Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

CIS Critical Security Controls v8 (The 18 CIS CSC)



Для проведения оценки соответствия по документу войдите в систему.

Похожие требования

Guideline for a healthy information system v.2.0 (EN):
The operational teams (network, security and system administrators, project managers, developers, chief information security officer (CISO)) have special access to the information system. They can, inadvertently or through not understanding the consequences of certain practices, carry out operations creating vulnerabilities. 

We can cite for example, granting accounts with too many privileges in relation to the task to be carried out, the use of personal accounts to carry out services or periodical tasks, or even choosing passwords that are not sufficiently robust granting access to privileged accounts. 

The operational teams, to comply with information system security accepted practice, must therefore undertake - upon taking on their role and, subsequently, at regular intervals - training on:
  •  the legislation in effect;
  • the main risks and threats;
  • security maintenance;
  • authentication and access control;
  • the detailed configuration and hardening of systems;
  • network partitioning; 
  • and logging.
This list must be specified according to the employee’s job , considering aspects such as security integration for project managers, secure development for developers, the security reference documents for ISSMs, etc. Moreover, it is necessary to mention specific clauses in service agreements in order to guarantee regular training in information system security for external staff and especially outsourcers. 

Связанные защитные меры

Ничего не найдено