Siêu thị PDFTải ngay đi em, trời tối mất

Thư viện tri thức trực tuyến

Kho tài liệu với 50,000+ tài liệu học thuật

Trang chủ
Đăng nhập
Đăng ký
Mới

Đăng ký tài khoản mới

AI Tư vấn
Mới

Trợ lý thông minh tìm tài liệu

Liên hệ fanpage

Hỗ trợ tìm tài liệu

© 2023 Siêu thị PDF - Kho tài liệu học thuật hàng đầu Việt Nam

Tài liệu SANS Institute Security Consensus Operational Readiness Evaluation pdf
MIỄN PHÍ
Số trang
49
Kích thước
630.2 KB
Định dạng
PDF
Lượt xem
1769

Tài liệu SANS Institute Security Consensus Operational Readiness Evaluation pdf

Nội dung xem thử

Mô tả chi tiết

Interested in learning more

about security

management?

SANS Institute

Security Consensus Operational Readiness Evaluation

This checklist is from the SCORE Checklist Project. Reposting is not permited without express, written permission.

ISO 17799 Checklist

Copyright SANS Institute

Author Retains Full Rights

Information Security Management

BS 7799.2:2002

Audit Check List

for SANS

Author: Val Thiagarajan B.E., M.Comp, CCSE, MCSE, SPS (FW), IT Security Consultant.

Approved by: Algis Kibirkstis

Owner: SANS

Extracts from BS 7799 part 1: 1999 are reproduced with the permission of BSI under license number 2003DH0251. British Standards can be purchased from BSI Customer

Services, 389 Chiswick High Road, London W4 4AL. Tel : 44 (0)20 8996 9001. email: [email protected]

SANS Institute

BS 7799 Audit Checklist

6/08/2003

Author: Val Thiagarajan | Approved by: Algis Kibirkstis | Owner: SANS Institute

Page - 2

Table of Contents

Security Policy 9

Information security policy..................................................................................................................................................................... 9

Information security policy document ................................................................................................................................................ 9

Review and evaluation........................................................................................................................................................................ 9

Organisational Security 10

Information security infrastructure ....................................................................................................................................................... 10

Management information security forum ......................................................................................................................................... 10

Information security coordination..................................................................................................................................................... 10

Allocation of information security responsibilities........................................................................................................................... 10

Authorisation process for information processing facilities............................................................................................................. 10

Specialist information security advise .............................................................................................................................................. 11

Co-operation between organisations................................................................................................................................................. 11

Independent review of information security..................................................................................................................................... 11

Security of third party access................................................................................................................................................................ 11

Identification of risks from third party access .................................................................................................................................. 11

Security requirements in third party contracts.................................................................................................................................. 12

Outsourcing........................................................................................................................................................................................... 12

Security requirements in outsourcing contracts................................................................................................................................ 12

Asset classification and control 12

Accountability of assets........................................................................................................................................................................ 12

Inventory of assets ............................................................................................................................................................................ 12

Information classification ..................................................................................................................................................................... 12

Classification guidelines................................................................................................................................................................... 12

Information labelling and handling................................................................................................................................................... 12

SANS Institute

BS 7799 Audit Checklist

6/08/2003

Author: Val Thiagarajan | Approved by: Algis Kibirkstis | Owner: SANS Institute

Page - 3

Personnel security 12

Security in job definition and Resourcing ............................................................................................................................................ 12

Including security in job responsibilities.......................................................................................................................................... 12

Personnel screening and policy......................................................................................................................................................... 12

Confidentiality agreements............................................................................................................................................................... 12

Terms and conditions of employment............................................................................................................................................... 12

User training.......................................................................................................................................................................................... 12

Information security education and training ..................................................................................................................................... 12

Responding to security incidents and malfunctions.............................................................................................................................. 12

Reporting security incidents.............................................................................................................................................................. 12

Reporting security weaknesses ......................................................................................................................................................... 12

Reporting software malfunctions...................................................................................................................................................... 12

Learning from incidents.................................................................................................................................................................... 12

Disciplinary process.......................................................................................................................................................................... 12

Physical and Environmental Security 12

Secure Area ........................................................................................................................................................................................... 12

Physical Security Perimeter.............................................................................................................................................................. 12

Physical entry Controls ..................................................................................................................................................................... 12

Securing Offices, rooms and facilities.............................................................................................................................................. 12

Working in Secure Areas.................................................................................................................................................................. 12

Isolated delivery and loading areas................................................................................................................................................... 12

Equipment Security............................................................................................................................................................................... 12

Equipment siting protection.............................................................................................................................................................. 12

Power Supplies.................................................................................................................................................................................. 12

Cabling Security................................................................................................................................................................................ 12

Equipment Maintenance ................................................................................................................................................................... 12

Securing of equipment off-premises................................................................................................................................................. 12

Secure disposal or re-use of equipment ............................................................................................................................................ 12

General Controls................................................................................................................................................................................... 12

Tài liệu tương tự (6)

Xem tất cả
T
MIỄN PHÍ
6216 lượt xem

Tài liệu SANS Institute Product Review: Oracle Audit Vault pptx

Xem chi tiết
T
PREMIUM
1554 lượt xem

Syngress building SANs with brocade fabric switches kho tài liệu training

Xem chi tiết
T
PREMIUM
3885 lượt xem

Tài liệu Hindu Tales from the Sanskrit Translated doc

Xem chi tiết
T
MIỄN PHÍ
5439 lượt xem

Tài liệu Making Database Security an IT Security Priority: A SANS Whitepaper – November 2009 pptx

Xem chi tiết
T
MIỄN PHÍ
3108 lượt xem

Tài liệu

Xem chi tiết
T
MIỄN PHÍ
3108 lượt xem

tài liệu

Xem chi tiết
Tải ngay đi em, còn do dự, trời tối mất!