Documente Academic
Documente Profesional
Documente Cultură
04/14/2014
Status
' a n a g e m e n t di r e c ti o n f o r in f o r m a ti o n s e c u ri t y
In t e r n al O r g a ni s a ti o n
' o (i le d e vi c e s a n d t el e ) o r *i n g
+ ri o r t o e m pl o y m e n t
, u ri n g e m pl o y m e n t
e r m in a ti o n a n d c h a n g e o f e m pl o y m e n t
. e s p o ni (i li t y f o r a s s e t s
In f o r m a ti o n cl a s si fi c a ti o n
' e di a h a n dl in g
/ u si n e s s r e q ui r e m e n t s f o r a c c e s s c o n t r ol
0 s e r a c c e s s m a n a g e m e n t
0 s e r r e s p o n si (i li ti e s
S y s t e m a n d a p pl ic a ti o n a c c e s s c o n t r ol
C r y p o g r a p hi c c o n t r ol s
S e c u r e a r e a s
1 q ui p m e n t
O p e r a ti o n al p r o c e d u r e s a n d r e s p o n si (i li ti e s
+ r o t e c ti o n f r o m m al ) a r e
/ a c * u p
2 o g gi n g a n d m o ni t o ri n g
C o n t r ol o f o p e r a ti o n al s o f t ) a r e
e c h ni c al v ul n e r a (i li t y m a n a g e m e n t
In f o r m a ti o n s y s t e m s a u di t c o n si d e r a ti o n s
3 e t ) o r * s e c u ri t y m a n a g e m e n t
In f o r m a ti o n t r a n s f e r
S e c u ri t y r e q ui r e m e n t s o f in f o r m a ti o n s y s t e m s
S e c u ri t y in d e v el o p m e n t a n d s u p p o r t p r o c e s s e s
e s t d a t a
In f o r m a ti o n s e c u ri t y in s u p pl ie r r el a ti o n s hi p s
S u p pl ie r s e r vi c e d el iv e r y m a n a g e m e n t
' a n a g e m e n t o f in f o s e c in ci d e n t s 4 i m p r o v e m e n t s
In f o r m a ti o n s e c u ri t y c o n ti n ui t y
. e d u n d a n ci e s
C o m pl ia n c e ) it h le g al a n d c o n t r a c t u al r e q ui r e m e n t s
In f o r m a ti o n s e c u ri t y r e vi e ) s
www.halkynconsulting.co.uk
info@halkynconsulting.co.uk
04/14/2014
n 3 e t ) m o r i * s e c u ri t y m m a n a i g e m e n i t
In f o r m a ti o n t r a n s f e r
S e c u ri t y r e q ui r e m e n t s o f in f o r m a ti o n s y s t e m s
S e c u ri t y in d e v el o p m e n t a n d s u p p o r t p r o c e s s e s
e s t d a t a
In f o r m a ti o n s e c u ri t y in s u p pl ie r r el a ti o n s hi p s
S u p pl ie r s e r vi c e d el iv e r y m a n a g e m e n t
' a n a g e m e n t o f in f o s e c in ci d e n t s 4 i m p r o v e m e n t s
In f o r m a ti o n s e c u ri t y c o n ti n ui t y
. e d u n d a n ci e s
C o m pl ia n c e ) it h le g al a n d c o n t r a c t u al r e q ui r e m e n t s
In f o r m a ti o n s e c u ri t y r e vi e ) s
www.halkynconsulting.co.uk
info@halkynconsulting.co.uk
Overview
.his tool is designed to assist a skilled and e/ erienced rofessional ensure that the rele!ant control areas of ,)0 / ,1C 2'0012201" ha!e 3een addressed. .his tool does not constitute a !alid assessment and the use of this tool does not confer ,)0/,1C 2'0012201" certification. .he findings here must 3e confirmed as art of a formal audit / assessment !isit.
2. Collect e!idence.
Post Assessment &. $ecord areas of weakness '. Determine im ro!ement lan
Overview
ent and the use of this tool does not confer ,)0/,1C must 3e confirmed as art of a formal audit / assessment !isit.
4ork with the rele!ant 3usiness stakeholders to determine what the a ro riate sco e of the assessment is. ,dentify and centralise as much e!idence as ossi3le. .his can include olicy documents5 rocess documents5 inter!iew transcri ts etc. 6sing the assessment sco e you can identify what areas of the tool kit are not a ro riate and set these to 1007 to close re orting. 8dditionally5 where suggested audit 9uestions are not rele!ant5 these can 3e re laced with more suita3le ones.
