Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

CIS Critical Security Controls v8 (The 18 CIS CSC)



Для проведения оценки соответствия по документу войдите в систему.

Похожие требования

Guideline for a healthy information system v.2.0 (EN):
Data vital to the proper business of the organization that is held on users’ devices and servers must be subject to regular backups and stored on disconnected devices, and its restoration must be tested periodically. An increasing number of small organisations are subject to attacks which make their data unavailable (for example demanding, in exchange for returning the data, the payment of a significant amount of money (ransomware)). 
Following an exploitation incident or in the context of managing an intrusion, the availability of backups, saved in a safe place, is essential to continue the activity. Formalising a regularly updated backup policy is therefore highly recommended. This aims to define the requirements in terms of backing up information, software and systems. 

This policy must, at least, integrate the following elements:
  • the list of data judged vital for the organization and the servers concerned;
  • the different types of backup (for example the offline mode);
  • the frequency of backups;
  • the administration and backup execution procedure;
  • the storage information and the access restrictions to backups;
  • the testing and restoration procedures; > the destruction of media that contained backups. 
The restoration tests may be carried out in several ways: 
  • systematic, through a task scheduler for important applications; 
  • one-off, in the event of an error in files; 
  • general, for complete backup and restoration of the information system. 
CIS Critical Security Controls v7.1 (SANS Top 20):
CSC 10.5 CSC 10.5 Ensure All Backups Have at Least One Offline Backup Destination
Ensure that all backups have at least one offline (i.e., not accessible via a network connection) backup destination.
Strategies to Mitigate Cyber Security Incidents (EN):
Regular backups of important new/changed data, software and configuration settings, stored disconnected, retained for at least three months. Test restoration initially, annually and when IT infrastructure changes.
Relative Security Effectiveness:  Essential | Potential User Resistance:   Low | Upfront Cost:  High | Ongoing Maintenance Cost:  High

Связанные защитные меры

Ничего не найдено