P. 1
Electronic Information Security Standards Assessment

Electronic Information Security Standards Assessment

5.0

|Views: 129|Likes:
Published by Bob Stewart
View in full at http://OpenSDLC.org Open SDLC Systems Development Life Cycle Project
"An open Information Technology Infrastructure Library® ITIL® alternative."

OpenSDLC is a Capabilities Maturity Model Integrated (CMMI) International Standards Organization (ISO) quality, Service Oriented Architecture (SOA), Software as a Service (SaaS), Systems Development Life Cycle (SDLC).

OpenSDLC provides a consistent peer-reviewed framework for the planning, definition, design, implementation, testing and operational deployment of hardware, software and management systems supporting enterprise class technology products, services, programs and projects.
Download the original editable files at http://OpenSDLC.org
View in full at http://OpenSDLC.org Open SDLC Systems Development Life Cycle Project
"An open Information Technology Infrastructure Library® ITIL® alternative."

OpenSDLC is a Capabilities Maturity Model Integrated (CMMI) International Standards Organization (ISO) quality, Service Oriented Architecture (SOA), Software as a Service (SaaS), Systems Development Life Cycle (SDLC).

OpenSDLC provides a consistent peer-reviewed framework for the planning, definition, design, implementation, testing and operational deployment of hardware, software and management systems supporting enterprise class technology products, services, programs and projects.
Download the original editable files at http://OpenSDLC.org

More info:

Published by: Bob Stewart on Feb 22, 2008
Copyright:Traditional Copyright: All rights reserved
List Price: $5.00 Buy Now

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
See more
See less

01/30/2013

$5.00

USD

original

EISS Self Assessment Cover Page

Sector/Group: Manager Responsible for the self assessment Process: Date Assessment is Performed: Individuals Performing this assessment:

What Networks Does this Assessment Cover: How many nodes are covered?

Name: Who are the Administrators responsible for this network?

E-Mail Address

Attended NET201?

Attended NET202?

Attended NET901?

Please recap the overall results of this assessment:

EISS Self Assessment - Section 1 - Information Management Standards
EISS Specific Section Reference: 1.0 Information Management Standards 1.1.a 1.1.2.a

Objective or Procedures Risk 1.1.1 Ownership of Information Does all data on SDLC computers or networks exist for the purpose of conducting SDLC business? Integrity 1.1.2 Access to Information Is access to the information provided on a “need to know” basis? Confidentiality 1.1.3 Appropriate Usage Is there evidence of usage of any SDLC electronic device for private or personal purposes without direct management knowledge and tacit approval? Integrity 1.2.1 Custodians Role and Authority Do custodians of information provide physical and procedural safeguards as needed per the classification of information in their custody to ensure the integrity and confidentiality of information assets as identified by information confidentiality asset owners? integrity For each information system, is an owner and delegate clearly defined and documented? availability Does the custodian have a list of system owners (SIC 8.1.2)? Integrity Does the custodian inform information asset owners of their responsibilities associated with the ownership and security of their data? Integrity Do custodians understand that they must not reclassify information without the permission of the owner? Integrity 1.2.2 Owners Role and Authority Are all information assets accounted for? Integrity Do all information assets have a defined confidentiality owner? integrity Have owners performed a risk analysis to determine, identify, and document the security classification associated with the information confidentiality assets they own in accordance with POPI availability classifications? integrity Is this classification reviewed at a minimum annually? confidentiality Do owners ensure that the appropriate business controls are applied and the conditions surrounding the custody or use of their information is in accordance with the confidentiality requirements of SIC Section 8 and the SDLC integrity EISS? availability confidentiality Do owners assign the role of custodian to integrity their data? availability

(Responsible Functional Area) User Owner Admin Custodian

Compliant (Y/N) Other

Action Plan if Needed:

Target Date:

x

x x

x

1.1.3

x

1.2.1.a 1.2.1.b 1.2.1.b 1.2.1.c 1.2.1.d 1.2.2.a 1.2.2.a

x x x x x x x

x

1.2.2.b 1.2.2.b

x x

1.2.2.c 1.2.2.d

x x

Page: 2 of 34

iCST Internal Use Only

Filename: 2163706.xls - Section 1

EISS Self Assessment - Section 1 - Information Management Standards
Do owners fully understand any custodian conditions surrounding the custody or use of their information? Do owners ensure the custoditions are in accordance with the requirements of SIC Section 8 and the SDLC EISS? Do owners grant access privileges to those needing access to their data on a need to know basis? Do owners review access privileges to their data at a minimum annually? Is this review process documented? Is renewal information retained for a minimum period of one year? 1.3 Information Classification Do information owners define information classification? 1.3.5 Assigning Classifications Has the organization that “owns” the information (usually the creator) determined its sensitivity and criticality classification? Has the information been classified according to Corporate SOP E-60? Has proprietary information and information that is highly sensitive to outages been identified in disaster recovery plans as described in Section 8 of SDLC’s EISS? Have the information classifications been reviewed at a minimum annually by the business unit that owns the information to ensure that the classification is still correct? Classifications of Data Output Is output, including report, data, and software, which contains the same information content as the input used to create it assigned the same sensitivity classification as the input? Is output that is formed by the merger of multiple inputs classified in accordance with the highest level of sensitivity classification represented by the input? Is output that is substantially different than the input information used to create it, classified independently from the input? Access Do system or application “owners” authorize access to their data or applications in accordance with SIC 8.3.5? Is access authorization reviewed on a yearly basis in accordance with SIC 8.3.5?

1.2.2.e 1.2.2.e 1.2.2.f 1.2.2.g 1.2.2.g 1.2.2.g 1.3

confidentiality

x x

x x

confidentiality confidentiality confidentiality Integrity confidentiality integrity integrity confidentiality confidentiality

x x x x x

1.3.5.a 1.3.5.b

x x x

1.3.5.c

availablity

x

x

1.3.5.d

confidentiality

x

1.3.5.e

confidentiality

x

1.3.5.f 1.3.5.g

confidentiality confidentiality

x x

1.3.5.h 1.3.5.I

confidentiality confidentiality

x x

1.3.7.a

1.3.7 Non-SDLC Proprietary Classification Does the SDLC representative ask a nonSDLC information owner to define the meaning of any non-SDLC information classification label? confidentiality

x

x

Page: 3 of 34

iCST Internal Use Only

Filename: 2163706.xls - Section 1

with guidance and advice from local Corporate Legal departments responsible for ensuring compliance with in Country and regional legislation? confidentiality Do regional and local in Country Management ensure that SDLC Ethics principles are enforced and that the individual’s personal and business privacy is not willfully violated? confidentiality Are management and especially Human Resources diligent when handling employee Personal and private data? confidentiality Does the information system handling personal and private data comply with applicable data protection laws.d 1.4.c x 1.4.4.c Mgmt Mgmt 1. which may also cover manual records? confidentiality Is accidental disclosure of personal data.Information Management Standards Is the non-SDLC proprietary classification.EISS Self Assessment .7. including registration with Data Protection Authorities? confidentiality 1.f Mgmt Page: 4 of 34 iCST Internal Use Only Filename: 2163706.4.4.Section 1 . and national and international legal requirements.c 1. for example in the course of problem resolution.xls .3.a Mgmt 1.Section 1 . along with the SDLC equivalent classification marked on information which is not owned by SDLC and is it considered proprietary based on the original owner’s classification scheme? confidentiality information while in the possession of SDLC treated with the same care as defined by the closest corresponding SDLC POPI classification? confidentiality 1.4.4.4 Information Privacy Standards Are regional and local in Country Management.7.b x 1. kept to an absolute minimum? confidentiality Does information system handling of personal and private data comply with applicable protection laws? Is a person assigned at each SDLC unit to take responsibility for ensuring compliance with these privacy standards.b 1.e Mgmt Mgmt Mgmt 1.3.

