|
Identifying risks and preparing to identify security controlsBog'liq 27033-1-20157
Identifying risks and preparing to identify security controls
............................................................................
13
7.1 Introduction
...........................................................................................................................................................................................
13
7.2
Information on current and/or planned networking
.........................................................................................
13
7.2.1 Security requirements in corporate information security policy
.......................................
13
7.2.2 Information on current/planned networking
.....................................................................................
14
7.3
Information security risks and potential control areas
....................................................................................
18
8
Supporting controls
........................................................................................................................................................................................
21
8.1 Introduction
...........................................................................................................................................................................................
21
8.2
Management of network security
........................................................................................................................................
21
8.2.1 Background
........................................................................................................................................................................
21
8.2.2 Network security management activities
...............................................................................................
21
8.2.3 Network security roles and responsibilities
.........................................................................................
23
8.2.4 Network monitoring
..................................................................................................................................................
24
8.2.5 Evaluating network security
...............................................................................................................................
25
8.3
Technical vulnerability management
...............................................................................................................................
25
8.4
Identification and authentication
........................................................................................................................................
25
8.5
Network audit logging and monitoring
..........................................................................................................................
26
8.6
Intrusion detection and prevention
...................................................................................................................................
27
8.7
Protection against malicious code
......................................................................................................................................
28
8.8
Cryptographic based services
.................................................................................................................................................
28
8.9
Business continuity management
.......................................................................................................................................
29
|
| |