Please enable JavaScript.
Coggle requires JavaScript to display documents.
Group Security Policy Purpose & Audience (Group Guideline :star:…
Group Security Policy
Purpose & Audience
Group Manual: Real Estate Safety and Security
:star:
TOOL
[Excel]
Safety and Security Requirements for Telenor Premises
Attachment to Group Manual Real Estate Safety and Security
Technical Premises
Administrative Premises
Commercial
Warehouse
Management
Real Estate
Facilities
Classification of Premises
Administrative
A1 – premises containing functions and/or values with low significance for
Business Unit’s complete operations.
A2 – premises containing functions and/or values with high significance for
the Business Unit.
A3 – premises containing functions and/or values with very high
significance for the Business Unit.
Technical Premises
T1 – Technical premises or space containing functions and/or values with
Low significance for the Business Unit. Significance shall be seen in
T2 – Technical premises or space containing functions and/or values with
Medium to high significance for the Business Unit.
T3 – Technical premises or space containing functions and/or values with very high significance for the Business Unit.
T4 – Technical premises or space containing functions and/or values with
vital significance for the Business Unit and/or society.
Commercial Area
Shop & Retail Spaces
Group Manual: Information Security and Physical Security
:star:
TOOL [EXCEL]
Group Template Classification of Information Systems
Financial
System of high value?...
Market
Is the system important regarding services/products offered to the market? ...
Dependency
How critical is the system to the BU?
External Framework & Expectation
Is the use of the system governed by any external regulation, license?
Security profile
Is the system a security product?
Purpose
This Group Manual sets out mandatory requirements for the Business Units in
Telenor to support the implementation of the principles in “Group Policy Safety
and Security”.
The purpose is to achieve and maintain Confidentiality, Integrity and Availability
of Information and Information Processing Facilities, including telecommunication
systems and infrastructure and to protect against cyber-crime, fraudulent
activities, information loss and other Security risks and threats.
Scope
developed, implemented, monitored and enforced as
part of “Governance in Telenor” in accordance with requirements in the docs
Governing Principles document.
Parts
1) Roles and Responsibility, describing roles and responsibility for Security._
2) Management System, describing the purpose and requirements
regarding a management system for Information Security and Physical Security.
3) General Security Requirements, describing mandatory requirements for
both Information Security and Physical Security.
4) Information Security Requirements, describing additional mandatory requirements for Information Security.
5) Physical Security Requirements, describing additional mandatory requirements for Physical Security.
Group Policy : :star:
Reference
• Group Manual Information Security and Physical Security
• Group Manual Real Estate Safety and Security
• Group Manual Service Fraud Management : :question:
• Group Policy Sourcing :question:
Requirement
2.1 Management system
2.2 Security risk and vulnerability management
2.3 Incident management
2.4 Awareness
2.5 Real estate
2.6 Fraud management
2.7 Vendors and partners
2.8 Access control
2.9 Monitoring
2.10 Classification of assets
Reporting
The BSO shall report on the security strategy execution, security risks, security incidents, KPIs, and the status of business security in general (information security, physical security and service fraud) to Group Business Security Officer as set out in the manuals to this policy.
Group Guideline
:star:
CLOUD : SECURITY :
Purpose
provide security support for evaluating
security of Cloud Service solutions
External
AWS
Google
Target Audience
Read, understood & used by
• Sourcing experts
• Project managers
• Project owners
• IT and security architects
IMPLEMENTATION OF Security Management Systems
Support the Business Units in implementation
of a Management System
for Information Security and Physical
Explain what a Management System is
Detail the minimum requirements
Simplify the process of implementing a Management System
Have a standardised approach towards Management Systems across all Business Units to facilitate learning
follow-up, reporting
Clarify how the implementation and compliance with such a Management
System will be monitored and measured by the Group.
SECURE CONFERENCE ROOM
Target audience
Business Security Officers
physical security functions (responsible, managers, experts, etc.)
Real Estate
, architects
supplementary to
• Group Policy Security
• Group Manual Information Security and Physical Security
• Group Manual Real Estate Safety and Security
Dev based on Req. stated by Telenor Eiendom
SECURITY CLASSIFICATION INFORMATION :red_flag:
Purpose
to provide support to all employees for security classification of information and handling of classified information
The guideline can be edited by the Business Units to reflect local requirements and then used as local regulations for handling of information, which is a required document according to “Group Manual Information Security and Physical Security”.
Scope
contribute to the implementation of principles for security classification of information in
“Group Manual Information Security and Physical Security”.
SECURITY IN AGILE DEVELOPMENT
Scope
applies to all software development teams in Telenor that deploy agile methodologies, including external partners
Target Audience
Product owners
Project managers
Security Professionals
Software developers
Tech leads
Outline
1st
Agile concept
Concept of DevOps
Continuous Integration and Continuous Delivery
2nd
how to deploy security in the agile software development lifecycle in Telenor
3rd
reflect on the organisation of security in the agile enterprise.
SECURITY IN PROJECTS
Objective
support for the implementation of the Group Policy Security and Group Manual Information Security and Physical Security for projects.
based on security focused risk assessment and risk management.
Scope
• supporting tool for what activities and deliveries are necessary to discover and address security related risks and requirements in projects
• The Telenor Project Methodology is used as base for the project phases and decision points.
• In cases when other project methodologies are used or the project has extended physical security or fraud relevance, contact Group Business Security for custom guidance.
Target audience
Read, understood & used by
• Project owners
• Steering committee members
• Project managers
• Security personnel
Outline
• Chapter 2: overview required deliverables set for the different project phases.
• Chapter 3 describes the security relevant roles and responsibilities for the different participants of a typical project.
• Chapter 4, 5 and 6 more detailed description of the required deliveries for the different project phases, including guidance on how to produce those deliverables.
• Chapter 7 provides additional guidance on how to approach and conduct security focused risk assessment.