biometric data) so that they cannot be accessed by any unauthorized Intrusion user? Compromise Are all SDLC inforatmion assets protected by an approved hardware/software security product Is it true that only approved hardware and software products that contain or enforce Intrusion security and are intended for use on any Compromise SDLC system or network to ensure they meet Fraud all of the requirements of the SDLC EISS? Are programs or routines which are capable of bypassing or modifying the security system.e 2.1. passwords.General System Integrity and Security Access Controls EISS Specific Section Reference: 2.Section 2 . available and maintained on every computer or node to Intrusion prevent unauthorized users from gaining entry Compromise to the system and to prevent unauthorized Fraud access to data contained on. Availability Are default administrative account passwords Compromise for all security software changed during Integrity product installation.1.2.1) Evasion Does Security hardware/software provide a means to authenticate a user’s claimed identity (e.1 Security Access Controls Are security controls installed. authorized personnel.b 2. passwords. or accessible Theft through the system? (SIC 8.1 Computer Accounts Identification Is the login ID assigned unique within its own Integrity system domain and all other domains in which Confidentiality it will be used? x x x x x x x x x x x x x x x x x x x x x x x x x Page: 5 of 34 iCST Internal Use Only Filename: 2163706.1.1. encrypted tokens.1. Intrusion operating system integrity features. Integrity Is administrative password protection must be Compromise implemented for all system and security Integrity utilities.3.Section 2 .c 2.1.d 2. and executed by a limited Integrity number of trained.0 General System Integrity and Security Access Controls Objective or Procedures Risk (Responsible Functional Area) User Owner Admin Custodian Compliant (Y/N) Other Action Plan if Needed: Target Date: 2.d 2. under privileged ID’s. encrypted tokens. Availability 2.g 2. or Intrusion biometric characteristics)? Compromise Do security controls protect user authentication data (e.1. and usage logged and limited to authorized and documented security Compromise changes.1.a 2.2.g.1.a 2.f 2.g. or any Fraud application security controls or data verified Theft to ensure that the process is only doing what Compromis it is authorized to d Data Integrity Is software which is capable of running in system protected areas. Compromise or that is capable of granting special Fraud privileges tested.xls .EISS Self Assessment .1. Availability administrative utilities approved and documented.h 2.1.

c x x 2.1.2.General System Integrity and Security Access Controls Identification Is a documented process must be in place to Integrity identify all accounts associated with a given Confidentiality user.Section 2 .2.) Immediately upon termination or separation Compromise b.2.EISS Self Assessment .b x 2.5 x x 2.c x x 2.2.a-d x x HR/Manag ers Page: 6 of 34 iCST Internal Use Only Filename: 2163706.4 Guest Accounts Is the guest account restricted to General Business Information only? Confidentiality If the guest can access above General Business Information.2.1.3 Special Function Accounts Integrity Do you allow direct login to special function Compromise accounts? Fraud If you do allow direct login do you have Integrity controls in place that document the use of that Compromise account and who logs into it? Fraud When a users accesses a special function Integrity account do they authenticate themselves via Compromise a valid Computer User Account first? Fraud Is there a documented process in place to annually review the on-going need for those accounts? 2.3.2.2.d 2.2.2.2.2.) Intrusion Identification Integrity Does every computer account have a devined Confidentiality owner? 2.b 2.are controls in place that they cannot gain access to SDLC Confidential Proprietary data or above without additional authentication.d x 2.2.c 2.3.4.4.a x x x x x x x x 2.d 2.3. Is documented management approval available for each computer account? (Such approval may be on-line or via E-mail.2.2.Section 2 .2.2.2.a 2.xls .2.1.) Periods of inactivity 2.2. Confidentiality Is the guest account explicitly prohibited from access to all applications and system utilities not required for execution of its function? 2.6 Account Administration ensure computer accounts are reviewed and suspended which include: a.4.a 2.6.2.2.a x x NonSDLCn Sponsor 2.5 Non SDLC Accounts Do all non-SDLCn accounts meet all of the Compromise requirements of SDLC accounts as well as Confidentiality the addiitonal approvals as described in Theft WWCFP A-6? 2.2.3.b x x 2.2.2 User Accounts Do all SDLCns that require access to SDLC Compromise systems have an individual login ID to access Availability any SDLC system Integrity Are UserIDs associated with a single individual. but must be explicit. and not be shared with others? Integrity Is there a documented and controlled process to permit account access to someone other than the owner when business situations Availability require them? 2.

and not reused with a one year period? Do all priviliged/system or security administration accounts meet all of the requirements above.e 2.2.10.Section 2 .7. with the additional requirement of having their passwords changed every 30 days? maximum of three consecutive invalid login attempts and suspended after severn invalid login attempts.Must not be displayed in plain view . applications.a-b Compromise Integrity Confidentiality Compromise Integrity Confidentiality Confidentiality theft fraud compromise theft fraud compromise x x x x 2. physical removal.2. as required by the owners.e Compromise x 2. services etc.2.2.b. 2.2.xls .8. datafiles. For example. Is the highest POPI classification of data easily identifable to users when they login in to systems? 2.Must not be easily viewable or accessible by another person. suspension.3.2. change requests. not readily guesable or commonly recognizeable. password maintenance for special jobs and nonproduction proceses. .1.10 Other System Access Validations Have measures been taken to prevent unauthorized use of terminals and personal computers when unattended (e. key locks.3. programs.9. or physical security of the location)? Is screen blanking activated after 10 minutes of inactivity Are procedures in place for reviewing unsuccessful logon attempts. 2.a x x 2.3.2.a-f Compromise x x x 2.9 Password Administration Is there a documented process for performing password administration that includes distribution.3.2.b x x x x x Page: 7 of 34 iCST Internal Use Only Filename: 2163706.6. 2. databases.EISS Self Assessment .2. etc.I Compromise Compromise x x x x x x 2.h.2.2.c.10.7 Password Security and Account Verification Are there controls in place that force account passwords to be a minimum of 6 characters.7. PDA's. encryption. shared data areas. Is the operating and/or security system capable of limiting access and enforcing access to information assets.2.3 Data and Resource Controls defined user authority and enforce access control to data within the system (SIC 8.2.g Compromise x x x 2.General System Integrity and Security Access Controls Does the process include deleting accounts that have been suspended for 6 months or longer? 2.1-e Compromise x 2.g.7.Section 2 .d 2.c 2.Not stored in plain text on computer hard drives.b x x x x x 2.8 Password Confidentiality Are passwords protected from disclosure including? .10.a)? Are proper controlsdefined before the data/resource is created and used. 2. printers. changed at least every 90 days.

2.1.Section 2 .b-e Compromise Confidentiality Theft x x Mgmt.c Page: 8 of 34 iCST Internal Use Only Filename: 2163706.Have a documented process for performin Does the security administrator perform privileged or security functions from an account which is separate from his/her personal account.4. Does a change control process govern the testing and change control process.5. and does the account have a unique password? 2.6.b 2.Advise data owners of their security responsibilities .5.6.a 2.2 Audit Log Classification Retention and Review Are audit log retention periods documented.xls . .General System Integrity and Security Access Controls Integrity Compromise Compromise Confidentiality Theft x x 2.6 Security Vulnerabilities Is all security software up to date? Have all security patches/fixes been tested and applied.2. and reviewed at a frequency that allows the detection of unauthorized entry before a significant loss has occurred. reviewing and reporting on all significant security events? 2. 2.a-g x x x 2.5.4.4 Systems and Security Administration Does every computer have an identifiedsystem administrator? Are the following roles carried out by a specifically identified and authorized system or security administrator.1 Audit Data Is there a documented process for identifying. 2. capturing. x 2.Review and follow up on audit logs .a-d Compromise Confidentiality Theft Integrity Integrity Compromise x x x x 2.a x 2.6.f Compromise Integrity Compromise Confidentiality Theft Integrity x Mgmt.5.4.EISS Self Assessment . and is the audit data protected against destruction or change.Section 2 .

1.1 Objective or Procedures Risk Routers.a X 3.b Do Sector/group Network Information Centers (SNICs) work in cooperation with the SDLC Network Information Center (MNIC) to administer and maintain unique addressing for all communication protocols? Availability Has a network inventory of hosts and connections been created and maintained to aid identification of security requirements? Connectivity Integrity Availability Intrusion X 3.2.Section 3 .a Are routers.2.1.2. bridges and gateways always placed in a locked environment? Are ACL’s documented.1.xls .1.1.Section 3 .1.1.EISS Self Assessment .c 3.c 3.3. Bridges and Gateways (Responsible Functional Area) User Owner Admin Custodian Compliant (Y/N) Other Action Plan if Needed: Target Date: 3.2 Are ACL’s reviewed at a minimum annually to ensure that the need for the specific ACL’s Intrusion still exists and that undocumented changes Compromise have not occurred? Integrity Network System Tier Management Is a system of assigning addresses used and is it consistent with SDLC standards? Avalability X X 3.1.1.1. reviewed and approved prior to implementation and change? Intrusion Compromise Theft Financial Loss Integrity Availability Confidentiality Intrusion Compromise Integrity X X 3.1.1. X Does a firewall exist between the internal network and any non-SDLC entity? Dial-In Intrusion Compromise Fraud Financial Loss Confidentiality Integrity X Page: 9 of 34 iCST Internal Use Only Filename: 2163706.b X X 3.Network Security Standards EISS Specific Section Reference: 3.

