| Security Policy |
| This introductory section outlines the need for a corporate information security policy which is documented and available to all staff. It should cover; | 
| a definition of information security | |
| a statement of management intention supporting the goals and principles of information security | |
| allocation of responsibilities for every aspect of implementation | |
| an explanation of specific applicable proprietary and general, principles, standards and compliance
requirements. | |
| an explanation of the process for reporting of suspected security incidents | |
| a defined review process for maintaining the policy document? | |
| means for assessing the effectiveness of the policy embracing cost and technological changes | |
| nomination of the policy owner |
|
|
|
| Security Organisation |
| This section explains how to set up the management structure for maintaining information
security. The main subjects covered are; |
| The setting up of a management forum | |
| The roles of the forum | |
| Allocation of security responsibilities | |
| Establishment of an authorisation process for new hardware and software purchases. | |
| This section also covers access to corporate data by third parties, and the steps needed to prevent and
detect unauthorised access of this kind. |
|
|
|
| Assets classification and control |
| This section concerns the protection of company assets. It deals with the establishment of an asset register
for hardware, software and information, and offers advice on classifying and labeling assets. |
|
|
| Personnel Security |
| This section covers the risks to data and systems by deliberate and accidental human action such as user error, fraud and theft.
Among the subjects covered are: |
| How to make security responsibilities part of a formal job description | |
| How to screen potential staff, such as by taking up references | |
| Training of staff in basic security awareness | |
| Establishing a framework to ensure that security incidents and suspected weaknesses are reported
through the correct channels. |
|
|
|
| Physical and environmental security |
| The main items covered in this section are; |
| The need to establish secure areas with physical entry controls | |
| The need to physically protect hardware equipment to prevent theft | |
| The need to protect network cabling from tampering | |
| Security of equipment taken off site or sent for disposal |
|
|
|
| Communications and Operations Management |
| This is a large section and deals with security for computer systems. It explains the main areas of risk of which you need to be aware, but stops short of explaining the technical measures necessary. The following issues are covered; |
| Viruses | |
| Malicious software | |
| Change control | |
| Backup | |
| The keeping of accurate access logs | |
| Security of system documentation | |
| Disposal of media | |
| Protection and authentication of data during transfers and in transit | |
| Security of Email |
|
|
|
| System Access control |
| This section explains access control and how it can be applied to different types of system.
Items covered include; |
| issue and usage of passwords | |
| duress alarms | |
| automatic terminal time outs | |
| physical access to terminals | |
| software metering/monitoring |
|
|
|
| System development and maintenance |
| This section deals with the acquisition of new systems and modification to existing ones. Areas covered include; |
| input data validation | |
| data encryption | |
| security of data files | |
| protection of test data. | |
| The section also discussed procedures for departments where software development and maintenance is performed, including configuration management, change control and protection of data. |
|
|
|
| Business continuity management |
| This is an overview of the case for a comprehensive business continuity plan which should be designed, implemented, tested
and maintained. |
|
|
| Compliance |
| There are many areas in which an organisation needs to ensure that it compiles with its legal and contractual obligations. This section and explains the need to comply with legislation such as; |
| The Data Protection Act 1998 | |
| The Companies Act | | | Contractual commitments (such as software licenses) | Upcoming legislation such as the new competition and distance selling legislation would also come into
the scope of this section. The organisation is given advice on how to ensure that it does comply and is able to demonstrate through audit and other procedures that it has done so. |
Chuyên gia mạng Microsoft | MCSE Security Certificate . Cách nhanh nhất để trở thành MCSE
Các bộ training lab tiếng Việt rất hay, đặt mua eLAB sẽ được vào các private room trên diễn đàn...
Giới thiệu chương trình đào tạo 
Hỏi | Đáp
IBM - Viet Nam
Ngân Hàng ANZ 
Ngân Hàng ACB 
Ngân Hàng EAB 
Đông Dương ICT 
Khóa học : Web Hacking Exposed đầu tiên tại Việt Nam ... 
Cần trợ giúp, hướng dẫn sử dụng hãy liên lạc Yahoo ! KillerGM_KillerGM (Mr Băng - 0905329271). Hướng dẫn đăng kí, hổ trợ kỹ thuật liên hệ Yahoo ! TruongTinHocTrucTuyen (NTT. Vinh - 0983100963) .Liên lạc mở account, nick bị ban hay gặp sự cố về tài khoản hãy liên lạc A. Duy 0913474555 
Các bạn có thể nhận và gởi mail dễ dàng với Thunderbird, ứng dụng hoàn toàn miễn phí, cross-platform . Xem thêm
Firefox giúp duyệt web nhanh chóng và an toàn hơn, hãy tối ưu đường truyền với trình duyệt miễn phí, mạnh mẽ này... 