4 May 2006
- A well-defined, supported, enforced management policy maximizes the rewards and minimizes the risks of the open-source sof ===Extend vulnerability management to open-source solutions.=== ...11 KB (1,601 words) - 12:58, 10 April 2007
- '''AI 5.2 Supplier Contract Management'''<br> ...2 KB (287 words) - 17:04, 3 May 2006
- ...development to testing to operations in line with the implementation plan. Management should require that system owner authorization be obtained before a new sys ...2 KB (302 words) - 17:57, 3 May 2006
- ...es in the business. When policies and procedures are changed, determine if management approves such changes. Select a sample of projects and determine that user ...3 KB (364 words) - 17:41, 21 June 2006
- ITIL Service Delivery, Service Level Management<br> ...2 KB (294 words) - 18:25, 5 May 2006
- ...Name>''' (the "Company") [[Sample Asset Management Policy:|'''Sample Asset Management Policy''']] defines objectives for establishing specific standards for prop ...tives established in the [[Sample Asset Management Policy:|'''Sample Asset Management Policy''']], and provides specific instructions and requirements for the de ...12 KB (1,656 words) - 14:15, 1 May 2010
- ::'''PCI-6.5.10:''' Insecure configuration management.<br> ...3 KB (346 words) - 14:03, 1 March 2007
- * PCI.9.8: Ensure management approves all media that is moved from a secured area (especially when media ...2 KB (308 words) - 18:06, 5 May 2006
- ...rative access. Use technologies such as SSH, VPN, or SSL/TLS for web-based management and other non-console administrative access.]]<br> ...2 KB (283 words) - 17:00, 26 June 2006
- ...is designed to be completed by the insurance company's information systems management before the IS specialist(s) assigned to the examination begin(s) fieldwork. ..., whereby the examiner inspects a judgmental number of information systems management reports issued during the period under review. Other controls, such as prog ...8 KB (1,155 words) - 20:14, 25 June 2006
- 2. Discuss with members of the organization responsible for service level management and test evidence to determine whether service levels are actively managed. ...3 KB (342 words) - 15:05, 25 June 2006
- =='''Sample Life Cycle Management Standard'''== ...Name>''' (the "Company") [[Sample Asset Management Policy:|'''Sample Asset Management Policy''']] defines objectives for establishing specific standards for prop ...16 KB (2,312 words) - 14:14, 1 May 2010
- ...ces the possibility for a single individual to subvert a critical process. Management also makes sure that personnel are performing only authorized duties releva ...gregate, other controls such as monitoring of activities, audit trails and management supervision should be considered. It is important that [[Information_Securi ...4 KB (591 words) - 19:45, 14 June 2007
- ITIL Service Delivery, Service Level Management<br> ...2 KB (294 words) - 18:26, 5 May 2006
- ...sourced services is performed in accordance with the organization's vendor management policy. ISO 8.5 Network management<br> ...5 KB (674 words) - 18:14, 21 June 2006
- ...urrent Federal computing environment and provide effective government-wide management and oversight of the related information security risks, including coordina ...1 KB (192 words) - 10:33, 1 June 2010
- ...urrent Federal computing environment and provide effective government-wide management and oversight of the related information security risks, including coordina ...1 KB (192 words) - 10:36, 1 June 2010
- :::If considered appropriate, for example for cost reasons, management may wish to make use of independently evaluated and certified products. Fur ISO/IEC TR 13335-3 provides guidance on the use of risk management processes to identify requirements for security controls.<br> ...5 KB (738 words) - 20:24, 1 May 2006
- ITIL Service Delivery, Availability Management.<br> ...2 KB (304 words) - 20:21, 1 May 2006
- It has been superseded by the [[FISMA | Federal Information Security Management Act of 2002]] ...1 KB (168 words) - 11:37, 23 May 2010
- ...jectives for establishing specific standards on the assessment and ongoing management of vulnerabilities.<br> ...y Assessment and Management Policy:|'''Sample Vulnerability Assessment and Management Policy''']], and provides specific instructions and requirements for assess ...11 KB (1,433 words) - 14:11, 1 May 2010
