|
Politikker, retningslinier og standarder. Politikker, retningslinier eller standarder er vigtige set ud fra et sikkerhedsmæssigt synspunkt.
Det kan virke som et stort arbejde,
at skulle opbygge standarder for deres virksomhed ud fra ovenstående,
men her kan vi med vores erfaring hjælpe og ved præsis, hvor vi skal
sætte ind. Vi har endog udarbejdet basisstandarder som kan tilpasses
jeres behov.
Hovedpunkterne for en virksomheds politikker kan deles op på følgende måde: 1. Risk assessment 2. Security policy - management direction 3. Organization of information security - governance of information security 4. Asset management - inventory and classification of information assets 5. Human resources security - security aspects for employees joining, moving and leaving an organization 6. Physical and environmental security - protection of the computer facilities 7. Communications and operations management - management of technical security controls in systems and networks 8. Access control - restriction of access rights to networks, systems, applications, functions and data 9. Information systems acquisition, development and maintenance - building security into applications 10. Information security incident management - anticipating and responding appropriately to information security breaches 11. Business continuity management - protecting, maintaining and recovering business-critical processes and systems 12. Compliance - ensuring conformance with information security policies, standards, laws and regulations Hvis deres virksomhed er registreret på den amerikanske børs, er det ikke nok med ISO17799 eller IEC27002, men derimod skal vi forholde os til Sarbanes-Oxley... |
|