Query Process

8/8/2019 Query Process

http://slidepdf.com/reader/full/query-process 1/22

5 Game.gif

6 Game.gif

7 Game.gif

8 Game.gif

9 Game.gif

10 Game.gif

11 Game.gif 12 Game.gif

13 Game.gif

14 Game.gif

15 Game.gif

16 Game.gif

17 Game.gif

18 Game.gif

Game.gif

Game.gif

A.6.2.2

A.6.2.3

A.7

A.7.1

A.7.1.1

A.7.1.2

A.7.1.3

A.7.2

A.7.2.1

A.7.2.2

A.8

A.8.1

A.8.1.1

A.8.1.2

A.8.1.3

A.8.2

A.8.2.1

A.8.2.2

A.8.2.3

A.8.3

A.8.3.1A.8.3.2

A.8.3.3

A.9

A.9.1

A.9.1.1

A.9.1.2

A.9.1.3



A.9.1.4

A.9.1.5

A.9.1.6

A.9.2

A.9.2.1

A.9.2.2

A.9.2.3A.9.2.4

A.9.2.5

A.9.2.6

A.9.2.7

A.10

A.10.1

A.10.1.1

A.10.1.2

A.10.1.3

A.10.1.4A.10.2

A.10.2.1

A.10.2.2

A.10.2.3

A.10.3

A.10.3.1

A.10.3.2

A.10.4

A.10.4.1

A.10.4.2

A.10.5

A.10.5.1

A.10.6

A.10.6.1

A.10.6.2

A.10.7

A.10.7.1

A.10.7.2

A.10.7.3

A.10.7.4

A.10.8

A.10.8.1

A.10.8.2

A.10.8.3

A.10.8.4

A.10.9

A.10.9.1

A.10.9.2



A.10.9.3

A.10.9.4

A.10.10

A.11.2.1

A.11.2.2

A.11.2.3

A.11.2.4

A.11.3

A.11.3.1

A.11.3.2

A.11.3.3

A.11.4

A.11.4.1

A.11.4.2

A.11.4.3

A.11.4.4

A.11.4.5A.11.4.6

A.11.4.7

A.11.5

A.11.5.1

A.11.5.2

A.11.5.3

A.11.5.4

A.11.5.5

A.11.5.6

A.11.6A.11.6.1

A.11.6.2

A.11.7

A.11.7.1

A.11.7.2

A.12

A.12.1

A.12.1.1

A.10.10.1 A.10.10.2 A.10.10.3 A.10.10.4 A.10.10.5 A.10.10.6 A.11 A.11.1 A.11.1.1 A.11.2



A.12.2

A.12.2.1

A.15.1.4

A.12.2.4

A.12.3

A.12.4

A.12.5

A.12.6

A.12.2.2

A.12.3.1 A.12.3.2 A.12.4.1 A.12.4.2 A.12.4.3 A.12.5.1 A.12.5.2 A.12.5.3 A.12.5.4 A.12.5.5 A.12.6.1 A.13 A.13.1 A.13.1.1 A.13.1.2 A.13.2 A.13.2.1 A.13.2.2 A.13.2.3 A.14 A.14.1 A.14.1.1 A.14.1.2 A.14.1.3 A.14.1.4

A.14.1.5 A.15 A.15.1 A.15.1.1 A.15.1.2 A.15.1.3 A.15.1.4 A.15.1.5 A.15.1.6



A.15.2 A.15.2.1 A.15.2.2 A.15.3 A.15.3.1 A.15.3.2



Security policy

Information security policy

Information security policy document

Review of the information security policy

Organization of information security

Internal Organization

Management commitment to information security

Information security coordination

Allocation of information security responsibilities

Authorization process for information processing facilities

Confidentiality agreements

Contact with authorities

Contact with special interest groups

Independent review of information security

External Parties

Identification of risks related to external parties

Addressing security when dealing with customers

Addressing security in third party agreements

Asset Management

Responsibility of Assets

Inventory of assets

Ownership of assets

Acceptable use of assets

Information Classification

Classification guidelines

Information labeling and handling

Human resource security

Prior to employment

Roles and responsibilities

Screening

Terms and conditions

During employment

Management responsibility

Information systems training education and awareness

Disciplinary Process

Termination or change of employment

Termination responsibilitiesReturn of assets

Removal of assess rights

Physical and environmental security

Secure areas

Physical security perimeter

Physical entry controls

Securing offices, rooms and facilities



Protection against external and environmental threats

Working in secure areas

Public access delivery and loading

Equipment Security

Equipment sitting and protection

support utilities

Cabling securityEquipment maintenance

Equipment in offsite premises

Secure disposal and reuse of equipment

Removal of property

Communication and operations management

Operating Procedure and responsibilities

Documented operating procedure

Change management

Segregation of duties

Separation of development test and operational facilities Third Party service delivery management