- :::a. SOX.3.1.1: Management should monitor security incidents and the extent of compliance with informa ...2 KB (303 words) - 17:36, 5 May 2006
- ITIL Service Delivery, Service Level Management<br> ...2 KB (302 words) - 18:25, 5 May 2006
- ITIL ICT Infrastructure Management, Annex 2A.<br> ...2 KB (309 words) - 18:13, 1 May 2006
- 2. Inquire whether management has performed an independent assessment of controls within the past year (e ...3 KB (360 words) - 17:03, 9 April 2007
- ...es and procedures (e.g., hiring, positive work environment and orienting). Management implements processes to ensure that the organization has an appropriately d ...2 KB (312 words) - 18:19, 3 May 2006
- ...mation technology (IT) systems and their performance management and [[risk management]]. The rising interest in IT governance is partly due to compliance initiat ...ce]] and deals primarily with the connection between business focus and IT management of an organization. It highlights the importance of information technology ...12 KB (1,686 words) - 11:47, 30 May 2015
- ITIL ICT Infrastructure Management, Annex 2B.<br> ...2 KB (311 words) - 14:12, 1 May 2006
- ...d systems development methodology should be established and implemented by management. This systems development life cycle (SDLC) describes the stages involved i ...3 KB (369 words) - 16:09, 21 June 2006
- ...d systems development methodology should be established and implemented by management. This systems development life cycle (SDLC) describes the stages involved i ...3 KB (368 words) - 11:58, 22 June 2006
- ...sourced services is performed in accordance with the organization's vendor management policy.<br> ...2 KB (321 words) - 15:35, 25 June 2006
- ...How Do You Protect And Store Vital Records? Retrieved from the UW Records Management Web site: http://f2.washington.edu/fm/recmgt/managing/vitalrecords/store * Haag, Cummings, McCubbrey, Pinsonneult, and Donovan. (2004). Information Management Systems, For The Information Age. McGraw-Hill Ryerson. ...5 KB (785 words) - 11:34, 27 October 2012
- 3. Select a sample of new users and determine if management approved their access and the access granted agrees with the access privile ...3 KB (382 words) - 17:41, 25 June 2006
- ...pensation frameworks for personnel, including the requirement to adhere to management policies and procedures and the code of ethics and professional practices. ...2 KB (329 words) - 19:26, 1 May 2006
- ...s). Monitor execution of the plans, and report on any deviations to senior management.<br> ...2 KB (325 words) - 01:16, 2 May 2006
- :::a. SOX.3.1.1: Management should monitor security incidents and the extent of compliance with informa ...2 KB (327 words) - 13:18, 4 May 2006
- ...; and (2) whether the controls related to the control objectives stated in management's description of the service organization's system were suitably designed t ...; and (3) whether the controls related to the control objectives stated in management's description of the service organization's system operated effectively thr ...10 KB (1,457 words) - 21:20, 21 August 2012
- ...cated and understood within their respective organizational units. Company management also is responsible for defining, approving and implementing procedures in ...the Information Security Standards Exception Procedure. Prior to official management approval of any exception request, the individuals, groups, or organization ...7 KB (976 words) - 14:17, 1 May 2010
- ...rative access. Use technologies such as SSH, VPN, or SSL/TLS for web-based management and other non-console administrative access.<br> ITIL Security Management.<br> ...7 KB (975 words) - 16:57, 9 April 2007
- ITIL Software Asset Management.<br> ...2 KB (311 words) - 16:29, 1 May 2006
- ...amework should be integrated with the IT process framework and the quality management system, and comply with overall business objectives. It should be aimed at ...2 KB (331 words) - 18:47, 1 May 2006
- ITIL Appendix F, Cost Benefit Analysis for IT Service Management Processes.<br> ...2 KB (339 words) - 18:28, 1 May 2006
- :'''PCI-8.5 Ensure proper user authentication and password management for non-consumer users and administrators, on all system components:'''<br> ...3 KB (467 words) - 15:27, 1 March 2007