1.a Is SDLC Internal Use Only and higher encrypted end-to-end when transmitted? Confidentiality Integrity Financial Loss X X X X Page: 10 of 34 iCST Internal Use Only Filename: 2163706.2.2. or is isolated from Intrusion all other systems and networks and dedicated Compromise to unrestricted business use.1.6 Firewalls? Password Encryption X X X 3.a 3. Modems are not set to auto-answer UNLESS the modem is secured by an approved authentication mechanism.xls .Section 3 .c Is one way encryption used for all stored passwords? X X 3.1.1.3.b Intrusion X X 3.a Is dial-in access to the SDLC network from a computer is prohibited unless the connection is through an approved external connection interface that is fully compliant with SDLC’s requirements? Intrusion Does dial-in access to SDLC require an approved two-factor user authentication mechanism? X X 3.a Are passwords encrypted during network transmission? Are passwords stored encrypted and only decrypted during the actual password validation process? X X 3.2.b 3.c Compromise Does dial-in access to SDLC by non-SDLCns Confidentiality require a completed risk assessment? Intrusion X X 3.1 Are dial-out services configured to meet the requirements of 3.1.Network Security Standards 3.3.3.1.2.2.d 3.3.3.1.3.2.1.2 Is encryption in compliance with local legislation? Data Encryption Confidentiality Intrusion Compromise Availability Financial Loss X X 3.2.3.2.2.b X X 3. or is set solely to Integrity receive facsimile transmissions? Confidentiality Dial Out Integrity Availability Confidentiality Compromise Intrusion Confidilability Availability Confidentiality Intrusion Compromise Availability Confidentiality Intrusion Compromise Availability X X 3.Section 3 .EISS Self Assessment .

g Intrusion Are the major encryption keys for link Compromise encryptors changed from the default values at Availability the time of equipment installation? Confidentiality Intrusion Compromise Are link encryption keys configured to change Integrity Confidentiality as often as possible not to exceed 7 days? Are audit trails avaliable to verify the distribution of encyrption keys? Intrusion Do encryption key changes require the Compromise documented approval of at least two Integrity supervisory individuals? Confidentiality Intrution Compromise Availability Confidentiality X X X X X X 3.Network Security Standards 3.g 3.Section 3 .3.3 3.3.3.a Intrusion 1. To verify that existing security controls are Compromise functioning. and only for the following reasons: X X 3.EISS Self Assessment .c Confidentiality Is SDLC Confidential Proprietary data Integrity encrypted when sent outside a SDLC facility? Financial Loss Confidentiality Integrity Financial Loss Confidentiality Integrity Financial Loss X X X X 3.Section 3 .e 3.3. including the System Availability Administrator's ability to detect attacks Confidentiality X X X X Page: 11 of 34 iCST Internal Use Only Filename: 2163706. and Integrity distributed using a documented procedure Availability that can be audited? Confidentiality Is any symmetric cryptographic key used by one communicating pair not knowingly used between any other communicating pair? Intrusion Integrity Confidentiality X X X X X 3.2.3.3.3.3.3.1 Conditions for Penetration Testing Is sanctioned penetration testing performed only where permitted by law.d Are message compression techniques prohibited as a means of security. assigned.c X X X 3. X X X X 3.3.e 3.3.1.f 3.a Are external connections between SDLC facilities encrypted? Are encryption mechanisms approved by the sector or group security function? Key Management Is an approved encryption mechanism used for the distribution of keys? X X 3.3.h Is access to physical encryption keys for hardware limited to authorized personnel? 3.3.3.3.b Confidentiality Integrity Compromise Intrusion Are public/private keys created.3.xls .4.2.d 3.4.3.3.3.2.3.2.3.

h X X X X X X 3.4.1.4. (2) necessary for the investigation of an incident.1.i Is care taken so that tests do not adversely affect the operation of the system under test.b 2.f 3. processing and handling requirements. Integrity or the integrity.) Are penetration testing tools restricted to those with a legitimate need for access? Intrusion Compromise Integrity Availability Intrusion Confidentiality Compromise Availability Confidentiality Intrusion Compromise Integrity Availability Confidentiality X X X X X X 3. To confirm the existence of a system or control vulnerability Are tests approved by the System Manager and executed under the supervision of the System Administrator unless: (1) part of an audit.i Are these tools made available only for the duration of testing? X X X 3.Section 3 .g 3.1.Network Security Standards Intrusion Compromise Availability Intrusion Compromise Integrity Availability Confidentiality 3.4.1.Section 3 .4.4.xls .EISS Self Assessment .1. (3) the response of the LAN/System Administrator is being tested? X X X X X X 3.f Do outside contractors used for sanctioned penetration tests complete a WW CFP A-6 risk assessment.f 3.1.c Is a request for a sanctioned penetration test to be performed on a system other than the System Manager's referred to a Testing Authority who shall review the request and either sanction testing or reject the request? Is it true that only the above-referenced System Manager or Testing Authority may sanction testing and all other test approvals are prohibited? Intrusion Compromise Availability Confidentiality Intrusion Compromise Availability Confidentiality X X 3. and sign a non-disclosure Intrusion statement subject to approval by the Compromise Corporate Director of Information Security or Availability a Corporate Senior Audit Manager? Confidentiality Intrusion Compromise Integrity Intrusion Availability Compromise Are bonded security professionals used? Confidentiality Integrity Is the use of ex-offenders strongly Availability discouraged? Confidentiality Are results of penetration tests treated as SDLC Confidential Proprietary information? (Refer to Policy SOP E-60 for information on storage.4.4.1. confidentiality or availability of Confidentiality data? Availability X X X Page: 12 of 34 iCST Internal Use Only Filename: 2163706.1.4.4.d X X X 3.1.1.4.

5.4.5. as appropriate? Intrusion Compromise Integrity Availability Confidentiality Intrusion Compromise Integrity Are the notifications and responses Availability Intrusion documented? Confidentiality Compromise Integrity If a procedure is faulty.c Do inbound connections used to retrieve SDLC data use port 443 only.a Does a change management process exist such that changes are documented in the Operations History Document? X X Page: 13 of 34 iCST Internal Use Only Filename: 2163706.l X X X 3.2.m Intrusion X X 3. therefore.k X X X 3.1.5.Section 3 .5.5. does the custodian of Availability that procedure make revisions? Confidentiality Intrusion Compromise Is information about a deficiency restricted to Integrity those directly responsible for determining and Availability implementing the corrective action? Confidentiality For the purposes of eliminating redundant audits. Intrusion Intrusion Compromise Fraud Financial Loss Confidentiality X X X 3.4. has the sector/group information security manager been notified as to the conditions and intent of tests? Availability If any specific controls are identified as inadequate or needing corrective action.1.j Penetration attempts may trigger intrusion detection mechanisms.Network Security Standards 3.4.1.Section 3 .1.4. are business unit test results available to Corporate Testing Authorities? 3. prior to the initiation of testing.1.4. and correlating self-audits with formal audits. does the tester or Testing Authority notify the System Manger.1.4.1 Reverse Proxy Security Architecture X X X 3. System Administrator and data owners.EISS Self Assessment .k X X 3.xls . Confidentiality Compromise Fraud Theft Are network connections initiated by end Financial Loss users using an https/ssl capable browser? Confidentiality X X X X 3.a 3. determining vulnerability trends.k X X 3.1.1.1.b Intrusion Compromise Fraud Theft Are security measures enforced at each layer Financial Loss Intrusion of the architecture.

b Does the application log all accesses/service Intrusion transactions it performs? Compromise X X X 3.5.5. 3.EISS Self Assessment .a Does the application implement controls which limit the amount of data delivered or actions taken to only those actions which are Confidentiality approved? Integrity X X 3. testing.a Intrusion Compromise Is the security standard for external to internal Fraud Theft connections designed around a proxy Financial Loss architecture approved by the Information Integrity Security Council and Group/Sector Availability Information Security? Confidentiality Does every component have the ability to log at the protocol layer it is filtering? Intrusion Is the architecture based on a minimum of two Intrusion separate hosts? Compromise Do SMTP and NNTP have UUCP between proxies? (SMTP/NNTP <-> UUCP <-> Intrusion SMTP/NNTP) Compromise Intrusion Is dual porting used for proxies? Compromise X X X X X X X X X X Sector or Group Security and ISC Page: 14 of 34 iCST Internal Use Only Filename: 2163706.b 3.5.6.1.6.6.6.Section 3 . Compromise testing or web content building takes place on Fraud the production system? Availability Is development.Network Security Standards Is configuration management process/change control implemented for web content building on the web server such that no development.e Does the web server limit its functions to validating user/application data and to making Compromise requests of the application server? Integrity Is the web server configured not to act as a proxy? 3.6.a 3.5.2.xls .c Does the application guarantee that access to and actions on the specific datais explicitly Intrusion approved for each user making a request Compromise 3.5.5.Section 3 .3.d 3.c X X X 3.1.3.6.3 Application Security Requirements Intrusion Compromise X X X 3.a 3.5.1.2.1 Network Interconnection Architecture X X X 3.1.2.1.5.a 3. and web content building segregated and performed on nonproduction systems.a 3.2.3.

