Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
Whether there exists an Information security policy, which is approved by the management, published and communicated as appropriate to all employees. Whether it states the management commitment and set out the organisational approach to managing information security. | Information Security Management BS 7799.2 2002 Audit Check List for SANS Author Val Thiagarajan B.E. M.Comp CCSE MCSE SPS FW IT Security Consultant. Approved by Algis Kibirkstis Owner SANS Extracts from BS 7799 part 1 1999 are reproduced with the permission of BSI under license number 2003DH0251. British Standards can be purchased from BSI Customer Services 389 Chiswick High Road London W4 4AL. Tel 44 0 20 8996 9001. email customerservices@bsi-global.com SANS Institute BS 7799 Audit Checklist 6 08 2003 Table of Contents Security Policy 9 Information security policy.9 Information security policy document.9 Review and evaluation.9 Organisational Security 10 Information security infrastructure.10 Management information security forum.10 Information security coordination.10 Allocation of information security responsibilities.10 Authorisation process for information processing facilities.10 Specialist information security advise.11 Co-operation between organisations.11 Independent review of information security.11 Security of third party access.11 Identification of risks from third party access.11 Security requirements in third party contracts.12 Outsourcing.12 Security requirements in outsourcing contracts.12 Asset classification and control 12 Accountability of assets.12 Inventory of assets.12 Information classification.12 Classification guidelines.12 Information labelling and handling.12 Author Val Thiagarajan Approved by Algis Kibirkstis Owner SANS Institute Page - 2 SANS Institute BS 7799 Audit Checklist 6 08 2003 Personnel security 12 Security in job definition and Resourcing.12 Including security in job responsibilities.12 Personnel screening and policy.12 Confidentiality agreements.12 Terms and conditions of employment.12 User training.12 Information security education and training.12 Responding to security incidents and malfunctions.12 Reporting security incidents.12 Reporting security weaknesses.12 Reporting software malfunctions.12 Learning from incidents.12
