|
Newstaff, Inc.Information Security ServicesBritish Standard 7799 Computer and Network Security |
- To ensure the correct and secure operation of information processing facilities
- To minimize the risk of systems failures
- To protect the integrity of software and information
- To maintain the integrity and availability of information processing and communication
- To ensure the safeguarding of information in networks and the protection of the supporting infrastructure
- To prevent damage to assets and interruptions to business activities
- To prevent loss, modification or misuse of information exchanged between organizations
- development of operating instructions and incident response procedures
- documented operating procedures
- operational change control procedures
- incident management procedures
- segregation of duties to reduce risk of negligent or deliberate misuse
- separation of development and operational facilities
- external facilities management
- system planning and acceptance
- user awareness procedures
- detection controls
- prevention controls
- security awareness, system access and change management
- policy requiring compliance with licenses
- regular updates of anti-virus software
- control of file access via external networks
- control over email attachments, or anything of uncertain origin
- recovery processes
- up to date information on security warnings
- regular reviews of software and systems
- information backup
- operator logs
- operational responsibility
- management of remote equipment
- special controls when using public networks
- consistent application across the system
- the management of removable computer media
- disposal of media
- specific information handling procedures
- secure system documentation
- be compliant with relevant legislation
- be carried out on the basis of information and software exchange agreements
- be protected in transit
- include an understanding regarding EDI, email and e-commerce
- include policies on electronic mail
- include an understanding of the security risks
- address the security of office systems
- pay attention to publicly available systems
- include all forms of information exchange
Operational procedures and responsibilities will ensure correct and secure information processing and should address:
Protection against malicious software must be available in order to protect the integrity of software and information. Precautions to prevent and detect malicious software should include:
Housekeeping procedures to maintain integrity and availability of information processing and communication services. Such housekeeping processes include:
Network management includes attention to network controls which address:
Media handling and security should include proper controls to protect all types of media with attention to:
Exchanges of information and software must be controlled and must:
Contact Us for a proposal!
Security Information
Security Criteria
BS 7799
Security Policy
Security Organization
Assets Control
Personnel Security
Physical Security
Computer, Network
Access Control
Development Controls
Continuity Planning
Compliance, Auditing