4ork through the tool kit5 re!iewing the e!idence for each control and determining how com liant it is with the re9uirements. .he toolkit allows for this to 3e done in %7 increments. 0n com letion of the re!iew5 the tool kit will gi!e you an o!erall le!el of com liance 3y control area and 3y indi!idual controls. -ake a note of any areas where com liance is unsuita3le :normally less than +07; <or each area of weakness5 work with the rele!ant 3usiness stakeholders to determine how the control can 3e im ro!ed. 8rrange a date to re!iew weak areas to set a target for im ro!ement lans. 1nsure that the ,)-) is re*assessed on a regular 3asis5 ideally once e!ery 12 months.
www.halkynconsulting.co.uk
ISO 27001:2013 Compliance Checklist Section om!liance Assessment Area Initial Assessment Points
Results %in$in&s
Information Security Policies )ana&ement $irection for information security 1. Do )ecurity olicies e/ist= 2. 8re all olicies a ro!ed 3y management= ". 8re olicies ro erly communicated to em loyees= 1. 8re security olicies su3>ect to re!iew= 2. 8re the re!iews conducted at regular inter!als= ". 8re re!iews conducted when circumstances change=
8.%.1.1
8.%.1.2
A'* A'*'1
Or&anisation of information security Internal Or&anisation 8re res onsi3ilities for the rotection of indi!idual assets5 and for carrying out s ecific security rocesses5 clearly identified and defined and communicated to the rele!ant arties= 8re duties and areas of res onsi3ility se arated5 in order to reduce o ortunities for unauthori?ed modification or misuse of information5 or ser!ices=
8.&.1.1
8.&.1.2
)egregation of duties
#age % of 4&
04/14/2014
www.halkynconsulting.co.uk
8.&.1."
Contact with s ecial interest grou s ,nformation security in ro>ect management )o+ile $evices an$ telewor#in&
8.&.2.1
1. Does a mo3ile de!ice olicy e/ist= 2. Does the olicy ha!e management a ro!al= ". Does the olicy document and address additional risks from using mo3ile de!ices :e.g. .heft of asset5 use of o en wireless hots ots etc.; 1. ,s there a olicy for teleworking= 2. Does this ha!e management a ro!al= ". ,s there a set rocess for remote workers to get access= 4. 8re teleworkers gi!en the ad!ice and e9ui ment to rotect their assets=
8.&.2.2
.eleworking
A'7 A'7'1
04/14/2014
www.halkynconsulting.co.uk
8.'.1.1
)creening
1. 8re 3ackground !erification checks carried out on all new candidates for em loyment= 2. 8re these checks a ro!ed 3y a ro riate management authority= ". 8re the checks com liant with rele!ant laws5 regulations and ethics= 4. 8re the le!el of checks re9uired su orted 3y 3usiness risk assessments=
8.'.1.2
1. 8re all em loyees5 contractors and third arty users asked to sign confidentiality and non*disclosure agreements= 2. Do em loyment / ser!ice contracts s ecifically co!er the need to rotect 3usiness information=
A'7'2
-urin& em!loyment 1. 8re managers :of all le!els; engaged in dri!ing security within the 3usiness= 2. Does management 3eha!iour and olicy dri!e5 and encourage5 all em loyees5 contractors and "rd arty users to a ly security in accordance with esta3lished olicies and rocedures=
8.'.2.1
8.'.2.2
Do all em loyees5 contractors and "rd arty ,nformation security awareness5 education users undergo regular security awareness and training training a ro riate to their role and function within the organisation=
04/14/2014
www.halkynconsulting.co.uk
8.'.2."
A'7'3
8.'.".1
1. ,s there a documented rocess for terminating or changing em loyment duties= 2. 8re any information security duties which sur!i!e em loyment communicated to the em loyee or contractor= ". ,s the organisation a3le to enforce com liance with any duties that sur!i!e em loyment=
A'/ A'/'1
Asset mana&ement Res!onsi+ility for assets 1. ,s there an in!entory of all assets associated with information and information rocessing facilities= 2. ,s the in!entory accurate and ke t u to date= 8ll information assets must ha!e a clearly defined owner who is aware of their res onsi3ilities.
8.(.1.1
,n!entory of assets
8.(.1.2
0wnershi of assets
#age ( of 4&
04/14/2014
www.halkynconsulting.co.uk
8.(.1."