- ITIL Service Delivery, Service Level Management<br> ...2 KB (332 words) - 18:24, 5 May 2006
- :::a. SOX.3.1.1: Management should monitor security incidents and the extent of compliance with informa ...2 KB (340 words) - 17:40, 5 May 2006
- ...Name>''' (the "Company") [[Sample Asset Management Policy:|'''Sample Asset Management Policy''']] defines objectives for establishing specific standards for prop ...tives established in the [[Sample Asset Management Policy:|'''Sample Asset Management Policy''']], and provides specific instructions and requirements for follow ...12 KB (1,684 words) - 14:14, 1 May 2010
- ITIL Change Management.<br> ...2 KB (346 words) - 20:00, 23 June 2006
- :::*If considered appropriate, for example for cost reasons, management may wish to make use of independently evaluated and certified products. Fur ISO/IEC TR 13335-3 provides guidance on the use of risk management processes to identify requirements for security controls.<br> ...6 KB (878 words) - 13:34, 23 June 2006
- ...hanges to business processes, technology and skills are assessed. Business management, supported by the IT function, should assess the feasibility and alternativ ...2 KB (357 words) - 14:15, 3 May 2006
- ITIL ICT Infrastructure Management, Technical Support.<br> ...2 KB (351 words) - 17:03, 21 June 2006
- :::a. [[SOX.1.2:|'''SOX.1.2''']] IT management involves users in the design of applications, selection of packaged softwar ...3 KB (365 words) - 19:02, 17 April 2007
- Information might be put at risk by external parties with inadequate security management. Controls should be identified and applied to administer external party acc Organizations may face risks associated with inter-organizational processes, management, and communication if a high degree of outsourcing is applied, or where the ...21 KB (3,010 words) - 15:52, 25 June 2006
- ::[[Image:Key-control.jpg]][[PCI-12.3.1:|PCI-12.3.1 Explicit management approval.]]<br> ...CI-12.5 Assign to an individual or team the following information security management responsibilities:'''<br> ...7 KB (988 words) - 19:11, 7 July 2006
- ::Interested Executive and Business Unit Management. ...2 KB (315 words) - 18:46, 25 September 2006
- #[[Getting it Right in Records Management | Getting it Right in Records Management]] ...rds management survey - call for sustainable ... | 2009 electronic records management survey - call for sustainable ...]] ...16 KB (2,124 words) - 11:06, 16 March 2010
- ISO 17799 9.2 User access management.<br> ...3 KB (363 words) - 16:53, 9 April 2007
- ...odies, such as an IT strategy committee, to provide strategic direction to management relative to IT, ensuring that the strategy and objectives are cascaded down ...3 KB (410 words) - 13:30, 4 May 2006
- Set up formal change management procedures to handle in a standardized manner all requests (including maint ...is standardized, logged, approved, documented and subject to formal change management procedures.<br> ...10 KB (1,393 words) - 14:28, 23 June 2006
- ...e and risk profile. Issues to consider include access rights and privilege management, protection of sensitive information at all stages, authentication and tran ...3 KB (374 words) - 15:05, 3 May 2006
- ISO 11.1 Aspects of [[Business_Continuity_Management: | business continuity management]].<br> ...2 KB (272 words) - 18:05, 25 April 2007
- :::a. SOX.2.0.1: Organizational policies and management procedures are in place to ensure the IT function is controlled properly.<b ...3 KB (397 words) - 13:28, 4 May 2006
- ...llowing aspects of on-line loan origination and approval tend to make risk management of the lending process more challenging. If not properly managed, these asp ...e risks associated with E-banking services and evaluate the resulting risk management costs against the potential return on investment prior to offering E-bankin ...11 KB (1,523 words) - 10:04, 28 April 2007
- ITIL Service Support, Release Management, 9.3.6 Definitive software library.<br> ...3 KB (382 words) - 18:02, 3 May 2006
