freepeople性欧美熟妇, 色戒完整版无删减158分钟hd, 无码精品国产vα在线观看DVD, 丰满少妇伦精品无码专区在线观看,艾栗栗与纹身男宾馆3p50分钟,国产AV片在线观看,黑人与美女高潮,18岁女RAPPERDISSSUBS,国产手机在机看影片

正文內(nèi)容

informationsecuritymanagement-1(doc81)-it-在線瀏覽

2024-10-18 23:53本頁面
  

【正文】 s 39 Security of system documentation 39 Exchanges of information and software 40 Information and software exchange agreements 40 Security of media in transit 40 Electronic merce security 41 Security of electronic mail 41 Security of electronic office systems 42 Publicly available systems 43 Other forms of information exchange 43 9 ACCESS CONTROL 45 Business requirement for access control 45 Access control policy 45 User access management 46 User registration 46 Privilege management 46 User password management 47 Review of user access rights 47 User responsibilities 48 Password use 48 Unattended user equipment 48 Network access control 49 Policy on use of work services 49 Enforced path 49 User authentication for external connections 50 Node authentication 50 Remote diagnostic port protection 50 Segregation in works 50 Network connection control 51 Network routing control 51 Security of work services 51 Operating system access control 52 Automatic terminal identification 52 Terminal logon procedures 52 User identification and authentication 53 Password management system 53 Use of system utilities 53 Duress alarm to safeguard users 54 Terminal timeout 54 Limitation of connection time 54 Application access control 55 Information access restriction 55 Sensitive system isolation 55 Monitoring system access and use 56 Event logging 56 Monitoring system use 56 Clock synchronization 57 Mobile puting and teleworking 58 Mobile puting 58 Teleworking 58 10 SYSTEMS DEVELOPMENT AND MAINTENANCE 60 Security requirements of systems 60 Security requirements analysis and specification 60 Security in application systems 60 Input data validation 60 Control of internal processing 61 Message authentication 61 Output data validation 62 Cryptographic controls 62 Policy on the use of cryptographic controls 62 Encryption 63 Digital signatures 63 Nonrepudiation services 63 Key management 63 Security of system files 65 Control of operational software 65 Protection of system test data 65 Access control to program source library 65 Security in development and support processes 66 Change control procedures 66 Technical review of operating system changes 67 Restrictions on changes to software packages 67 Covert channels and Trojan code 67 Outsourced software development 68 11 BUSINESS CONTINUITY MANAGEMENT 69 Aspects of business continuity management 69 Business continuity management process 69 Business continuity and impact analysis 69 Writing and implementing continuity plans 70 Business continuity planning framework 70 Testing, maintaining and reassessing business continuity plans 71 12 COMPLIANCE 72 Compliance with legal requirements 72 Identification of applicable legislation 72 Intellectual property rights (IPR) 72 Safeguarding of anizational records 73 Data protection and privacy of personal information 73 Prevention of misuse of information processing facilities 74 Regulation of cryptographic controls 74 Collection of evidence 74 Reviews of security policy and technical pliance 75 Compliance with security policy 75 Technical pliance checking 75 System audit considerations 76 System audit controls 76 Protection of system audit tools 76 1 Scope This part of BS 7799 gives remendations for information security management for use by those who are responsible for initiating, implementing or maintaining security in their anization. It is intended to provide a mon basis for developing anizational security standards and effective security management practice and to provide confidence in interanizational dealings. 2 Terms and definitions For the purposes of this document, the following definitions apply. Information security Preservation of confidentiality, integrity and availability of information NOTE Confidentiality is defined as ensuring that information is accessible only to those authorized to have access. Integrity is defined as safeguarding the accuracy and pleteness of information and processing methods. Availability is defined as ensuring that authorized users have access to information and associated assets when required. Risk assessment Assessment of threats to, impacts on and vulnerabilities of information and information processing facilities and the likelihood of their occurrence Risk management Process of identifying, controlling and minimizing or eliminating security risks that may affect information systems, for an acceptable cost 3 Security policy Information security policy Objective: To provide management direction and support for information security. Management should set a clear policy direction and demonstrate support for, and mitment to, information security through the issue and maintenance of an information security policy across the anization. Information security policy document A policy document should be approved by management, published and municated, as appropriate, to all employees. It should state management mitment and set out the anization’s approach to managing information security. As a minimum, the following guidance should be included: a) a definition of information security, its overall objectives and scope and the importance of security as an enabling mechanism for information sharing (see introduction)。 c) a brief explanation of the security policies, principles, standards and pliance requirements of particular importance to the anization, for example: 1) pliance with legislative and contractual requirements。 3) prevention and detection of viruses and other malicious software。 5) consequences of security policy violations。 e) references to documentation which may support the policy, . m
點擊復(fù)制文檔內(nèi)容
黨政相關(guān)相關(guān)推薦
文庫吧 www.dybbs8.com
備案圖鄂ICP備17016276號-1