3.6.b 3. to prevent exploitation of dynamic reply Intrusion ports?.6.a 3. control and protect all hosts/servers in the architecture? Are access controls must be put on the packet filter to enforce and compliment the host Intrusion and application control? Compromise Is an application proxy used to validate the application protocol for any service which passes into or out of the SDLC network? Intrusion Compromise Confidentiality X X X X 3.3.3. Compromise Intrusion Is filter #2 used to maintain session logs? Compromise Do all devices have two factor authentication Intrusion for administration? Compromise 3.c Is a packet filter must to limit.2.6.EISS Self Assessment .e Are network controls in place to reject invalid Intrusion spoofed or replayed packets? Compromise Are services available restricted only to necessary securable services? Is an approved network vulnerability testing tool used to verify the controls in place for firewall hosts? Do configuration changes generate an alarm? 3.Section 3 .2 Network Security Requirements for External Connections Are network security and administration controls must be fully documented in the Compromise Operation History Document (OHD)? Availability X X X X X X X X X X 3.g.6.1.6.f Intrusion Compromise X X 3.Network Security Standards Intrusion Compromise Confidentiality 3.3.a 3.6. a time and date stamp.3 Host Security Requirements Intrusion Compromise X X X X 3.6.Section 3 .6.3.a 3.c Intrusion Does each host have controls that determine Compromise which of its services may be used? Confidentiality Intrusion Compromise Confidentiality Is appropriate authentication implemented? Intrusion Does each host log all network connections to Compromise it? Confidentiality Do the logs contain the source address.a Is local backup used? Is Filter #2 used to maintain state information.6.2.6.1.6.a 3.6.2. http web proxy) is permitted to run on the host? X X X X X X 3. and pertinent information about the service request or network activity? Is it true that no application proxy (e.2.6.c Intrusion Compromise X X 3.2.2.d 3.d X X Page: 15 of 34 iCST Internal Use Only Filename: 2163706.6.2.b 3.6.6.xls .

the kernel.3. Does the host use an automated method to synchronize its clock with an authoritative SDLC time server? Are self-assessments or independent audits performed every six months? Intrusion Compromise Intrusion Compromise Intrusion Compromise Intrusion Compromise Intrusion Compromise Availability Integrity Intrusion Compromise Compromise Intrusion Intrusion Compromise X X X X X X 3.6.e 3.g Intrusion Are approved intrusion detection tools active? Compromise Are approved integrity tools active on hosts? Minimum checks are The minimum checks are boot files.h 3. network configuration files.6.6.g. Are logs pulled off within seven days (e.k X X 3.3.j X X 3.3. removed? Is appropriate authentication and encryption must be in place to protect the host's data.3. and are not be allowed via network segments susceptible to session hijacking or spoofing? Is it true that no user accounts exist on the hosts and network devices? Is a configuration management process/change control process implemented for configuration and executable files? There must not be any development or testing on the production system.3. Compromise Is an approved system configuration checking Intrusion tool run monthly? Compromise Are all unneeded files and services.3.6.Section 3 .n 3. using FTP).3.3.l X X X 3.Section 3 .6.6.i X X X X 3.xls . services.3.6. including applications and compilers.0 X X X X Group Network Security Page: 16 of 34 iCST Internal Use Only Filename: 2163706. the password file.m X X 3. sensitive and critical information? jDo all interactive privileged network logins use two-factor authentication.6.6.EISS Self Assessment .Network Security Standards 3. system Intrusion services binaries. and host configuration files.6.f 3.3.6.3.

1.1.1 Information Security for Computers Objective or Procedures Risk 4.1.1.2 Shared Computer Systems Does the access control method provide for registratoin and tracking of each users logon Compromise activities.1. Confidentiality Are users their own administrator without Availability compensating controls in place.1.EISS Self Assessment .xls . Intrusion Does the access control system require a unique login ID and password for each user of Confidentiality the system in accordance with SDLC EISS Compromise Section 2.I 4.a 4.1.c 4.b 4.1.1.j 4.1.2.1. Compromise Is the computer access control system configured to allow access by an authorized administrator.1. Confidentiality 4.1.h 4.1.f 4.e 4. Intrusion Does the computer must a timed lockout/screen blanking mechanism.1. Compromise provide an audit trail for Integrity preventative/detective measures in case a Intrusion computer is compromised. Availability Integrity Intrusion Is dial-in only allowed through a SDLC Compromise approved access system.1.c Confidentiality Intrusion Integrity Compromise Confidntiality Are protection mechanisms in place to Intrusion prevent direct access to data on the fixed disk Integrity Compromise or from removable media when booting. Where secure authentication mechanisms are used.2. Fraud Is there an independent quarterly review to Integrity ensure security software is up to datewhen Compromise users are their own administrators? x x x x x x x x x x x x x x x x x x x x x x Page: 17 of 34 iCST Internal Use Only Filename: 2163706.Computer Systems Security Standards EISS Specific Section Reference: 4.Section 4 .a 4. Confidentiality Is the data and/or business applicatons Integrity protected by access controls to segregate to Compromise access to them.1.2.2. does it prompt Integrity for a password which preserves the integrity Compromise of work i Confidentiality Are the number of system logon entry failures must be limited to three.1.1. do they require a minimum of twofactor authentication to meet the standards of the SDLC EISS Section 2.1. or when manually invoked and when activated.1.1.Section 4 .b 4.1 Access Control Does each computer have approved security software installed which requires a password OR a secure authentication mechanism which meets SDLC standards. which automatically engages after no more than ten minutes of inactivity. (Responsible Functional Area) User Owner Admin Custodian Compliant (Y/N) Other Action Plan if Needed: Target Date: 4. Is a time delay or system lockout inserted after the third invalid Intrusion attempt.g 4.1.d 4.1.

Section 4 .1.4.1.Section 4 .1.f Compromised Confidentiality x x Page: 18 of 34 iCST Internal Use Only Filename: 2163706.1.g 4. At the end of the work day.3.1. is all removable media clearly labeled and secured in a locked cabinet.h x x x x x x x x 4.d 4.3.1.3.1.4.3. Is magnetic media used for troubleshoting diagnostics made available for SDLC review Are remote diagnostic links to non-SDLCn eqjuipment controlled in accordance with EISS section 3? Are malfunctioning parts or circuit boards replaced with factory fresh or factory repaired components? If non-volatile components are involved.1.1.a 4.4.4. 4.e Compromise Confidentiality Theft Integrity Compromise Compromise Integrity Intrusion x x SDLC Manager SDLC Manager 4.c x x x x SDLC Manager 4.1. Is all SDLC Registered Secret Proprietary data encrypted. Is SDLC Confidential Proprietary information on shared systems protected by additional access controls other than those used to gain access to the basic computer system.2.EISS Self Assessment .1.d 4.f 4.3. When disposing of MCP or higher data is the informaiton overwritten.1. established controls and advised users of the security requirements of that system. Does removable storage media that contains MCP data secured and locked away when not in use. or removed and destroyed? x x x Confidentiality Intrusion Compromise Theft Confidentiality Compromise Theft Compromise Confid Theft Compromise Confidentiality Theft Compromise Confidentialtiy Theft Compromise Confidentiality THeft Compromise Confidentiality Theft Compromise Confidentiality Theft Compromise Confidentiality x x x 4.e 4.b 4.3.a 4. have they been erased. 4.1.c Is the administrator account password changed every 30 days.1.1. are nonSDLCn personnel escorted and closely monitored when in the SDLC facility or do they have a non-escort badge accountable to a specific manager.xls .1. When external drives are sent out for service has data been removed.4.4.b 4.4 Hardware Maintenance Is the SDLC data overwritten or the media reformatted when systems are sent out for service or is there a non-disclosure in place to cover this.3.3 Information Security Is a custodian assigned for each computer system who is responsible for the security administration Has the custodian determined the highest level of information.3. reformatted or overwritten.c 4.Computer Systems Security Standards Compromise Integrity Intrusion Compromise Confidentiality 4. At the end of the work day is external storage media secured.1. Have non-SDLCn maintenance personnel signed a non-disclosure and complied with A6? If a non-disclosure is not in place. or the media reformatted or physically destroyed.