- ...l locks, keypad, passwords, and biometrics), labeling, and logged access. Management should establish access controls to limit access to media, while ensuring t ...uately protect the data from the risks of reconstruction. Where practical, management should log the disposal of sensitive media, especially computer-based media ...9 KB (1,246 words) - 18:20, 10 April 2007
- :::a. [[SOX.1.2:|'''SOX.1.2''']] IT management involves users in the design of applications, selection of packaged softwar ...3 KB (394 words) - 11:59, 23 June 2006
- ...cated and understood within their respective organizational units. Company management also is responsible for defining, approving, and implementing processes and ...Acceptable Use Standard and the associated guidelines provided by Company management. Individuals also are responsible for reporting misuse of Company Internet ...8 KB (1,184 words) - 14:12, 1 May 2010
- ...a standard DoD-wide process with a set of activities, general tasks and a management structure to certify and accredit an [[Automated information system|Automat ...2 KB (229 words) - 10:14, 15 April 2012
- ...technology (IT), services, business processes generally, and human capital management. The CMM has been used extensively worldwide in government, commerce, indus ...capability maturity. Humphrey based this framework on the earlier Quality Management Maturity Grid developed by Philip B. Crosby in his book "Quality Is Free". ...12 KB (1,863 words) - 11:32, 9 June 2010
- ...by establishing policies to identify, classify, and define protection and management objectives, and define acceptable use of Company information assets.<br> ...he development of organizational security standards and effective security management practices.<br> ...10 KB (1,314 words) - 18:06, 15 March 2009
- ITIL 6.1.4 Change management.<br> ...3 KB (424 words) - 17:01, 21 June 2006
- The board of directors and senior management are responsible for ensuring that the institution’s system of internal cont ...hould assign responsibility for the internal audit function to a member of management (hereafter referred to as the “internal audit manager”) who has sufficient ...28 KB (4,089 words) - 14:37, 16 April 2007
- '''PO 6.3 IT Policies Management'''<br> ...3 KB (421 words) - 18:02, 23 June 2006
- ...sider include impact analysis, cost/benefit justification and requirements management.<br> ...3 KB (425 words) - 13:19, 23 June 2006
- [[Category:Information technology management|Governance]] ...2 KB (235 words) - 09:48, 23 October 2012
- '''(4)''' the term '''Director''' means the Director of the Office of Management and Budget;<br> '''(7)''' the term '''information resources management''' means the process of managing information resources to accomplish agency ...5 KB (795 words) - 00:35, 1 June 2010
- ...ongoing legitimate business need for the service as determined by Company management.<br> ...nicated and understood within its respective organizational units. Company management also is responsible for defining, approving, and implementing processes and ...10 KB (1,473 words) - 14:13, 1 May 2010
- ...tives and backlogged transactions, and the costs associated with downtime. Management should establish recovery priorities for business processes that identify e ...3 KB (453 words) - 18:45, 25 April 2007
- ...sets by establishing policies to identify, classify, define protection and management objectives, and define acceptable use of Company information assets.<br> ...he development of organizational security standards and effective security management practices.<br> ...8 KB (1,068 words) - 17:23, 16 October 2009
- ...structure (major machinery or computing/network resource). As such, [[risk management]] must be incorporated as part of BCP. ...for implementing, operating and improving a documented business continuity management system (BCMS). ...15 KB (2,046 words) - 11:39, 27 October 2012
- ...s to the propriety of a post, it is best to refrain and seek the advice of management.<br> ...nicated and understood within its respective organizational units. Company management also is responsible for planning education and awareness activities.<br> ...9 KB (1,430 words) - 14:56, 28 August 2009
- ...d systems development methodology should be established and implemented by management. This systems development life cycle (SDLC) describes the stages involved i ...3 KB (460 words) - 16:08, 21 June 2006
