Security of the facilities 1 4.1.1. Physical entry controls 1 4.1.2. Security offices, rooms and facilities 1 4.1.3. Isolated delivery and loading areas 2 4.2. Security of the information systems 2 4.2.1. Workplace protection 2 4.2.2. Unused ports and cabling 2 4.2.3. Network/server equipment 2 4.2.4. Equipment maintenance 2 4.2.5. Security of laptops/roaming equipment 2 5. Access Control Policy 2 6. Network Security Policy 3 7. References
Words: 4350 - Pages: 18
Security of the facilities 1 4.1.1. Physical entry controls 1 4.1.2. Security offices, rooms and facilities 1 4.1.3. Isolated delivery and loading areas 2 4.2. Security of the information systems 2 4.2.1. Workplace protection 2 4.2.2. Unused ports and cabling 2 4.2.3. Network/server equipment 2 4.2.4. Equipment maintenance 2 4.2.5. Security of laptops/roaming equipment 2 5. Access Control Policy 2 6. Network Security Policy 3 7. References
Words: 3916 - Pages: 16
Unit 4 Assignment 1 An access control plan is a must have due to the “cyber society” we live in today. Without a concrete plan your organization is vulnerable to various cyber attacks that may cause to be detrimental to your company. The main objective to the access control plan is to minimize the probability of negative events. In order for this plan to be effective your must have an efficient and reliable process of identifying, analyzing, and responding to specific events prior to them happening
Words: 337 - Pages: 2
Segregation of Duties One element of IT audit is to audit the IT function. While there are many important aspects of the IT function that need to be addressed in an audit or risk assessment, the fundamental element of internal control is the segregation of certain key duties, especially as it relates to risk. The basic idea underlying segregation of duties (SOD) is that no single employee should be in a position both to perpetrate and to conceal errors or fraud in the normal course of their duties
Words: 2548 - Pages: 11
So, let’s begin. First, let me explain to you what “Internal Use Only” data clarification standard means. A standard is a detailed written definition we here at Richman Investments have come up with. It is to help put in place certain security controls that are used throughout our information technology infrastructure and how you need to abide by this. The second part of this is the “Internal Use Only”. This is information we have here that is only to be shared internally between this organization
Words: 940 - Pages: 4
Security of the facilities 1 4.1.1. Physical entry controls 1 4.1.2. Security offices, rooms and facilities 1 4.1.3. Isolated delivery and loading areas 2 4.2. Security of the information systems 2 4.2.1. Workplace protection 2 4.2.2. Unused ports and cabling 2 4.2.3. Network/server equipment 2 4.2.4. Equipment maintenance 2 4.2.5. Security of laptops/roaming equipment 2 5. Access Control Policy 2 6. Network Security Policy 3 7. References
Words: 4226 - Pages: 17
input into or responsibility for its content. ISACA makes no claim that the Segregation of Duties Control Matrix is an industry standard. The material is solely intended as a general guideline to assist in identifying potential conflicts. Functions, designations, nature of business processes, technology deployed and risks may vary from one organization to another. In determining the proper controls, the IS auditing professional should apply his or her own professional judgment to the specific circumstances
Words: 1893 - Pages: 8
What is the significance of obtaining a Non-Disclosure Agreement from third parties? To ensure the confidentiality of company data that they may have access to 3. Which two major cities have conducted full-scale simulations of bioterror and nuke attacks? New york and DC 4. What kind of facilities are specified in the physical security perimeter control? All information processing facilities 5. Which of the following best represents the principle of “economy of mechanism?” run only the services and
Words: 1946 - Pages: 8
difference) 2. Gramm-Leach-Bliley Act (GLBA) – a U.S. federal law requiring banking and financial institutions to protect customers’ private data and have proper security controls in place. 3. Data Classification Standard – that defines how to treat data throughout your IT infrastructure. This is the road map for identifying what controls are needed to keep data safe. A definition of different data types. 4. IT Security Policy Framework- a set of rules for security. The framework is hierarchical
Words: 1761 - Pages: 8
minimize loss which reduces monetary loss and time for the organization. P4. The information assurance control procedures are the identification of assets, the classification of assets. The goals are to protect the confidentiality, integrity of availability of information by providing control measures. They are important because a company assets need to controlled due to so many exposures. The control procedures are used as a set of process and guidelines to ensure that an asset is classified correctly
Words: 1525 - Pages: 7
