Cloud Architecture Risk Program Considerations

security

October 24, 2012

Information Systems Risk Management Program

Purpose
Policy Statement
Responsibilities
Information Security Risk Management Program
Risk Assessment Process
Description of Preventative Measures
Description of Detection Measures
Incident Response Plan
- Recovery Procedures
- Logging and Reporting
Assessment of Risks, Controls, and Response Priorities
- Incident Response Team plan (Included)

Information Security Program

Introduction
Policy Statement
Information Security Risk Management Program
Types of Controls
Information Security Officer
Security Administrators
Logical Access Restrictions – User ID’s and Passwords
- Minimum Password Requirements
- Passwords are Authority to Act
- Confidentiality of Passwords
- Reporting Compromises of Passwords
- Requests for System Access
- Employee Terminations
- Quarterly Review of Security Access Levels
Description of Network and System Security
- Core Processor
- Open Systems and Microsoft Windows Server
- Remote Access and Firewalls
Security Monitoring Responsibilities
- Core System Reports
- Open Systems and Microsoft Windows Server
- Remote Access and Firewall
Security Parameter Settings
Security Program Bulletins, Patches and Upgrades
Other Preventative Measures and Controls
- Data Entry Controls
- Data Integrity
Input and Output Controls
Telecommunications Access Controls
Transmission Controls

System and Documentation Backups

Physical Security

End-User Computing

Software Documentation

Viruses

PC Policy

Disposal of Obsolete Equipment

Authorized Security Administrators (Included)

Blog