- ...policies to assess, identify, prioritize, and manage vulnerabilities. The management activities will support organizational objectives for mitigating the vulner ...2 KB (316 words) - 15:19, 13 January 2014
- ::* Management’s role in IT audit activities; :3. Review management’s response to issues raised since the last examination. Consider: ...32 KB (4,518 words) - 17:53, 11 April 2007
- ...[information technology]] (IT) services. ITIL outlines an extensive set of management [[procedure]]s that are intended to support businesses in achieving both qu ...s (hence the term ''Library''), each of which covers a core area within IT Management. The names ''ITIL'' and ''IT Infrastructure Library'' are Registered Trade ...37 KB (5,348 words) - 10:12, 8 September 2011
- ...tify trends in usage, particularly in relation to business applications or management information system tools. ...3 KB (490 words) - 13:42, 4 May 2006
- '''PO 5.5 Benefit Management'''<br> ...3 KB (475 words) - 13:09, 23 June 2006
- ...covered that with an organized, systematic approach, you can approach risk management effectively. Risk simply put is the negative impact to business assets by t ...lping you understanding the core elements of a successful IT security risk management program for a commercial enterprise, the processes of calculating the cost ...23 KB (3,630 words) - 10:19, 27 October 2012
- ...cording to whether the risk management method is in the context of project management, security, risk analysis, industrial processes, financial portfolios, actua Certain aspects of many of the risk management standards have come under criticism for having no measurable improvement on ...27 KB (4,185 words) - 23:45, 10 March 2010
- ::[[Image:Key-control.jpg]][[PCI-9.8:|PCI-9.8 Ensure management approves all media that is moved from a secured area (especially when media ...4 KB (604 words) - 15:30, 1 March 2007
- ...usiness applications (including payroll, finance, logistics, and personnel management applications).<br> ...2 KB (327 words) - 00:58, 1 June 2010
- ...nicated and understood within its respective organizational units. Company management also is responsible for planning threat assessment activities.<br> ...the Information Security Standards Exception Procedure. Prior to official management approval of any exception request, the individuals, groups, or organization ...8 KB (1,149 words) - 14:09, 1 May 2010
- :::a. [[SOX.2.0.1:|'''SOX.2.0.1''']] Organizational policies and management procedures are in place to ensure the IT function is controlled properly.<b ...4 KB (583 words) - 12:06, 23 June 2006
- ...s a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other crit ...4 KB (556 words) - 14:03, 8 March 2007
- ::*'''Maintain a Vulnerability Management Program.''' ...2 KB (346 words) - 12:22, 31 January 2014
- ...mation security policies and procedures with related information resources management policies and procedures; and<br> ...3 KB (414 words) - 11:45, 4 June 2010
- ...e added, modified, and deleted in accordance with Company-approved account management processes.<br> ...cated and understood within their respective organizational units. Company management also is responsible for defining, approving and implementing procedures in ...14 KB (1,956 words) - 14:16, 1 May 2010
- ...cted misuse of these systems should be reported to the appropriate Company management representative in a timely manner. Specific instructions and requirements f ...3 KB (464 words) - 17:48, 14 January 2014
- ...cated and understood within their respective organizational units. Company management also is responsible for defining, approving and implementing procedures in ...the Information Security Standards Exception Procedure. Prior to official management approval of any exception request, the individuals, groups, or organization ...12 KB (1,711 words) - 14:16, 1 May 2010
- ...cted misuse of these systems should be reported to the appropriate Company management representative in a timely manner. Specific instructions and requirements f ...4 KB (507 words) - 14:58, 21 January 2014
- ...checking software, combined with strict change controls and configuration management. ...4 KB (568 words) - 17:25, 10 April 2007
- ISO 17799 8.5 Network management.<br> ...5 KB (666 words) - 15:23, 25 June 2006