8.(.1.4
$eturn of assets
A'/'2
Information classification 1. ,s there a olicy go!erning information classification= 2. ,s there a rocess 3y which all information can 3e a ro riately classified= ,s there a rocess or rocedure for ensuring information classification is a ro riately marked on each asset= 1. ,s there a rocedure for handling each information classification= 2. 8re users of information assets made aware of this rocedure=
8.(.2.1
Classification of information
8.(.2.2
La3elling of information
8.(.2." A'/'3
8.(.".1
1. ,s there a olicy go!erning remo!a3le media= 2. ,s there a rocess co!ering how remo!a3le media is managed= ". 8re the olicy and rocess:es; communicated to all em loyees using remo!a3le media=
#age + of 4&
04/14/2014
www.halkynconsulting.co.uk
8.(.".2
8.(."."
A'0 A'0'1
Access control 1usiness re2uirements for access control 1. ,s there a documented access control olicy= 2. ,s the olicy 3ased on 3usiness re9uirements= ". ,s the olicy communicated a ro riately= 8re controls in lace to ensure users only ha!e access to the network resources they ha!e 3een s ecially authorised to use and are re9uired for their duties= ,s there a formal user access registration rocess in lace= ,s there a formal user access ro!isioning rocess in lace to assign access rights for all user ty es and ser!ices= 8re ri!ileged access accounts se arately managed and controlled=
8.+.1.1
8ccess to networks and network ser!ices 3ser access mana&ement 6ser registration and de*registration 6ser access ro!isioning -anagement of ri!ileged access rights
#age 10 of 4&
04/14/2014
www.halkynconsulting.co.uk
8.+.2.4
8.+.2.%
8.+.2.& A'0'3
8.+.".1
1. ,s there a olicy document co!ering the organisations ractices in how secret authentication information must 3e handled= 2. ,s this communicated to all users=
A'0'4 8.+.4.1
System an$ a!!lication access control ,nformation access restriction ,s access to information and a lication system functions restricted in line with the access control olicy= 4here the access control olicy re9uires it5 is access controlled 3y a secure log*on rocedure= 1. 8re assword systems interacti!e= 2. 8re com le/ asswords re9uired= 8re ri!ilege utility rograms restricted and monitored= ,s access to the source code of the 8ccess Control )ystem rotected=
)ecure log*on rocedures #assword management system 6se of ri!ileged utility rograms 8ccess control to rogram source code
#age 11 of 4&
04/14/2014
www.halkynconsulting.co.uk
ry!to&ra!"y ry!to&ra!"ic controls #olicy on the use of cry togra hic controls Aey management P"ysical an$ environmental security Secure areas 1. ,s there a designated security erimeter= 2. 8re sensiti!e or critical information areas segregated and a ro riately controlled= Do secure areas ha!e suita3le entry control systems to ensure only authorised ersonnel ha!e access= ,s there a olicy on the use of cry togra hic controls= ,s there a olicy go!erning the whole lifecycle of cry togra hic keys=
8.11.1.1
8.11.1.2
8.11.1."
1. Ha!e offices5 rooms and facilities 3een designed and configured with security in mind= 2. Do rocesses for maintaining the security :e.g. Locking u 5 clear desks etc.; e/ist=
8.11.1.4
Ha!e hysical rotection measures to re!ent natural disasters5 malicious attack or accidents 3een designed in= 1. Do secure areas e/ist= 2. 4here they do e/ist5 do secure areas ha!e suita3le olicies and rocesses= ". 8re the olicies and rocesses enforced and monitored=
8.11.1.%
#age 12 of 4&
04/14/2014
www.halkynconsulting.co.uk
8.11.1.&
A'11'2
52ui!ment 1. 8re en!ironmental ha?ards identified and considered when e9ui ment locations are selected= 2. 8re the risks from unauthorised access / assers*3y considered when siting e9ui ment= 1. ,s there a 6#) system or 3ack u generator= 2. Ha!e these 3een tested within an a ro riate timescale= 1. Ha!e risk assessments 3een conducted o!er the location of ower and telecommunications ca3les= 2. 8re they located to rotect from interference5 interce tion or damage= ,s there a rigorous e9ui ment maintenance schedule= 1. ,s there a rocess controlling how assets are remo!ed from site= 2. ,s this rocess enforced= ". 8re s ot checks carried out= 1. ,s there a olicy co!ering security of assets off*site= 2. ,s this olicy widely communicated=
8.11.2.1
8.11.2.2
)u
orting utilities
8.11.2."