2.Computer Systems Security Standards If Maintenanced is performed.5 Hardware Reassignment and Disposition When hardware is reassigned or disposed of.5. are all paper products removed? Confidentiality 4.xls .d 4.h x x x Whoever sends the drive out x x x x 4.1.a 4.c x x x x x x x 4. Theft If the drive is inoperable and the data unrecoverable.2.5.e x x x x x x x x Page: 19 of 34 iCST Internal Use Only Filename: 2163706.1. has it been sent to a SDLC approved data recovery Compromise service under a non-disclosure agreement? Confidentiality If the drive contains SDLC Registered Secret Proprietary information has a SDLC with Compromise authorized access accompanied it at all times Confidentiality when seviced.1. moved to storage or returned to lessor.4. Availability Is the latest version of virus definitions applied Integrity to all systems with anti-virus software.1. have all compromised passwords been changed and Compromise the system scanned for viruses? Confidentiality If critical data needs to be recovered. are circuit boards with non-volatile read/write Compromise data memory erased or removed? Confidentiality Are carbon ribbons and thermal cartridges removed from fax machines. or PDA systems) which are used for SDLC business have virus detection software installed with Integrity active mode enabled.c 4.. is data overwritten or the media reformatted to ensure that no confidential data is compromised and no data Compromise remaining on the computer system opens the Confidentiality potential recipient to issues of inappropriat Legal When hardware is reassigned or disposed of.1. is all SDLC data overwritten or is the media Compromise reformatted to ensure it is unrecoverable? Confidentialiy Is all SDLC-licensed software removed from a rented or leased computer system prior to its Theft return to the supplier? Legal When a computer system is transferred between individuals.? Confidentiality When faxes or printer are reassigned.1.5.a 4. has the media been physically Compromise destroyed Confidentiality 4.j 4. printers.e x x x x x 4. and is a full scan Integrity performed after it has been loaded. and other devices before equipment is reassigned per SOP E-60.1.5. Availability Is all software scanned before it is loaded onto any SDLC computer.4.1. Availability Are full scans run after new virus definitions Integrity are updated? Availability For any systems that have virus detection software running with active mode disabled. Unix machines not using emulators.f 4. Confidentiality When hardware is reassigned or disposed of.5.1.b 4.Section 4 .2. Compromise is all removable media removed.2 Virus Control Do all computers (except mainframe.1. Availability 4.b 4.Section 4 .2.1.4.EISS Self Assessment .g 4.d 4.5.2. Integrity are full scans performed daily.5.g x x x x x 4.

3. scanned Integrity before use. used in accordance with the terms of the software licensing agreement for the Legal product.3.3.b x x 4.3. FlexLM) to limit license usage to the nodes specified in the Legal agreement.3. is metering in place to restrict the number of Legal concurrent users to licenses authorized? Theft If concurrent licensing is implemented.a x 4.2.Computer Systems Security Standards Is software from public or private sources including but not limited to the internet. computer bulletin boards.g x x 4.f x x 4.3.3. are the nodes that can access these licenses within Legal specified physical boundaries? Theft Is the method of implementation carefully reviewed to ensure that when the software is not executed.1 Software Usage Is all software that is approved and purchased. does the computer system user understand the Availability procedures to follow? Integrity 4.xls .4.5.1.2.g.d x x x x 4.a 4. Theft When concurrent licensing is deployed and Suite Support is required (Microsoft Office.3. does proof of licensing exist? Theft 4.a x x Page: 20 of 34 iCST Internal Use Only Filename: 2163706. etc.2. etc.3.3.2. Theft Are procedures in place to handle the Legal detection of unlicensed software? Theft Are procedures in place to ensure that software is not reproduced unless licensing Legal allows? Theft Does a documented process exist for Legal performing regular annual software audits? Theft When master or site licensing agreements are Legal not in place.3 Individual or Named User Licensing When individual licensing is deployed.2.3. such as Legal a dependent TSR. no parts of the software remain loaded in memory at the workstation.3. Lotus Suite..a x x 4.1..b 4. is there an active metering program (e.Section 4 .c 4.3.2 Concurrent Licensing If concurrent licensing is deployed.1.) can you monitor and properly account for software products within Legal the Suite accurately.4 Node-Based Licensing a shared server within SDLC.2.3.3.3. Theft 4.d 4.Section 4 . VxD.3. Theft 4. Theft 4.3. Availability If a suspected virus is discovered that cannot be repaired with the anti-virus software.3. is there a process in place to ensure licenses match the number of licenses Legal allowed. has each user running the program purchased Legal their own license to run the software.5 Server-Based Licensing In server environments where licensing is based on a designated number of connections. Theft Are license agreements on file that clearly state the maximum number of concurrent Legal licenses allowed.1. or Wrapper.e x x x x x x x x x 4.EISS Self Assessment .e x 4.2. Theft 4.1.c 4.a 4.

Section 4 . Integrity In situations which require the use of Freeware/Shareware software in SDLC products.6 Evaluation or Demonstration Software Is all evaluation or demonstration software removed from any SDLC storage media upon the conclusion of any authorized evaluation period unless purchased or legally licensed for Company use.7 Shareware/Freeware Software 4. such as home systems.b 4.Section 4 . Liability x x x x Managem ent x x x x Managem ent x Managem ent x Installer Managem ent x x Managem ent x x x Page: 21 of 34 iCST Internal Use Only Filename: 2163706.9.c 4.8.3. Liability Is there a process in place that ensures the procurement and/or export of software complies with the governing laws of all Legal countries where it is being exported.3.7.8 Licensing Compliance for Second System Use Has the installation of any SDLC owned software on multiple systems. does deployment comply with all usage and Legal licensing agreements.3.. is it specifically authorized in the agreement.7. etc. desktops and laptops.b 4.a 4.8.3.d 4.3.3.3.3.9.3. Is a process in place to ensure that SDLC software that is installed on any associate owned computers is installed in accordance with license agreements and deleted upon separation from SDLC or when job Legal responsibilities no longer support the use o Theft When software license agreements are renewed. Liability 4.6.6.3.EISS Self Assessment .3. is there a process in place to reevaluate home usage so that it adheres to the Legal updated agreements? Theft 4. is adequate support available and Legal have license agreements been carefully Theft reviewed to ensure that they allow for reIntegrity packaging or commercial sales. were isolated test performed before loading this software on any production computer.7.3.xls .a 4.3.a 4.Computer Systems Security Standards 4. Theft Where freeware/share software has been deployed. been Legal approved by management and is it Theft documented and tracked.3.3.a 4.c Legal Theft Legal Theft Fraud Legal Theft Fraud x x x x x x 4. Is documentation retained to identify the evaluation period and the terms of the evaluation? Where evaluation software is used for production work.b Liability Integrity Availablity Is there no shareware/freeware software used Legality in mission critical environments? Theft Where shareware/freeware software is used.6.9 Software Export Is the deployment of all applications legal Legal within any country where it is being installed.8.3.7 4.b/c 4. 4.

