Abstract: . . .  terminal time-outs • limitations on connect time 9.6 Application access should be restricted to authorized users by: • the application of a defined access control policy • use of control mechanisms such as menus, restricting knowledge, controlling the transaction rights of users (read/write/delete) • isolation of sensitive systems 9.7 System access and user should be monitored to detect deviation from policy and to record evidence and should include: • event logging (users ID, date and time, terminal identity, successful and unsuccessful access to system and/or data • monitoring of system for procedures . . .
. . .  word-for-word from BS 7799 Security Standard published by the British Standards Institute. The ISO 17799 Code of Practice opens with an Introduction describing Information Security, why it is needed, how to assess security requirements and how to assess risks and assign controls. Sections #1 & #2 of ISO 17799 describe the Scope of the Standard, and define the Terms and Definitions. The following synopsis describes the 10 sections from #3 - #13, which provide the working objectives of the standard Code of Practice. It is organized into ten major sections, each covering a different topic or area: 1. Scope . . .
. . .  Compliance with Legal requirements includes the following: • identification of applicable legislation • intellectual property rights • copywrite Page 10 10 of 10 • software copywrite • safeguarding of organizational records • data protection and privacy of personal information • prevention of misuse of information processing facilities • regulation of cryptographic controls • collection of evidence including admissibility, rules of evidence, and quality and completeness • review of security policy and technical compliance Last Updated: October 19, 2001  . . .
. . .  safeguarding of organizational records • data protection and privacy of personal information • prevention of misuse of information processing facilities • regulation of cryptographic controls • collection of evidence including admissibility, rules of evidence, and quality and completeness • review of security policy and technical compliance Last Updated: October 19, 2001  . . .
. . .  support must have in place: • change control procedures • a technical review of operating system changes • restrictions on changes to software packages • control over outsourced software development 11 Business Continuity Management 11.1 Aspects of Business Continuity include: • business continuity management process • business continuity and impact analysis • writing and implementing plans • business continuity planning framework • testing, maintaining and re-assessing the plans 12 Compliance 12.1 Compliance with Legal requirements includes the following: • identification of applicable legislation . . .
--3000,5,300,3110,20479