Scribd Logo
Upload

Welcome to Scribd!

  • ISMS Pending-Santha

    Uploaded by

    Sundararajan srinivasan
    21 views4 pages
    This document outlines control requirements for various departments at Asirvad to enhance security of their applications. It lists 14 control requirements for the applications department including implementing role-based access control, blocking user access on resignation, changing known passwords, implementing multi-factor authentication, reviewing audit logs and access rights periodically, conducting security testing, and establishing a change advisory board. The CTO, Joshy, is identified as the responsible head to ensure these controls are implemented.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    XLSX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document outlines control requirements for various departments at Asirvad to enhance security of their applications. It lists 14 control requirements for the applications department including implementing role-based access control, blocking user access on resignation, changing known passwords, implementing multi-factor authentication, reviewing audit logs and access rights periodically, conducting security testing, and establishing a change advisory board. The CTO, Joshy, is identified as the responsible head to ensure these controls are implemented.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    21 views4 pages

    ISMS Pending-Santha

    Uploaded by

    Sundararajan srinivasan
    This document outlines control requirements for various departments at Asirvad to enhance security of their applications. It lists 14 control requirements for the applications department including implementing role-based access control, blocking user access on resignation, changing known passwords, implementing multi-factor authentication, reviewing audit logs and access rights periodically, conducting security testing, and establishing a change advisory board. The CTO, Joshy, is identified as the responsible head to ensure these controls are implemented.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    Sl.

    No Control required Department Responsible


    Head : Joshy (CTO)
    1. Role Base Access Control (RBAC) to be defined
    and periodic User and Privilege access review Application
    required.
    Review report must be approved and signed.
    1
    Procedure must be implemented to block User
    access in HRMS/ all applications on the same day of Application
    2 Resignation.
    All the Passwords know must be changed which are
    known to the resigned user on the same day and Application
    3 record of the activity must be maintained.
    Procedure for usage of Generic Accounts in
    applications and it must be reviewed periodically Application
    4 and recorded the review report.
    Security Plan and its security related test cases Application
    5 verification for the Change implementation
    Password Policy must be uniquely followed in
    Applications. Application
    Asirvad Password Policy configuration in
    Applications
    6
    MFA Authentication must be implemented for all
    Application
    7 critical applications of Asirvad
    Audit trail logs (Applications/ Cloud Environment)
    must be reviewed Monthly basis and review report Application
    8 must be maintained

    VAPT to be done for all applications. Application


    9

    User based Login must be maintained for all


    Application
    applications
    10
    Process set up for the maintenance of Generic Login
    Application
    11 ID's in Applications.

    How the access is provisioned and deprovisioned. Application


    12
    Conduct BCP DR drill for all the critical applications Application
    13 and networks

    Change Advisory Board (CAB) establishment Application


    For Critial Changes which is having business impact
    14
    Legal warning banners shall be displayed before
    Application
    15 application login screen.
    Review of logical access rights shall be periodically
    Application
    16 performed.
    Specific Secure fields in Database of applications Application
    17 shall be encrypted.
    All releases shall be approved by the CTO from Application
    18 Asirvad.
    All changes shall be tracked in the Applications and it
    Application
    19 can be tracked by reports.

    Release logs/ versions shall be periodically reviewed


    by AML to identify any unauthorised changes. Application
    20
    Record retention standards for data shall be defined
    by AML for outsourced development and software Application
    21 management.
    All software applications developed by vendors for
    AML shall be centrally managed by the IT Application
    22 Department.
    The vendor shall intimate AML before revoking or
    modifying admin access from servers. Application
    23
    Procedure to be established

    Approvals shall be obtained from AML before


    granting an admin access in servers/systems. Application
    24 Procedure to be established

    Application administrator logs shall be monitored to


    identity any fraudulent activates. Application
    25
    26 Data classification Application
    Electronic copy of the Business, Finance, PII,
    Architecture,Project Plans, Design and Regulatory
    documents must be stored in centralised repository with Application
    VPN access
    27
    To be Completed By Status

    Change Advisory
    Board-Charter.docx

    You might also like