Liability 4. Confidentiality When remote access capability is built into a Compromise PDA. are backup resources provided that comply with the backup requirements in Section 7 of this Integrity document.5.4. Availabity When a machine is off-site.Computer Systems Security Standards Does appropriate documentation accompany Legal all software that is moved between countries. Liability Are controls in place to ensure the integrity of synchronized data transferred from a PDA.2 Telecommuting Are procedures in place for security administration.a 4.4.3.2.4.d x x 4.4.4.1.xls . Availability 4.4.3.5.a x 4.1.b 4.5.c x x x Managem ent x Managem ent Managem ent 4.4.c x x x Managem ent 4. Integrity Integrity Is the PDA regularly backed up? Availability 4. is approved two-factor authentication Confidentiality used? Intrusion Are proper controls over the licensing of PDA applications in place and is proof of licensing available for audit for any software purchased Legal for the PDA as applicable.Section 4 .5.4. modular drives.9.1 Mobile Computing Compromise Is any data classified MCP or higher on a Confidentiality laptop computer stored in encrypted format.3 Occasional Work at Home Are records of SDLC owned software installed on employee owned computer systems Liability retained in the office.5 Personal Digital Assistant Theft Are PDA's carefully protected against theft or Confidentiality Availability accidental loss.2. Legal 4. Are PDA's either password protected.5.4. Theft Are laptop computers.1.c x x x 4. and removable disks kept physically locked up Compromise when not in the possession of a SDLC Confidentiality employee.e 4. Availability 4.g x x x Page: 22 of 34 iCST Internal Use Only Filename: 2163706.5. data encrypted or protected by id/password Compromise protection authentication. are backup resources provided that comply with the backup requirements in Section 7 of this Integrity document.4.d 4.b 4.EISS Self Assessment .Section 4 .d 4.1.c x x x 4. Availabity When a machine is off-site. Theft Are procedures in place for security administration.b 4.

b 5.3.1.1. and removal of EConfidentiality mail accounts. 5.1. and backup of the system.1.1. Integrity Compromise Confidentiality Are all E-mail gateways secured in a Integrity protected area. de-activation.1.c 5.1.2.Section 5 .a x 5.1.a 5.1.Section 5 .b x 5.1.3 E-Mail Administrators Is a process in place so that E-mail administrators ensure that accounts are properly maintained.3.2 x x x 5.3.Specific Network Technology Security Standards EISS Specific Section Reference: 5. This includes all local E-mail Confidentiality accounts. who is Compromise responsible for the account administration.EISS Self Assessment . Confidentiality maintenance. Integrity Compromise Is it true that SDLC E-Mail accounts are not Confidentiality be forwarded to a non-SDLC E-mail account. A documented process must be Confidentiality in place for handling situations whic Integrity x x Objective or Procedures Risk (Responsible Functional Area) User Owner Admin Custodian Compliant (Y/N) Other Action Plan if Needed: Target Date: 5.b x x x x x x 5. Are Procedures documented and in place for handling Compromise activation. or no longer with SDLC are disabled immediately and permanently removed within Compromise three months. as well as refere Integrity c) E-mail administrators may only access information contained in e-mail accounts of supported users with the explicit consent of SDLC management.1.1. Integrity Does each production e-mail server and gateway must have a primary and secondary e-mail administrator identified.1 E-Mail Users Does all E-mail correspondence have a valid business purpose? Integrity Compromise Is every E-mail user uniquely identified by Confidentiality their own separate E-mail account? Integrity Do shared e-mail accounts must fully comply with the standards for shared system Compromise accounts as identified in section 2 of this EISS Confidentiality document.c x Page: 23 of 34 iCST Internal Use Only Filename: 2163706.1. and under their direct Compromise supervision. Integrity Is a process in place to ensure that E-mail accounts for individuals no longer requiring access.1. Integrity 5.1.0 Specific Network Technology Standards 5.1.2 E-Mail Servers/Gateways Do all production e-mail servers and gateways on the SDLC computer network comply with the same guidelines set forth in Compromise the SDLC Enterprise Messaging Standards Confidentiality and Guidelines for general server security.1.e x x x x x x 5.2.a 5.xls .

5. as required by SOP E-60 (POPI).1.2.2.b x x x x 5. Compromise Confidentiality Integrity Compromise Confidentiality Integrity Compromise Confidentiality Integrity x Mgmt 5.2.xls .b 5.f x x x x 5.g Compromise Confidentiality Integrity x x x x Page: 24 of 34 iCST Internal Use Only Filename: 2163706. f) Use of facsimile and telex devices within SDLC for material classified SDLC Register Secret must be located in physically secured locations.2.1.1.Section 5 .1.a x x x Mgmt 5.c x x x x x x 5.6.3. data reception must be protected as required in section 3.EISS Self Assessment . Are facsimile and telex devices used within SDLC for material classified SDLC Registered Secret encrypted for transmission. 5.6.a Compromise Confidentiality Integrity Compromise Confidentiality Integrity Compromise Confidentiality Integrity Compromise Confidentiality Integrity Compromise Confidentiality Integrity Compromise Confidentiality Integrity Compromise Confidentiality Integrity Compromise Confidentiality Integrity Compromise Confidentiality Integrity x x x 5.Specific Network Technology Security Standards Does explicit management consent exist before E-mail system administrators are allowd to access E-mail messages not their own? Is the process documented and approved by management? Is a process in place whereby E-mail administrators ensure that all users of the systems they are responsible for are familiar with SDLC’s E-Mail Appropriate Use Guidelines? 5.5 E-Mail Enabled Applications If the E-mail system is used for information that requires non-repudiation. If a fax device also supports dial-in data reception.1.c 5.e x x x x x x x x x x x x 5.2.6.6 POPI Classification of E-Mail Messages Are all E-mail messages classified Internal Use and Above t be properly classified as part of the message body in accordance with SOP E-60.1.Section 5 .2 Fax and Telex Standards Are faxes pertaining to SDLC business the only ones allowed into SDLC.a x x x x 5. Is it true that SDLC Registered Secret Proprietary information is not transmitted internally or externally unless it is encrypted.d x x x Mgmt 5.d 5. within SDLC containing information which is classified higher than SDLC General Business Information specify the classification of the information. Is iInformation classified as Internal Use and above encrypted if sent from a system attached to a SDLC network to anyone outside of the SDLC network.2.2.2. Are recipients of faxes classified as SDLC Confidential Proprietary or higher present at the fax machine during transmission. Is the fax feature of any machine supporting both fax and data signals disabled when data transmission is active.1. are adequate controls in place to support this? 5. Are fax machines in non-secure areas turned off during non-business hours to prevent the possibility of receipt of SDLC Confidential Information or higher.

Integrity Is it true that any information classified higher than SDLC General Business Information is not posted on any bulletin board system Compromise unless the SOP E-60 (POPI) protection Confidentiality requirements are met.3 Bulletin Board Standards 5.c 5.2 Bulletin Board Data Classification Is general information.a 5.3 Publishing Standards Is it true that no racially/ethically sensitive or otherwise obviously offensive information is Compromise posted or allowed to be posted to SDLC News Confidentiality groups or BBSs. Integrity Is it ture that information classified as SDLC Internal Use Only is only be posted to SDLC Compromise newsgroups.3.1. 5.2.a 5.e 5.b 5.EISS Self Assessment .3. public domain software or documents posted on an Compromise electronic bulletin board system prohibited Confidentiality unless approved by the originating author.3.h Compromise Confidentiality Integrity x x x x 5.d 5. for example Compromise discussion of a health problem which is Confidentiality making an employee absent from work.1 Individual Identity Are login ids and passwords required before an individual can access the articles on any SDLC newsgroup.3.Section 5 .xls . not public domain bulletin Confidentiality boards. suppliers.a 5.3.3.4 Bulletin Board Administration Compromise Confidentiality Integrity Compromise Confidentiality Integrity x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x Page: 25 of 34 iCST Internal Use Only Filename: 2163706.3. software fixes.Specific Network Technology Security Standards Do fax cover sheets specify that the fax is intended for exclusive use of the addressee and may contain information which is confidential.3.3. Integrity Is it true that Information pertaining to Compromise questionable security practices or breaches Confidentiality are not be posted to any BBS.2. or business Compromise partners is only posted on SDLC-limited Confidentiality newsgroups.2.3. Integrity Is it true that news provided strictly for SDLC customers.b 5.3. Integrity Is a process in place to inform management Compromise when prohibited information is detected on an Confidentiality electronic bulletin board service? Integrity 5. Integrity Is it true that bulletin boards are not used for the posting of sensitive personal data which intrudes on a person's privacy. proprietary.b 5.3. Integrity Are controls in place to ensure that no person posts any information or programs that will Compromise cause a compromise to the security or Confidentiality integrity of a SDLC system.2.3.2.c Are all persons posting to a SDLC bulletin board required to identify themselves by name.1. contractors.2. Does it also state that if the fax communication is received in error. or privileged.f 5.3. 5.3.3.3. the recipie 5. Integrity 5.Section 5 .3.2.

