Please enable JavaScript.

Coggle requires JavaScript to display documents.

8.5.5 (4) 9.5.5 6.5 (DATA CLASSIFICATION (How data is classified? (Data…

- - - - faster performance but not flexible and scalable as software based firewalls
    - - Slower than hardware based however Flexible
        
        Additional service :- may include content and virus
        checking, before traffic is passed to users.
    - - When the attacks on OSs succeed, the firewall is compromised. Appliance-type firewalls are, generally, significantly faster to set up and recover
- - - - without conforming to change control procedures.
      - without authorization
    - - • Ensure SoD among .
        
        software development
        
        software administration
        
        ,and computer operations
      - • Restrict the software development team’s access to the development environment only.
      - • Restrict access to the software source codes.
      - Controls to detect unauthorized changes to software
        
        software code
        comparison utilities
      - Controls for Unauthorized changes to configurations/parameters
        
        detected through logging and monitoring system administrator activities
      - Changes to data
        
        through the applications.
        
        Application access control mechanisms and built in application controls normally prevent unauthorized access to data.
- - - - Followed by regular assessment to ensure that they are still in place and operating effectively.
  - - - A shadow IT policy that aligns with business objectives and support security requirements.
    - - A culture that encourages and rewards the achievement of a strong and supportive relationship between the IT department and business units, with IT functioning in a consultative way.
    - - A requirement that the IT department review and approve all IT related purchases.
    - - consolidating applications to facilitate data management and consolidation of environments (e.g. datacenters) and overall technology footprint.
      - Limiting the number of service providers, networks, platforms, devices and/or media used to store, process or transmit data and
    - - User administration rights or dataaccess rights that are explicitly assigned. Unassigned users cannot freely install or adopt new applications.
    - - A formal IT user education program targeted at personnel in all business units.
    - - Recording and monitoring user activity.
    - - Establishing strong end-point controls.
- - - - , it is possible to define the LEVEL OF ACCESS CONTROLS that should be applied to each information asset.
    - - it helps to build and maintain a consistent perspective of the security requirements for information assets throughout the organization
  - - - to assist with determining who should be able to access what, and the most appropriate level of such access
  - - - • Importance of the information asset
      - • Information asset owner
      - • Process for granting access
      - • Person responsible for approving the access rights and access levels
      - • Extent and depth of security controls
    - - for maintaining privacy, confidentiality, integrity and availability of information
    - - uniform treatment of data, through applying level specific policies and procedures rather than addressing each type of information.
  - - - Users might reveal confidential information because they did not know that the requirements prohibited disclosure