Embed Size (px)
Citation preview
Information Technology Risk Management – Control AreasAccess Control (Logical)LA-01 Information Security PoliciesLA-02 Information Security Policy - User ResponsibilityLA-03 User Authentication - Security ConfigurationLA-04 User Authentication - Password PoliciesLA-05 (a) User Administration - Access Requests (New Users )LA-05 (b) User Administration - Access Requests (Transfers)LA-06 User Administration - TerminationsLA-07 Access Reviews - Audit LogsLA-08 Access Reviews - Quarterly User & Administrator AccessAccess Control (Physical)PA-01 General Physical Security Guidelines/Policies & ProceduresPA-02 Access Provision and Maintenance - New Access SetupPA-03 Access Provision and Maintenance - Access TerminationPA-04 Access MonitoringPA-05 Data Center Security ControlsPA-06 Data Center Environmental ControlsChange ManagementCM-01 Change Management PolicyCM-02 Planned/Unplanned ChangesCM-03 Emergency ChangesCM-04 Windows OS Change Management Process (Active Directory)System Software MaintenanceSM-01 Systems Software MaintenanceOperating System MaintenanceOM-01 Solaris Operating System MaintenanceDatabase System MaintenanceDM-01 Patch ManagementDM-02 Security Parameters ChangesDM-03 Microsoft SQL Server DatabaseNetwork SecurityNS-01 Security Event MonitoringComputer Operations ManagementCO-01 Real-Time Data ProcessingCO-02 Backup Management