Ca3ling security
8.11.2.4
8.11.2.%
$emo!al of assets
8.11.2.&
04/14/2014
www.halkynconsulting.co.uk
8.11.2.'
8.11.2.(
O!erations security O!erational !roce$ures an$ res!onsi+ilities Documented o erating rocedures 1. 8re o erating rocedures well documented= 2. 8re the rocedures made a!aila3le to all users who need them= ,s there a controlled change management rocess in lace= ,s there a ca acity management rocess in lace= Does the organisation enforce segregation of de!elo ment5 test and o erational en!ironments=
Change management Ca acity management )e aration of de!elo ment5 testing and o erational en!ironments Protection from malware
#age 14 of 4&
04/14/2014
www.halkynconsulting.co.uk
8.12.2.1
1. 8re rocesses to detect malware in lace= 2. 8re rocesses to re!ent malware s reading in lace= ". Does the organisation ha!e a rocess and ca acity to reco!er from a malware infection.
A'12'3
1ac#u! 1. ,s there an agreed 3acku olicy= 2. Does the organisation@s 3acku olicy com ly with rele!ant legal frameworks= ". 8re 3acku s made in accordance with the olicy= 4. 8re 3acku s tested=
8.12.".1
,nformation 3acku
Lo&&in& an$ monitorin& 1!ent logging #rotection of log information 8dministrator and o erator logs Clock synchronisation ontrol of o!erational software ,nstallation of software on o erational systems .ec"nical vulnera+ility mana&ement 8re a ro riate e!ent logs maintained and regularly re!iewed= 8re logging facilities rotected against tam ering and unauthorised access= 8re sysadmin / syso logs maintained5 rotected and regularly re!iewed= 8re all clocks within the organisation ,s there a rocess in lace to control the installation of software onto o erational systems=
#age 1% of 4&
04/14/2014
www.halkynconsulting.co.uk
8.12.&.1
Information systems au$it consi$erations ,nformation systems audit controls ommunications security 6etwor# security mana&ement Betwork controls ,s there a network management rocess in lace= 1. Does the organisation im lement a risk management a roach which identifies all network ser!ices and ser!ice agreements= 2. ,s security mandated in agreements and contracts with ser!ice ro!iders :in house and outsourced;. ". 8re security related )L8s mandated=
8.1".1.2
8.1".1." A'13'2
Does the network to ology enforce segregation of networks for different tasks=
04/14/2014
www.halkynconsulting.co.uk
8.1".2.1
1. Do organisational olicies go!ern how information is transferred= 2. 8re rocedures for how data should 3e transferred made a!aila3le to all em loyees= ". 8re rele!ant technical controls in lace to re!ent non*authorised forms of data transfer=
8.1".2.2
Do contracts with e/ternal arties and agreements within the organisation detail the re9uirements for securing 3usiness information in transfer= Do security olicies co!er the use of information transfer while using electronic messaging systems=
8.1".2."
1lectronic messaging
8.1".2.4
1. Do em loyees5 contractors and agents sign confidentiality or non disclosure agreements= 2. 8re these agreements su3>ect to regular re!iew= ". 8re records of the agreements maintained=
A'14 A'14'1
System ac2uisition7 $evelo!ment an$ maintenance Security re2uirements of information systems 1. 8re information security re9uirements s ecified when new systems are introduced= ,nformation security re9uirements analysis 2. 4hen systems are 3eing enhanced or and s ecification u graded5 are security re9uirements s ecified and addressed=
8.14.1.1
04/14/2014
www.halkynconsulting.co.uk
8.14.1.2
)ecuring a networks
8.14.1."
#rotecting a
8re controls in lace to re!ent incom lete transmission5 misrouting5 unauthorised lication ser!ices transactions message alteration5 unauthorised disclosure5 unauthorised message du lication or re lay attacks=
A'14'2
Security in $evelo!ment an$ su!!ort !rocesses 1. Does the organisation de!elo software or systems= 2. ,f so5 are there olicies mandating the im lementation and assessment of security controls= ,s there a formal change control rocess= ,s there a rocess to ensure a technical re!iew is carried out when o erating latforms are changed= ,s there a olicy in lace which mandates when and how software ackages can 3e changed or modified= Does the organisation ha!e documented rinci les on how systems must 3e engineered to ensure security=
8.14.2.1
8.14.2.2 8.14.2."