- Many clients using LEDES use Uniform Task-Based Management System, a legal task classification system. ...3 KB (412 words) - 11:45, 27 August 2011
- :* Meet with IT management to determine possible areas of concern. ...d is stored properly. Finally the auditor should attain verification from management that the encryption system is strong, not attackable and compliant with all ...21 KB (3,112 words) - 16:52, 15 June 2007
- ...nicated and understood within its respective organizational units. Company management also is responsible for planning threat monitoring activities.<br> ...the Information Security Standards Exception Procedure. Prior to official management approval of any exception request, the individuals, groups, or organization ...12 KB (1,720 words) - 14:10, 1 May 2010
- ...jectives for establishing specific standards on the assessment and ongoing management of vulnerabilities.<br> ...Guidelines''' builds on the objectives established in the '''Vulnerability Management Standard''', and provides specific instructions and requirements for assess ...14 KB (2,165 words) - 16:53, 22 September 2009
- ...corporation is governed. The principal stakeholders are the shareholders, management, and the board of directors. Other stakeholders include employees, customer ...needs of shareholders and other stakeholders, by directing and controlling management activities with good business savvy, objectivity, accountability and integr ...29 KB (4,284 words) - 17:19, 20 April 2010
- *Change Board (CB) - An appropriate management Board used to review the change process and specific changes where required ...3 KB (533 words) - 14:15, 23 April 2010
- *[http://www.sb-1386.com/ The SB 1386 Management Toolkit] ...3 KB (522 words) - 13:52, 26 October 2011
- ...pted to accomplish this by setting up [[risk management|risk]] and capital management requirements designed to ensure that a bank has capital adequacy for the ri ...er the title of residual risk. It gives banks a power to review their risk management system. ...19 KB (2,934 words) - 21:46, 2 September 2012
- ==Risk Management== ...ng some or all of the consequences of a particular risk. Traditional risk management focuses on risks stemming from physical or legal causes (e.g. natural disas ...43 KB (6,368 words) - 11:22, 4 July 2015
- ...ormation Security Committee is comprised of lawyers, government policy and management professionals, information technology and security professionals, notaries :'''[[System Security: A Management Perspective]]'''<br> ...10 KB (1,527 words) - 12:47, 25 April 2007
- ...mation security policies and procedures with related information resources management policies and procedures;<br> ...4 KB (671 words) - 10:44, 1 June 2010
- ...is kept in a safe environment. If security is breached because of improper management or protection, then the responsible company may be held liable, and may be ...4 KB (561 words) - 16:45, 29 August 2014
- ...d systems development methodology should be established and implemented by management. This systems development life cycle (SDLC) describes the stages involved i ...6 KB (863 words) - 13:12, 23 June 2006
- ## Capacity management and load balancing techniques should be used, as deemed necessary, to help ...5 KB (646 words) - 21:03, 15 January 2014
- * ISO 17799/27002 - Code of Practice for Information Security Management. ...6 KB (774 words) - 12:41, 25 May 2007
- ...:|PCI-1.1.4 Description of groups, roles, and responsibilities for logical management of network components.]]<br> ...5 KB (702 words) - 12:20, 16 June 2010
- ## The SIRT shall provide Company management with periodic status reports on the response activities. ...5 KB (737 words) - 15:24, 21 January 2014
- ...of the number of network members, which very quickly requires complex key management schemes to keep them all straight and secret. The difficulty of establishin ===Digital Rights Management=== ...26 KB (3,873 words) - 11:44, 28 March 2008
- ...jective of financial reporting is to provide information that is useful to management and stakeholders for resource allocation decisions. For financial informati ...box logging is to protect a continuous auditing system against auditor and management manipulations. ...15 KB (2,212 words) - 17:29, 19 February 2015
- '''Maintain a Vulnerability Management Program''' ...8 KB (1,208 words) - 17:00, 9 April 2007
