Documente Academic
Documente Profesional
Documente Cultură
ISO 17799 Sarbanes-Oxley HIPAA Payment Card Industry NERC Symantec Products,
2005 COBIT® 4.0 Requirements Data Security Standard
GLBA*
Standards CIP
PIPEDA — Canada
Solutions & Capabilities
COSO
Prior to Employment • Information and Communication a) 3. Authorization and/or Supervision (A) maintaining the confidentiality of personal
To ensure that employees, contractors and third party Deliver and Support: a) 3. Workforce Clearance Procedure (A) Maintain an Information Security Policy: information
users understand responsibilities, and are suitable for • DS12 Manage the Physical Environment a) 5. Security Reminders (A) 12. Maintain a policy that addresses information security
their roles
Secure Areas • DS11 Manage Data • Monitoring a) 3. Workforce Clearance Procedure (A) filing cabinets and restricted access to offices
To prevent unauthorized physical access, damage, • DS12 Manage the Physical Environment (b) organizational measures, for example, security
and interference to the organization’s premises and Physical Standard: clearances and limiting access on a “need-to-know”
information a) 1. Facility Access Control basis
a) 2. Facility Security Plan
a) 2. Access Control and Validation
Procedures (A)
Equipment Security b) Workstation Use (R) cabinets and restricted access to offices
To prevent loss, damage, theft or compromise of assets c) Workstation Security
and interruption to the organization’s activities d) 1. Device and Media Controls –
Disposal (R)
d) 2. Media Re-use (R)
d) 2. Device and Media Controls –
Accountability (A)
Physical Standard:
a) 2. Contingency Operations (R)
a) 2. Data Backup and Storage (A)
Media Handling Disposal (R) • 006 – Physical Security as unauthorized access, disclosure, copying, use,
To prevent unauthorized disclosure, modification, d) 2. Media Re-use (R) Implement Strong Access Control Measures: or modification.
removal or destruction of assets, and interruption d) 2. Device and Media Controls - 7. Restrict access to data by business need-to-know
to business activities Accountability (A) 8. Assign a unique ID to each person with computer access • 4.7.5 – Care shall be used in the disposal or
9. Restrict physical access to cardholder data destruction of personal information
Exchange of Information • Control Activities Arrangement (R) as unauthorized access, disclosure, copying, use,
To maintain the security of information and software • Information and Communication Protect Cardholder Data: or modification.
exchanged within an organization and with any external • Monitoring Technical Standard: 4. Encrypt transmissions of cardholder data and sensitive
entity a) 2. Encryption and Decryption (A) information across public networks
(d) Person or Entity Authentication (R)
(e) 1. Transmission Security Implement Strong Access Control Measures:
(e) 2. Integrity Controls (A) 8. Assign a unique ID to each person with computer access
Electronic Commerce Services protect data as unauthorized access, disclosure, copying, use,
To ensure the security of electronic commerce services, 2. Do not use vendor-supplied defaults for system passwords or modification.
and their secure use. and other security parameters
Application and Information Access Control Modification (A) passwords • 007 – Systems Security as unauthorized access, disclosure, copying, use,
To prevent unauthorized access to information held in a) 5. Password Management (A) Management or modification.
application systems. Maintain a Vulnerability Management System:
Technical Standard: 6. Develop and maintain secure systems and applications • 4.7.3 – Methods of protection should include:
a) 2. Unique User Identification (R) (c) technological measures, for example, the use
d) Person or Entity Authentication (R) Implement Strong Access Control Measures: of passwords and encryption
8. Assign a unique ID to each person with computer access
Correct Processing in Applications Software Controls (A) purposes for which it is to be used
To prevent errors, loss, unauthorized modification
or misuse of information in applications • 4.7.1 – The security safeguards shall protect
personal information against loss or theft, as well
as unauthorized access, disclosure, copying, use,
or modification.
Cryptographic Controls e) 2. Transmission Security – Encryption (A) information across public networks passwords and encryption
To protect the confidentiality, authenticity or integrity
of information by cryptographic means.
SECTION: 15 Compliance
* 12 CFR Part 364 of Interagency Guidelines Establishing Standards for Safeguarding Customer Information and Rescission of Year 2000 Standards for Safety and Soundness; Final Rule © 2006 Symantec Corporations. All rights reserved. 10713777
www.symantec.com/compliance