)ystem change control rocedures .echnical re!iew of a lications after o erating latform changes $estrictions on changes to software ackages
8.14.2.4
8.14.2.%
#age 1( of 4&
04/14/2014
www.halkynconsulting.co.uk
8.14.2.&
8.14.2.'
8.14.2.(
1. ,s there a rocess for selecting test data= 2. ,s test data suita3ly rotected=
)u lier relationshi s Information security in su!!lier relations"i!s 1. ,s information security included in contracts esta3lished with su liers and ser!ice ro!iders= 2. ,s there an organisation*wide risk management a roach to su lier relationshi s=
8.1%.1.1
lier
#age 1+ of 4&
04/14/2014
www.halkynconsulting.co.uk
8.1%.1.2
lier
Do su lier agreements include re9uirements ,nformation and communication technology to address information security within the su ly chain ser!ice C roduct su ly chain= Su!!lier service $elivery mana&ement -onitoring and re!iew of su -anaging changes to su lier ser!ices 8re su audit= liers su3>ect to regular re!iew and
lier ser!ices
8re changes to the ro!ision of ser!ices su3>ect to a management rocess which includes security C risk assessment=
Information security inci$ent mana&ement )ana&ement of information security inci$ents an$ im!rovements $es onsi3ilities and rocedures 8re management res onsi3ilities clearly identified and documented in the incident management rocesses= 1. ,s there a rocess for timely re orting of information security e!ents= 2. ,s there a rocess for re!iewing and acting on re orted information security e!ents=
8.1&.1.2
#age 20 of 4&
04/14/2014
www.halkynconsulting.co.uk
8.1&.1."
1. ,s there a rocess for re orting of identified information security weaknesses= $e orting information security weaknesses 2. ,s this rocess widely communicated= ". ,s there a rocess for re!iewing and addressing re orts in a timely manner= ,s there a rocess to ensure information 8ssessment of and decision on information security e!ents are ro erly assessed and security e!ents classified= ,s there an incident res onse rocess which $es onse to information security incidents reflects the classification and se!erity of information security incidents= Learning from information security incidents ,s there a rocess or framework which allows the organisation to learn from information security incidents and reduce the im act / ro3a3ility of future e!ents= 1. ,s there a forensic readiness olicy= 2. ,n the e!ent of an information security incident is rele!ant data collected in a manner which allows it to 3e used as e!idence=
8.1&.1.4
8.1&.1.%
8.1&.1.&
8.1&.1.'
Collection of e!idence
Information security as!ects of +usiness continuity mana&ement Information security continuity #lanning information security continuity ,s information security included in the organisation@s continuity lans= Does the organisation@s information security function ha!e documented5 im lemented and maintained rocesses to maintain continuity of ser!ice during an ad!erse situation=
8.1'.1.2
#age 21 of 4&
04/14/2014
www.halkynconsulting.co.uk
Derify5 re!iew and e!aluate information security continuity Re$un$ancies 8!aila3ility of information rocessing facilities
om!liance om!liance wit" le&al an$ contractual re2uirements 1. Has the organisation identified and documented all rele!ant legislati!e5 regulatory or contractual re9uirements related to security= 2. ,s com liance documented= 1. Does the organisation kee a record of all intellectual ro erty rights and use of ro rietary software roducts= 2. Does the organisation monitor for the use of unlicensed software= 8re records rotected from loss5 destruction5 falsification and unauthorised access or release in accordance with legislati!e5 regulatory5 contractual and 3usiness re9uirements= 1. ,s ersonal data identified and a ro riately classified= 2. ,s ersonal data rotected in accordance with rele!ant legislation= 8re cry togra hic controls rotected in accordance with all rele!ant agreements5 legislation and regulations=
8.1(.1.1
8.1(.1.2
8.1(.1."
#rotection of records
8.1(.1.4
8.1(.1.%
#age 22 of 4&
04/14/2014
www.halkynconsulting.co.uk
A'1/'2
Information security reviews 1. ,s the organisations a roach to managing information security su3>ect to regular ,nde endent re!iew of information security inde endent re!iew= 2. ,s the im lementation of security controls su3>ect to regular inde endent re!iew=
8.1(.2.1
8.1(.2.2
1. Does the organisation instruct managers to regularly re!iew com liance with olicy and rocedures within their area of res onsi3ility= 2. 8re records of these re!iews maintained=
8.1(.2."