e 5.a 5. VAN. Financial Loss 5.1.4.3.1.5) Financial Loss Is a process in place to ensure that the Compromise individual who signed for the account reviews Confidentiality trading partner accounts and data access Integrity authorizations on an annual basis.4.Section 5 .3 EDI Security Controls x x x trading partners x x x x x x trading partners x x x x x x x x x x x x x x Page: 26 of 34 iCST Internal Use Only Filename: 2163706. Financial Loss Is trading partnership data assigned a security classification based on Protection of Compromise Proprietary Information (POPI) requirements Confidentiality regarding sensitivity of data and access Integrity authorization Financial Loss Is trading partner data segregated in a Compromise manner such that a trading partner only has Confidentiality access to data required for its business Integrity application.2.4.4.f 5.4.1.4.EISS Self Assessment .4.1.d Compromise Confidentiality Integrity Financial Loss Compromise Confidentiality Do trading partners establish security controls Integrity to verify the authenticity of data received.2.4.Specific Network Technology Security Standards Compromise Confidentiality Integrity Compromise Confidentiality Integrity Compromise Confidentiality Integrity Financial Loss 5. and files from unauthorized access by trading partners and SDLC employees.c 5. The audit trail for unauthorized attempts must be reviewed weekly by the individual responsible for the EDI tra x x x x x x x x x x x trading partners 5. 5.4.3. and application software) must Compromise minimally meet the SDLC password Confidentiality requirements established in the General System Integrity and Access Control Integrity Standards (Chapter 2). programs. Financial Loss 5. Financial Loss transaction processing (operating system.a 5.a 5.Section 5 .4.2 Trading Partner Accounts Compromise Is it true that trading partner accounts cannot Confidentiality be activated until a trading partner agreement Integrity has been signed and approved.12.4.c 5.4. Is it true that the maximum classification of information allowed by the newsgroup must be defined by the newsgroup or BBS system administrator whenever a newsgroup is created.1.b 5.xls .d 5.1 EDI Data Security Software Does data security software protect EDI transactions.2.4. Does the data security software report authorized use of EDI transactions as well as all unauthorized attempts must produce an audit trail.b Is aA system administrator assigned for each bulletin board service.1.4.2. Financial Loss Compromise Is it true that trading partner agreements must Confidentiality either be signed by the Sector/Group Integrity Controller or General Manager (SIC 8.b 5.4. Financial Loss Compromise Are trading partner accounts terminated within Confidentiality twenty-four hours of cancellation notice by the Integrity EDI client business unit.

EISS Self Assessment .Specific Network Technology Security Standards Are security controls in place for EDI data routed through public data networks.3.b 5.4.4.Section 5 .4.4.xls . 5.3.4. Financial Loss x x x trading partners x x trading partners x x x Page: 27 of 34 iCST Internal Use Only Filename: 2163706. Financial Loss Compromise Does a business resumption/disaster Confidentiality recovery plan must exist for EDI transaction Integrity processing.c Compromise Confidentiality Integrity Financial Loss Compromise Confidentiality Is an audit log of all EDI transactions retained Integrity as per Corporate SOP's A-4 and A-10. value added networks and value added network interconnections.4.b Compromise Confidentiality Integrity Financial Loss Compromise Confidentiality Integrity Financial Loss x x x x x x 5. 5. the Internet.4.4. enterprise networks.4 EDI Auditing Do application error recovery procedures exist for EDI messages in the event of processing errors.a 5.a 5.Section 5 . Do any dial up security controls for EDI systems must minimally meet the SDLC requirements defined in the SDLC EISS Section 3.4.

2.c x x 6.1. integrity Are all diskettes.1. confidentiality Are all entrances physically secured (SIC 8. tapes. integrity 6. Are laptops which are locked in a docking station removed from the docking station for overnight and locked up out of sig availability Are procedures in place to ensure that workstation equipment is only be moved after taking proper precautions against damaging the machine. confidentiality Are unauthorized personnel (e.1.d 6. confidentiality and reviewed at a minimum annually to ensure that access to personnel is still required. or paper clipped to other materials. is it physically secured to prevent theft (i.3 Computer Workstations Do all workstations reside in a physically secure building.b 6.1. are they used in addition to other forms of security.1.1.1 Computer Media Handling Is it true that computer storage media isnot stapled.1. integrity 6.b x x x x Page: 28 of 34 iCST Internal Use Only Filename: 2163706.xls . such as physically separating any removable drives or locking stationary heads.1.2) with card access controls or equivalent security in place.2.Physical and Environmental Security Standards EISS Specific Section Reference: 6. maintenance support personnel) escorted at all times.1.d x x 6.1.3.1.b x x x 6. availability Are all laptop or palmtop computers physically locked in a desk or cabinet when unattended for overnight periods or longer. integrity Objective or Procedures Risk (Responsible Functional Area) User Owner Admin Custodian Compliant (Y/N) Other Action Plan if Needed: Target Date: 6.3.a 6. tethered).e.a x 6.Section 6 .e 6.0 Physical and Environmental Security Standards 6. or room. bound with a rubber band. floor.a 6.a 6.g.3. or other storage media stored in a holder specifically designed for that purpose.1. visitors. confidentiality Is VCR monitoring equipment installed to monitor particularly sensitive locations confidentiality 6.3.1.EISS Self Assessment . availability When physical locks are an internal part of the equipment.3.1 Computer Centers Are computer centers located in a secure environment with access restricted to availability authorized personnel only. If the workstation processor is in a public or nonMotorola controlled area.f x x x x x x 6.1.c 6.3.3.2 File Servers and Telecommunications Equipment Is telecommunications equipment located in confidentiality a physically secure and locked environment.1.Section 6 . confidentiality Are detailed logs kept of all persons entering a secured environment.

1.1.g 6.4.2.a 6.1.1.b 6.b x x x x 6.a 6. availability Is information protected against modification by environmental hazards. confidentiality Are recipients of Motorola Confidential or Motorola Registered Secret information must be present at the printer or fax machine during receipt/transmission.h x x x x Page: 29 of 34 iCST Internal Use Only Filename: 2163706.5.xls . availability Are the power controls for electrical computer equipment. computer ventilation system(s).Section 6 . availability Are in-line surge protection/management devices used to protect against power fluctuations.3.5.1.5.3. availability Is air conditioning installed and maintained to prevent equipment damage caused from overheating availability Is iInstallation and maintenance of computer equipment maintained in compliance with the environmental requirements described by the equipment supplier.5.5.e x x x x x x 6.3.b x x 6. and other accidents that could cause data integrity problems.d 6. and computer center lighting maintained on isolated electrical circuits.f x x 6.Section 6 .4 Printer/Fax Security Are all printers used to print information classified as Motorola Confidential Proprietary or higher located in a physically secure area.5.1.13) availability Are smoke detectors and fire extinguishers tested at least every six months.5.1 Hazard Protection Is it true that computer equipment isnot be located near any combustible or hazardous areas (SIC 8.1.4. integrity Do iIndividuals using removable storage media protect them from hazardous environmental and magnetic influences.1. integrity Is care taken to keep electronic storage media away from environmental or magnetic influences integrity 6.c x x x x x x 6.1. or the printer be attended by the recipient during printing? confidentiality Are fax machines used to transmit Motorola Registered Secret information located in a physically secure area.5.5.c 6. line noise.Physical and Environmental Security Standards Is proper care taken when handling the exposed portion of storage media to minimize fingerprints on recorded surfaces. integrity Does the individual using storage media protect them from pressure caused by other objects integrity 6.4.d 6.e x x x x 6.1.EISS Self Assessment .1. confidentiality 6.

Has an Information Backup Plan been developed to fully support the operating systems. offsite vaulting cycle and any trade off rational used in developing the backup plan.d X X X X Page: 30 of 34 iCST Internal Use Only Filename: 2163706.0 Information Back Up and Recovery Standards Objective or Procedures Risk 7.xls .d 7.a Business Loss / Financial Loss Business Loss / Financial Loss Business Loss / Financial Loss Business Loss / Financial Loss X X X X 7.f Business Loss / Financial Loss 7.b X X X X 7.e 7. DRC Disaster Recovery Coord. Are the backups kept in an area physically separate from the systems/server(s). application programs and data full backups taken weekly.3. software applications and data to the agreed upon level of criticality. Does the Backup Plan insure that in the event of a disaster. DRC Disaster Recovery Coord.3.EISS Self Assessment .2.Section 7 .c X X X X X Disaster Recovery Coord. DRC Disaster Recovery Coord. which is stored off-site.3. along with its documentation.2.a Business Loss / Financial Loss Business Loss / Financial Loss Business Loss / Financial Loss Business Loss / Financial Loss Business Loss / Financial Loss Disaster Recovery Coord. the backup information.2.2. DRC Disaster Recovery Coord. is information backed up on a scheduled basis and must. Are incremental or differential backups done based on business need.c X X X X 7. file server software.Section 7 . the recovered data is current enough to support the busi 7.2. system and/or network in order to establish the true level of information criticality and is it reviewed/updated by the application owner and equipment custodians at a minimum Is the level of information criticality must be reviewed. DRC Disaster Recovery Coord.2 Backup Requirements for Critical Business Applications Is a Business Impact Assessment (BIA) performed for each business application. documented and agreed upon by the affected application owners and equipment custodians.3.3 Backup Requirements for Non-Critical Applications Are system. (Responsible Functional Area) User Owner Admin Custodian Compliant (Y/N) Other Action Plan if Needed: Target Date: 7.b X X X X X 7.Information Backup and Recovery Standards EISS Specific Section Reference: 7. DRC 7. be taken off-site frequently enough to insure that in the event of a disaster. Is all backup information be stored with its documentation in a secure location. Does the Information Backup Plan contain the name of the system and or data. frequency and type of backup. is complete and sufficiently current so that the amount of data loss is acceptable to business management. DRC Disaster Recovery Coord. Based on the Backup Plan.2. DRC 7.