Service delivery

Monitoring and review of third party services

Managing Changes to third party services

System planning and Acceptance

Capacity management

System Acceptance

Protection against malicious and mobile code

Controls against malicious code

Controls against mobile code

Back up

Information Back up

Network security management

Network controls

Securing Network Services

Media handling

Management of removable media

Disposal of media

Information handling procedures

Security in system documentation

Exchange of Information

Information exchange Policies Procedures

Exchange agreements

Physical media during transit

Electronic messaging service

Electronic Commerce service

Electronic commerce

Online transactions



Publically available information

Protection against external and environmental threats

Monitoring

Audit logging

Monitoring system use

Protection of log information

Administrator and operator log

Faulty Logging

Clock Synchronization

Access Control

Business Requirement for access Control

Access control policy

User access management

User registration

Privileged management

Password management

Review of access rights

User responsibilities

Password use

Unattended user equipment

Clear desk and clear screen policy

Network access control

Policy on use of network controls

User authentication for external connections

Equipment identification in networks

Remote diagnostic and configuration port protection

Segregation in networksNetwork connection control

Network routing control

Operating system access control

Secure log on procedure

User identification and authentication

Password management system

Use of system utilities

Session time out

Limitation of connection time

Application and information access controlInformation Access restriction

Sensitive system isolation

Mobile computing and teleworking

Mobile computing and communication

Teleworking

Information System Acquisition, Development and Maintenance

Security requirements

Security requirements analysis and specification



Correct processing in application

Input Data Validation

Control of internal processing

Data Protection and Privacy of personal information

Output data validation

Cryptographic controls

Policy on use of cryptographic controlsKey management

Security of system files

Control of operational Software

Protection of system test

Access control to program source code

Security in development and support process

Change Control Procedure

Technical Review of application after operating System changes

Restrictions on changes to software Packages

Information Leakage

Outsourced software development

Technical vulnerability management

Control of technical vulnerability

Information security Incident management

Reporting Information security events and weakness

Reporting Information security events

Reporting information security weakness

Management of information security incidents and improvements

Responsibilities and procedures

Learning from information security incidents

Collection of evidence

Business continuity management

Information security aspects of business continuity management

Including information security in the BCM Process

Business continuity and risk assessment

Developing and implementing continuity plan including information securit

BCP Framework

Testing maintaining and reassessing of BCP

Compliance

Compliance with legal requirements

Identification of Applicable legislations

Intellectual property rights (IPR)

Protection of organizational records

Data Protection and Privacy of personal information

Prevention and misuse of information processing facilities

Regulation of cryptographic controls



compliance with security policy and standards and technical compliance

Compliance with security Policy and standards

Technical compliance checking

Information system audit considerations

Information system audit controls

Protection of information systems audit tools



insert into game_gallery (comp_proc_desc) values ('Game.gif Security policy');

insert into master_comp_proc (comp_proc_desc) values ('Game.gif Information security policy

insert into master_comp_proc (comp_proc_desc) values ('Game.gif Information security policy

insert into master_comp_proc (comp_proc_desc) values ('Game.gif Review of the information s

insert into master_comp_proc (comp_proc_desc) values ('Game.gif Organization of information

insert into master_comp_proc (comp_proc_desc) values ('Game.gif Internal Organization');

insert into master_comp_proc (comp_proc_desc) values ('Game.gif Management commitment t

insert into master_comp_proc (comp_proc_desc) values ('Game.gif Information security coordin

insert into master_comp_proc (comp_proc_desc) values ('Game.gif Allocation of information se

insert into master_comp_proc (comp_proc_desc) values ('Game.gif Authorization process for in

insert into master_comp_proc (comp_proc_desc) values ('Game.gif Confidentiality agreements

insert into master_comp_proc (comp_proc_desc) values ('Game.gif Contact with authorities');

insert into master_comp_proc (comp_proc_desc) values ('Game.gif Contact with special interes

insert into master_comp_proc (comp_proc_desc) values ('Game.gif Independent review of infor

insert into master_comp_proc (comp_proc_desc) values ('Game.gif External Parties');

insert into master_comp_proc (comp_proc_desc) values ('Game.gif Identification of risks relate

insert into master_comp_proc (comp_proc_desc) values ('A.6.2.2 Addressing security when dea

insert into master_comp_proc (comp_proc_desc) values ('A.6.2.3 Addressing security in third p

insert into master_comp_proc (comp_proc_desc) values ('A.7 Asset Management');