Does the organisation regularly conduct technical com liance re!iews of its information systems=
04/14/2014
www.halkynconsulting.co.uk
Status
07
07
07
07
#age 24 of 4&
04/14/2014
www.halkynconsulting.co.uk
07
07 07
07
07
#age 2% of 4&
04/14/2014
www.halkynconsulting.co.uk
07
07
07
07
04/14/2014
www.halkynconsulting.co.uk
07
07
07
07
04/14/2014
www.halkynconsulting.co.uk
07
07
07
07
07
07
#age 2( of 4&
04/14/2014
www.halkynconsulting.co.uk
07
07
07
07
07 07 07
#age 2+ of 4&
04/14/2014
www.halkynconsulting.co.uk
07
07
07
07
07
07 07 07 07
04/14/2014
www.halkynconsulting.co.uk
07 07
07
07
07
07
07
04/14/2014
www.halkynconsulting.co.uk
07
07
07
07
07
07
07
04/14/2014
www.halkynconsulting.co.uk
07
07
07
07
07 07 07
04/14/2014
www.halkynconsulting.co.uk
07
07
07 07 07 07
07
04/14/2014
www.halkynconsulting.co.uk
07
07
07
07
07
07
04/14/2014
www.halkynconsulting.co.uk
07
07
07
07
07
04/14/2014
www.halkynconsulting.co.uk
07
07
07
07 07
07
07
04/14/2014
www.halkynconsulting.co.uk
07
07
07
07
07
07
04/14/2014
www.halkynconsulting.co.uk
07
07
07 07
07
07
04/14/2014
www.halkynconsulting.co.uk
07
07
07
07
07
07
07
#age 40 of 4&
04/14/2014
www.halkynconsulting.co.uk
07
07
07
07
07
07
07
#age 41 of 4&
04/14/2014
www.halkynconsulting.co.uk
07
07
07
#age 42 of 4&
04/14/2014
www.halkynconsulting.co.uk
info@halkynconsulting.co.uk
Stan$ar$
8.% 8.& 8.' 8.( 8.+ 8.10 8.11 8.12 8.1" 8.14 8.1% 8.1& 8.1' 8.1( ,nformation )ecurity #olicies 0rganisation of information security Human resources security 8sset management 8ccess control Cry togra hy
Section
#hysical and en!ironmental security 0 erations security Communications security )ystem ac9uisition5 de!elo ment and maintenance )u lier relationshi s
,nformation security incident management ,nformation security as ects of 3usiness continuity management Com liance
04/14/2014
#age 1 of 1
www.halkynconsulting.co.uk
info@halkynconsulting.co.uk
Status 07 07 07 07 07 07 07 07 07 07 07 07 07 07
07
04/14/2014
#age 1 of 1
www.halkynconsulting.co.uk
info@halkynconsulting.co.uk
Stan$ar$
8.%.1 8.&.1 8.&.2 8.'.1 8.'.2 8.'." 8.(.1 8.(.2 8.(." 8.+.1 8.+.2 8.+." 8.+.4 8.10.1 8.11.1 8.11.2 8.12.1 8.12.2 8.12." 8.12.4 8.12.% 8.12.& 8.12.' 8.1".1 8.1".2 8.14.1 8.14.2 8.14." 8.1%.1 8.1%.2 8.1&.1 8.1'.1 8.1'.2 8.1(.1 8.1(.2
Section
-anagement direction for information security ,nternal 0rganisation -o3ile de!ices and teleworking #rior to em loyment During em loyment .ermination and change of em loyment $es oni3ility for assets ,nformation classification -edia handling Eusiness re9uirements for access control 6ser access management 6ser res onsi3ilities )ystem and a lication access control Cry ogra hic controls )ecure areas 19ui ment 0 erational rocedures and res onsi3ilities #rotection from malware Eacku Logging and monitoring Control of o erational software .echnical !ulnera3ility management ,nformation systems audit considerations Betwork security management ,nformation transfer )ecurity re9uirements of information systems )ecurity in de!elo ment and su ort rocesses .est data ,nformation security in su lier relationshi s )u lier ser!ice deli!ery management -anagement of infosec incidents C im ro!ements ,nformation security continuity $edundancies Com liance with legal and contractual re9uirements ,nformation security re!iews
04/14/2014
#age 4% of 4&
www.halkynconsulting.co.uk
info@halkynconsulting.co.uk
Status 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07
04/14/2014