Куда я попал?
CIS Critical Security Controls v8 (The 18 CIS CSC)
Framework
14.8
Для проведения оценки соответствия по документу войдите в систему.
Список требований
-
14.8 Train Workforce on the Dangers of Connecting to and Transmitting Enterprise Data Over Insecure Networks
Train workforce members on the dangers of connecting to, and transmitting data over, insecure networks for enterprise activities. If the enterprise has remote workers, training must include guidance to ensure that all users securely configure their home network infrastructure.Обязательно для implementation Group 1 2 3
Похожие требования
Guideline for a healthy information system v.2.0 (EN):
1 STANDARD
/STANDARD
The operational teams (network, security and system administrators, project managers, developers, chief information security officer (CISO)) have special access to the information system. They can, inadvertently or through not understanding the consequences of certain practices, carry out operations creating vulnerabilities.
We can cite for example, granting accounts with too many privileges in relation to the task to be carried out, the use of personal accounts to carry out services or periodical tasks, or even choosing passwords that are not sufficiently robust granting access to privileged accounts.
The operational teams, to comply with information system security accepted practice, must therefore undertake - upon taking on their role and, subsequently, at regular intervals - training on:
We can cite for example, granting accounts with too many privileges in relation to the task to be carried out, the use of personal accounts to carry out services or periodical tasks, or even choosing passwords that are not sufficiently robust granting access to privileged accounts.
The operational teams, to comply with information system security accepted practice, must therefore undertake - upon taking on their role and, subsequently, at regular intervals - training on:
- the legislation in effect;
- the main risks and threats;
- security maintenance;
- authentication and access control;
- the detailed configuration and hardening of systems;
- network partitioning;
- and logging.
This list must be specified according to the employee’s job , considering aspects such as security integration for project managers, secure development for developers, the security reference documents for ISSMs, etc. Moreover, it is necessary to mention specific clauses in service agreements in order to guarantee regular training in information system security for external staff and especially outsourcers.
Связанные защитные меры
Ничего не найдено
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.