insert into master_comp_proc (comp_proc_desc) values ('A.7.1 Responsibility of Assets');

insert into master_comp_proc (comp_proc_desc) values ('A.7.1.1 Inventory of assets');

insert into master_comp_proc (comp_proc_desc) values ('A.7.1.2 Ownership of assets');

insert into master_comp_proc (comp_proc_desc) values ('A.7.1.3 Acceptable use of assets');

insert into master_comp_proc (comp_proc_desc) values ('A.7.2 Information Classification');

insert into master_comp_proc (comp_proc_desc) values ('A.7.2.1 Classification guidelines');

insert into master_comp_proc (comp_proc_desc) values ('A.7.2.2 Information labeling and hand

insert into master_comp_proc (comp_proc_desc) values ('A.8 Human resource security');insert into master_comp_proc (comp_proc_desc) values ('A.8.1 Prior to employment');

insert into master_comp_proc (comp_proc_desc) values ('A.8.1.1 Roles and responsibilities');

insert into master_comp_proc (comp_proc_desc) values ('A.8.1.2 Screening');

insert into master_comp_proc (comp_proc_desc) values ('A.8.1.3 Terms and conditions');

insert into master_comp_proc (comp_proc_desc) values ('A.8.2 During employment');

insert into master_comp_proc (comp_proc_desc) values ('A.8.2.1 Management responsibility');

insert into master_comp_proc (comp_proc_desc) values ('A.8.2.2 Information systems training

insert into master_comp_proc (comp_proc_desc) values ('A.8.2.3 Disciplinary Process');

insert into master_comp_proc (comp_proc_desc) values ('A.8.3 Termination or change of emplo

insert into master_comp_proc (comp_proc_desc) values ('A.8.3.1 Termination responsibilities');insert into master_comp_proc (comp_proc_desc) values ('A.8.3.2 Return of assets');

insert into master_comp_proc (comp_proc_desc) values ('A.8.3.3 Removal of assess rights');

insert into master_comp_proc (comp_proc_desc) values ('A.9 Physical and environmental secu

insert into master_comp_proc (comp_proc_desc) values ('A.9.1 Secure areas');

insert into master_comp_proc (comp_proc_desc) values ('A.9.1.1 Physical security perimeter');

insert into master_comp_proc (comp_proc_desc) values ('A.9.1.2 Physical entry controls');

insert into master_comp_proc (comp_proc_desc) values ('A.9.1.3 Securing offices, rooms and fa



insert into master_comp_proc (comp_proc_desc) values ('A.9.1.4 Protection against external an

insert into master_comp_proc (comp_proc_desc) values ('A.9.1.5 Working in secure areas');

insert into master_comp_proc (comp_proc_desc) values ('A.9.1.6 Public access delivery and loa

insert into master_comp_proc (comp_proc_desc) values ('A.9.2 Equipment Security');

insert into master_comp_proc (comp_proc_desc) values ('A.9.2.1 Equipment sitting and protect

insert into master_comp_proc (comp_proc_desc) values ('A.9.2.2 support utilities');

insert into master_comp_proc (comp_proc_desc) values ('A.9.2.3 Cabling security');insert into master_comp_proc (comp_proc_desc) values ('A.9.2.4 Equipment maintenance');

insert into master_comp_proc (comp_proc_desc) values ('A.9.2.5 Equipment in offsite premises

insert into master_comp_proc (comp_proc_desc) values ('A.9.2.6 Secure disposal and reuse of

insert into master_comp_proc (comp_proc_desc) values ('A.9.2.7 Removal of property');

insert into master_comp_proc (comp_proc_desc) values ('A.10 Communication and operations

insert into master_comp_proc (comp_proc_desc) values ('A.10.1 Operating Procedure and resp

insert into master_comp_proc (comp_proc_desc) values ('A.10.1.1 Documented operating proc

insert into master_comp_proc (comp_proc_desc) values ('A.10.1.2 Change management');

insert into master_comp_proc (comp_proc_desc) values ('A.10.1.3 Segregation of duties');

insert into master_comp_proc (comp_proc_desc) values ('A.10.1.4 Separation of development tinsert into master_comp_proc (comp_proc_desc) values ('A.10.2 Third Party service delivery m

insert into master_comp_proc (comp_proc_desc) values ('A.10.2.1 Service delivery');

insert into master_comp_proc (comp_proc_desc) values ('A.10.2.2 Monitoring and review of thi

insert into master_comp_proc (comp_proc_desc) values ('A.10.2.3 Managing Changes to third p

insert into master_comp_proc (comp_proc_desc) values ('A.10.3 System planning and Accepta

insert into master_comp_proc (comp_proc_desc) values ('A.10.3.1 Capacity management');