Business Loss / Financial Loss Business Loss / Financial Loss Business Loss / Financial Loss Business Loss / Financial Loss Business Loss / Financial Loss Business Loss / Financial Loss Business Loss / Financial Loss Business Loss / Financial Loss Business Loss / Financial Loss Business Loss / Financial Loss Business Loss / Financial Loss Business Loss / Financial Loss Disaster Recovery Coord. Business Loss documentation. does the backup system ensure the synchronization of the recovery.4.4. and other Disaster Recovery / Financial records kept in an off-site location.3.e X X X X 7. are backups verified by reading them back after they are written.f X X X X 7. Wherever feasible.4. Loss Where possible. DRC Disaster Recovery Coord.4. data.4.4. Are backup techniques used which are capable of fully restoring all open/active files so that the integrity of these files is not compromised and that they can be fully restored to active operations.I X X X X Page: 31 of 34 iCST Internal Use Only Filename: 2163706.Information Backup and Recovery Standards Is a backup copy of the system. DRC Disaster Recovery Coord. Is all backup media labeled with highest classification of the data that resides on the medial Is all locally stored backup media kept in fire retardant media safes. Many backup software packages allow this to happen in conjunction with routine scheduled backups. DRC Disaster Recovery Coord. 7. DRC Disaster Recovery Coord. Are users of portable and/or remote systems responsible for backing up and storing their data in a safe. application programs. DRC Disaster Recovery Coord.a X X X X 7.f X X 7.d X X X X 7. do LAN/System Administrators perform backups of critical local workstation information.4 Backup Procedures Does a documented backup process exist which defines the daily backup routines. X X X X X X X X 7.g X X X X 7.h X X X X 7.4.b 7.Section 7 . Is access limited to those who perform the backups and a log of the media in the safe maintained for use as a recovery aid.4. DRC Disaster Recovery Coord.e. file server software. DRC Disaster Recovery Coord. DRC Disaster Recovery Coord. DRC Disaster Recovery Coord. Do backup procedures exist for handling daily backups as well as performing day to day restorations or full data recovery. DRC Disaster Recovery Coord. data is actually being written to tape) and to ensure that the media is still readable. secure location.4. In distributed database environments.g X X X X 7.Section 7 .3.d X X X X 7.c Is a locally stored backup log kept.EISS Self Assessment . DRC Disaster Recovery Coord.4.3. DRC 7. Is the backup process automated wherever possible in order to ensure consistency.xls . Are randomly selected file restores performed at a minimum of monthly to ensure the readability of the backups (i.e X X X X 7. DRC Disaster Recovery Coord.

Is this process performed more frequently when offsite data is extremely sensitive and is being kept for archival or legal Page: 32 of 34 iCST Internal Use Only Filename: 2163706.4.5 Off-Site Storage Does the off-site location must have restricted access. Business Loss / Financial Loss X X X X Business Loss / Financial Loss Business Loss / Financial Loss X X X X X X X x Business Loss / Financial Loss Business Loss / Financial Loss X X X x X X X x 7. DRC Disaster Recovery Coord. and who is authorized to make changes in access Is a process must be in place for reviewing who has access to off-site processes. DRC 7.5.3 When off-site data is kept for multiple years. who is authorized to recall data. is the media must be brought back and tested for integrity at a minimum annually. DRC Disaster Recovery Coord.Section 7 . DRC Disaster Recovery Coord. At a minimumdoes this include a list of who is authorized to send data off-site.j 7. at any time.4. is it bonded and insured against loss or breach of security.5.xls .b 7. night or day.a 7.d k) Media devices must be periodically cleaned per manufacturers specifications to ensure the integrity of data being written to media.5.Information Backup and Recovery Standards Disaster Recovery Coord.6 and 7 of the SDLC EISS. yet accessiblity when needed.5.Section 7 . Is a documented procedure in place that outlines the off-site rotation process. If an outside company operates the location.5.c 7. DRC Disaster Recovery Coord. This review must be done at a minimum annually – or whenever there is a change in responsibilities that warrants it. Is off-site backup media given the same level of physical and environmental protection that is required for the primary site as defined in sections 1.EISS Self Assessment .2. 7.

2.2.1. Does the plan ensure that Information Security procedures and mechanisms are maintained during the recovery process. system and/or network it supports. system.com/security/dr.xls .1.2.0 Disaster Recovery 8.d X X X X X X X X X x x x X X X 8.1 Identifying Critical Business Applications Is a Business Impact Assessment (BIA)performed for each business application.1.corp. system and/or network in order to establish the true level of business and data criticality.2 Disaster Recovery Plans Is a Disaster Recovery Coordinator assigned to coordinate the development. DRC Disaster Recovery Coord. data. documentation Business Loss and supplies kept in a secured off-site / Financial location.Business Loss site data can be used to successfully recover / Financial the application.3.2. Is each Disaster Recovery Plan reviewed using the Disaster Recovery Plan Review Business Loss Check List available at: / Financial http://www.mot.f 8.c 8.a Is the Disaster Recovery plan classified as SDLC Confidential Proprietary. Where Loss X X X X X X X X X x x x X X X X X X x X Page: 33 of 34 iCST Internal Use Only Filename: 2163706.b 8. complete and that the off.c X X X x 8. Is the recovery timeframe reviewed. Is the criticality classification reviewed/updated by the system owner and equipment custodians: 8.2. Loss Is a copy of the recovery plan.a Business Loss / Financial Loss Business Loss / Financial Loss Business Loss / Financial Loss Business Loss / Financial Loss Business Loss / Financial Loss Business Loss / Financial Loss Business Loss / Financial Loss X X X x Disaster Recovery Coord.EISS Self Assessment . / Financial network and/or application. DRC 8.2. Objective or Procedures Risk (Responsible Functional Area) User Owner Admin Custodian Compliant (Y/N) Other Action Plan if Needed: Target Date: 8.g 8. DRC Disaster Recovery Coord.a X X X x x 8. Has each system owner / equipment custodian developed and documented a Disaster Recovery Plan for each essential business application.2.b X X X x 8. Loss 8.Section 8 . agreed upon by the affected business and Information Systems areas (system / data owners and equipment custodians) per SIC Section 8 and documented.3 Testing the Disaster Recovery Plan Are system owners and equipment custodians responsible for testing their Disaster Recovery Plans at least once a year to ensure that the plans are accurate.Disaster Recovery Planning Standards EISS Specific Section Reference: 8. Loss Ist the plan tested and updated yearly to Business Loss reflect changes in the hardware.Section 8 .e 8. testing and updating (maintaining) of the plan.

Section 8 . application and/or network has / Financial experienced a high degree of change.Section 8 .Disaster Recovery Planning Standards Does the test recovery ensure that the hardware.xls .3. data recovered and the applications functionally verified by the Business Loss business or application support areas within / Financial the recovery time frame that was developed. are all materials. documentation. etc.3. data.EISS Self Assessment .e. procedures. Loss Is more frequent testing mused when a Business Loss system. are personnel who are unfamiliar with the site being tested used to execute the recovery test in order to verify the Business Loss detail and completeness of the recovery / Financial procedures.a Page: 34 of 34 iCST Internal Use Only Filename: 2163706. system.3. problems encountered and suggestions for improvement. The full test must be / Financial review Loss 8. i. application programs.4 Disaster Recovery Training a) Have all Disaster Recovery Coordinators attended the NET901 DIsaster Recovery Planning Workshop class? Business Loss / Financial Loss 8.3. Loss which lists time frames. network.c X X X X X X x x X X 8.b 8.d X X X x X X X X x X Disaster Recovery Coord. DRC 8. needed to facilitate the recovery test done Business Loss from locations other than the primary / Financial processing site.4. Loss When performing the test. Loss Where possible. This log must be expanded in a postmortem review and then used for problem Business Loss tracking and resolution.c X X X x X 8.

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->