|
Information Systems Security Policy Update 08/30/06 Detail Topic 2 - Introduction. No substantial changes. Subtopics are: General Implementation and timing. Topic 3 - Policy Description, Authority and Scope. This topic was completely revised, and includes the following subtopics: Description and Authority Scope of Policy General Information Security Objectives Information Security Program Business Continuity Insurance Outsourced Systems Enforcement Exceptions to Policy (Includes procedures for using the Information Systems Exception to Standards form template. This subject matter was formerly included in Topic 36 of the prior version.) Topic 4 - Definitions. Several new definitions were added. Topic 5 - Organization, Responsibilities and Administration. This topic was completely revised, and now includes the following subtopics: General Board of Directors Responsibilities Senior Management Responsibilities Delegation and Authority Technology Committee Responsibilities Chief Information Technology Officer Responsibilities Information Technology Department Responsibilities Compliance Officer Responsibilities Human Resources Department Responsibilities Branch and Department Supervisor Responsibilities User Responsibilities Internal/External Audit Review Topic 6 - Risk Management Overview. Formerly Topic 4 "Risk Management and Security Assessment", this section now contains the following subtopics: General Responsibility Specific Risks to Electronic Systems Risk Management Program Topic 7 - Information Security Program Risk Assessment. Formerly Topic 4 "Risk Management and Security Assessment", this section now contains the following subtopics: General Risk Assessment Process Risk Rating Assignment Prioritization Monitoring Other Key Elements Topic 8 - Information Security Strategic Plan. New section that contains the following subtopics: General Resource Considerations Budget Considerations Key Concepts Security Architecture Standards Topic 9 - Basic Information Security Control and Standards. New section that contains the following subtopics: General Access Control Administration of Access Rights Policy Information System Access Procedures Some of the elements within this topic were taken from the former Topic 17 "Mainframe and LAN User Access Requests." Topic 10 - Authentication Policy. New section. Topic 11 - Network Access Policy. New Section. Topic 12 - Firewall Policy. Formerly included in Topic 19 "Intrusion Detection Systems and Monitoring", this section contains the following subtopics: General Malicious Code Filtering Outbound Filtering Network Intrusion Prevention Systems Quarantine DNS Placement Wireless Issues Topic 13 - Operating System Policy. New section. Topic 14 - Application Access Policy. New section. Click here to continue the review of detailed changes. |
|
© Copyright 1999 - 2008. All rights reserved. Privacy Policy - Updated 7/21/2008 - Terms and Conditions |
|
Information Systems Security Update |
|
Celebrating Our 9th Anniversary Serving the Financial Institution Industry |
|
Product Directory Policy Home New/Updated Products Regulatory Hot Topics Discount Programs Client Services Service Resources |