- ...individual keys for [[Encryption | encryption]] may raise significant key management issues. ...mplex applications, provides a number of services that allow remote system management, distributed processing, and other network-related functions. In many cases ...28 KB (4,261 words) - 11:45, 28 March 2008
- ...m ‘processing’ is broadly defined to include the procurement, use, access, management, transfer, disposal, disclosure or storage of personal data of an identifie ...ion, diagnosis, health care delivery, medical treatment or health services management, where the data subject is unable to give consent in the manner established ...18 KB (2,869 words) - 17:46, 29 August 2014
- ...corporation is governed. The principal stakeholders are the shareholders, management, and the board of directors. Other stakeholders include employees, customer ...needs of shareholders and other stakeholders, by directing and controlling management activities with good business savvy, objectivity, accountability and integr ...45 KB (6,604 words) - 15:20, 15 April 2010
- ...tity, clearly class as PII under the definition used by the U.S. Office of Management and Budget (described in detail below): ...2007 in a memorandum from the Executive Office of the President, Office of Management and Budget (OMB), and that usage now appears in US standards such as the [h ...12 KB (1,899 words) - 12:24, 12 November 2011
- Security administrators SHOULD consider issues related to privilege management for all types of users. For example, in a database with many usernames, it ...he benefits offered by roles. Roles greatly simplify the task of privilege management in complicated environments.<br> ...22 KB (3,612 words) - 16:20, 15 November 2007
- ...islation set new or enhanced standards for all U.S. public company boards, management and public accounting firms. It does not apply to privately held companies. ...sses. In many cases, Audit Committee members were not truly independent of management. ...38 KB (5,614 words) - 14:31, 15 April 2010
- ...e added, modified, and deleted in accordance with Company-approved account management processes. ...8 KB (1,182 words) - 19:41, 15 January 2014
- ...the cutting edge of IT security, [http://lazarusalliance.com/services/risk-management/ risk], privacy, [http://lazarusalliance.com/services/policies-governance/ ...compliance], [http://lazarusalliance.com/services/risk-management/ IT Risk Management] and more, please visit Lazarus Alliance for more information.<br> ...9 KB (1,241 words) - 20:49, 13 September 2016
- ...Agency. Further, any national administrative organ which has notified the Management and Coordinator Agency must compile a directory of all personal file holdin ...19 KB (2,863 words) - 16:43, 21 September 2011
- ...sourced services is performed in accordance with the organization’s vendor management policy. :::c. [[SOX.2.0.13:| '''SOX.2.0.13''']] IT management determines that, before selection, potential third parties are properly qua ...39 KB (5,914 words) - 17:55, 13 April 2007
- # Julie Cohen, A Right to Read Anonymously: A Closer Look at “Copyright Management” In Cyberspace, 28 CONN. L. REV. 981 (1996) (summarizing First Amendment pr ...ies' competing interests favors disclosure." Similarly, Highfields Capital Management, L.P. v. Doe, 385 F.Supp.2d 969 (N.D.Cal., 2005) requires more from the Pla ...15 KB (2,359 words) - 19:34, 10 April 2011
- * Constructing a thorough [risk management] on each department handling the nonpublic information ...15 KB (2,184 words) - 17:02, 15 June 2007
- Management and information system administrators should critically evaluate informatio ...ning, and signify their understanding and agreement with the policy before management grants access to the system.<br> ...78 KB (11,440 words) - 02:00, 10 April 2007
- ...the work. Removing it may result in the distortion of computerized rights management or fee-distribution systems. ...es and sanctions against abuses in respect of technical devices and rights management information.<br> ...46 KB (7,265 words) - 12:09, 2 May 2010
- '''Account management''' ...ies (e.g., general ledger, manufacturing resource planning, human resource management). ...74 KB (11,078 words) - 13:08, 9 April 2007
