|
Information Systems Security Policy Update 08/30/06 Detail Continued from previous page. Topic 15 - Remote Access Policy. Formerly Topic 18 "Telecommuters and Off-Site Users of Mainframe and LANs", this section contains the following subtopics: General Employee Virtual Private Network Access Laptop Safeguards Personal Digital Assistants (PDA) and Blackberry Safeguards Portable Media Safeguards Topic 16 - Physical and Environmental Protection Policy. Formerly Topic 27 "PC Information Protection" and Topic 30 "Physical Protection of Microcomputers and Related Equipment", this section contains the following subtopics: General Data Center Security Electronic Media Security Branch and Department Security Topic 17 - Encryption Policy. New section that contains the following subtopics: General Encryption Key Management Topic 18 - Systems Development and Acquisition Policy. Formerly Topic 12 "Hardware and Software Acquisition", this section contains the following subtopics: General Project Management Software Development and Acquisition Security Control Requirements Application Software Security Controls Software Trustworthiness Acquisition Procedures Location Changes Maintenance Licensing Compliance Procedures Assessment of Software Procedures Assessment of Hardware Procedures Workstation Deployment and Administration Use of Personally Owned Microcomputers and Software on Bank Premises Topic 19 - Maintenance and Patch Management Policy. Formerly Topic 13 "Patch Management", this section contains the following subtopics: General Major Modifications Routine Modifications Emergency Modifications Conversions Hardening Standard Builds Patch Management Overview Patch Management Implementation Procedures Patch Management Responsibilities Vulnerability Monitoring Procedures Library Controls Utility Controls Documentation Maintenance Topic 20 - Change Control Policy. Formerly included in Topic 13 "Patch Management", this section contains the following subtopics: General Change Control Standards Change Control Procedures Topic 21 - Personnel Security Policy. New section includes the following subtopics: General Background Checks and Screening Process Agreements for Confidentiality, Non-Disclosure and Authorized Use Job Descriptions Training Topic 22 - Data Security Policy. New section includes the following subtopics: General Protection Standards Application of Protection Profiles Handling and Storage of Data Disposal of Media Transit Security Standards Topic 23 - Service Provider Oversight Policy. Formerly Topic 5 "Risk Management - Outsourcing", this section contains the following subtopics: General Trust Services SAS 70 Reports Click here to continue the review of detailed changes. |
|
© Copyright 1999 - 2008. All rights reserved. Privacy Policy - Updated 8/25/2008 - Terms and Conditions |
|
Information Systems Security Update |
|
Celebrating Our 9th Anniversary Serving the Financial Institution Industry |
|
Product Directory Policy Home New/Updated Products Regulatory Hot Topics Discount Programs Client Services Service Resources |