- ** The policies and procedures must reference management oversight and organizational buy-in to compliance with the documented secur ...ystems to comply with the act. (The requirement of risk analysis and risk management implies that the act’s security requirements are a minimum standard and pla ...32 KB (4,732 words) - 19:36, 29 November 2013
- On the other hand, senior management may demand that disaster recovery be put in place before an application is ...20 KB (3,195 words) - 02:47, 23 February 2007
- [[Category:Key management]] ...18 KB (2,766 words) - 11:41, 28 March 2008
- ...rly, a Illinois court found that a tweet was not defamatory. Horizon Group Management v. Bonnen, 2009L008675 (Ill. Cir. Ct., Jan 20, 2010).<br> ...9 KB (1,422 words) - 14:29, 10 April 2011
- * Authentication and password management ...18 KB (2,920 words) - 17:59, 18 May 2007
- ...l of the United States, in consultation with the Director of the Office of Management and Budget, shall develop reporting and performance guidelines in connectio ...18 KB (2,889 words) - 10:47, 22 May 2010
- ...arameter assignment, domain name system management, and root server system management functions. ICANN has approved a number of registrars. See http://www.icann. ...29 KB (4,582 words) - 10:16, 13 April 2011
- ...rvices intended to circumvent measures (commonly known as [[digital rights management]] or DRM) that control access to copyrighted works. It also criminalizes th ...software or devices which are designed to circumvent DRM ([[digital rights management]]) devices, or links from websites whose sole purpose is to circumvent copy ...26 KB (3,969 words) - 11:00, 30 October 2011
- ...f 2009, attempt to mitigate these concerns by excluding reasonable network management from regulation. ...onsumer protection rules, such as requiring ISPs to disclose their network management practices and to allow for consumers to switch ISPs inexpensively, rather t ...52 KB (7,736 words) - 20:12, 1 October 2011
- * [[Identity and Access Management]] ...15 KB (2,222 words) - 15:20, 12 November 2011
- *[[Clinger-Cohen-Act | Information Technology Management Reform Act of 1996]] ...20 KB (2,921 words) - 16:47, 29 August 2014
- ...ces Act of 1977''', Cal. Civil Code § 1798 et seq., limits the collection, management and dissemination of personal information by state agencies. ...22 KB (3,315 words) - 00:16, 16 September 2011
- ...that there was no civil action for violation of provision. I.M.S. Inquiry Management Systems, Ltd. v. Berkshire Information Systems, Inc., S.D.N.Y.2004, 307 F.S ...ore than $5,000 in damage assessment and remedial measures. I.M.S. Inquiry Management Systems, Ltd. v. Berkshire Information Systems, Inc., S.D.N.Y.2004, 307 F.S ...85 KB (12,600 words) - 16:49, 1 March 2009
- ...ctices Act of 1977, Cal. Civil Code § 1798 et seq., limits the collection, management and dissemination of personal information by state agencies. ...23 KB (3,434 words) - 17:34, 13 April 2011
- Similarly, in Sedgwich Claims Management Services, Inc. v. Delsman, No. C 09-1468 SBA, 2009 WL 2157573 (July 17, 200 ...31 KB (4,913 words) - 07:20, 11 April 2011
- ...rd using its "metadata" (information "describing the history, tracking, or management of the electronic document"). See Lorraine v. Markel American Ins. Co., 241 ...43 KB (6,432 words) - 13:22, 5 August 2011
- ...cified in section 3 of the ''[[Immigration and Naturalization Service Data Management Improvement Act of 2000]]''. Congress wanted the primary focus of developme ...lligence-related activities of the United States Government, the Community Management Account, and the Central Intelligence Agency Retirement Disability System, ...142 KB (21,198 words) - 10:23, 23 August 2011
- 16. '''I.M.S. Inquiry Management Systems, Ltd. v. Berkshire,''' 307 F.Supp.2d 521 (SDNY 2004). Section 1030( ...53 KB (7,910 words) - 21:25, 13 April 2011
- ...h warrant into an unconstitutional general warrant. United States v. Fleet Management Ltd., 521 F. Supp. 2d 436, 443-44 (E.D. Pa. 2007); see also Otero, 563 F.3d ...138 KB (21,660 words) - 13:18, 5 August 2011
- ...all lawful purposes, including to ensure that their use is authorized, for management of the system, to facilitate protection against unauthorized access, and to ...154 KB (23,956 words) - 13:16, 5 August 2011