insert into master_comp_proc (comp_proc_desc) values ('A.10.3.2 System Acceptance');

insert into master_comp_proc (comp_proc_desc) values ('A.10.4 Protection against malicious a

insert into master_comp_proc (comp_proc_desc) values ('A.10.4.1 Controls against malicious c

insert into master_comp_proc (comp_proc_desc) values ('A.10.4.2 Controls against mobile code

insert into master_comp_proc (comp_proc_desc) values ('A.10.5 Back up');

insert into master_comp_proc (comp_proc_desc) values ('A.10.5.1 Information Back up');

insert into master_comp_proc (comp_proc_desc) values ('A.10.6 Network security managemen

insert into master_comp_proc (comp_proc_desc) values ('A.10.6.1 Network controls');

insert into master_comp_proc (comp_proc_desc) values ('A.10.6.2 Securing Network Services')

insert into master_comp_proc (comp_proc_desc) values ('A.10.7 Media handling');

insert into master_comp_proc (comp_proc_desc) values ('A.10.7.1 Management of removable m

insert into master_comp_proc (comp_proc_desc) values ('A.10.7.2 Disposal of media');

insert into master_comp_proc (comp_proc_desc) values ('A.10.7.3 Information handling proced

insert into master_comp_proc (comp_proc_desc) values ('A.10.7.4 Security in system documen

insert into master_comp_proc (comp_proc_desc) values ('A.10.8 Exchange of Information');insert into master_comp_proc (comp_proc_desc) values ('A.10.8.1 Information exchange Policie

insert into master_comp_proc (comp_proc_desc) values ('A.10.8.2 Exchange agreements');

insert into master_comp_proc (comp_proc_desc) values ('A.10.8.3 Physical media during trans

insert into master_comp_proc (comp_proc_desc) values ('A.10.8.4 Electronic messaging service

insert into master_comp_proc (comp_proc_desc) values ('A.10.9 Electronic Commerce service')

insert into master_comp_proc (comp_proc_desc) values ('A.10.9.1 Electronic commerce');

insert into master_comp_proc (comp_proc_desc) values ('A.10.9.2 Online transactions');



insert into master_comp_proc (comp_proc_desc) values ('A.10.9.3 Publically available informat

insert into master_comp_proc (comp_proc_desc) values ('A.10.9.4 Protection against external a

insert into master_comp_proc (comp_proc_desc) values ('A.10.10 Monitoring');

insert into master_comp_proc (comp_proc_desc) values ('A.10.10.1 Audit logging');

insert into master_comp_proc (comp_proc_desc) values ('A.10.10.2 Monitoring system use');

insert into master_comp_proc (comp_proc_desc) values ('A.10.10.3 Protection of log informati

insert into master_comp_proc (comp_proc_desc) values ('A.10.10.4 Administrator and operatoinsert into master_comp_proc (comp_proc_desc) values ('A.10.10.5 Faulty Logging');

insert into master_comp_proc (comp_proc_desc) values ('A.10.10.6 Clock Synchronization');

insert into master_comp_proc (comp_proc_desc) values ('A.11 Access Control');

insert into master_comp_proc (comp_proc_desc) values ('A.11.1 Business Requirement for acc

insert into master_comp_proc (comp_proc_desc) values ('A.11.1.1 Access control policy');

insert into master_comp_proc (comp_proc_desc) values ('A.11.2 User access management');

insert into master_comp_proc (comp_proc_desc) values ('A.11.2.1 User registration');

insert into master_comp_proc (comp_proc_desc) values ('A.11.2.2 Privileged management');

insert into master_comp_proc (comp_proc_desc) values ('A.11.2.3 Password management');

insert into master_comp_proc (comp_proc_desc) values ('A.11.2.4 Review of access rights');insert into master_comp_proc (comp_proc_desc) values ('A.11.3 User responsibilities');

insert into master_comp_proc (comp_proc_desc) values ('A.11.3.1 Password use');

insert into master_comp_proc (comp_proc_desc) values ('A.11.3.2 Unattended user equipment

insert into master_comp_proc (comp_proc_desc) values ('A.11.3.3 Clear desk and clear screen

insert into master_comp_proc (comp_proc_desc) values ('A.11.4 Network access control');

insert into master_comp_proc (comp_proc_desc) values ('A.11.4.1 Policy on use of network con

insert into master_comp_proc (comp_proc_desc) values ('A.11.4.2 User authentication for exte

insert into master_comp_proc (comp_proc_desc) values ('A.11.4.3 Equipment identification in n

insert into master_comp_proc (comp_proc_desc) values ('A.11.4.4 Remote diagnostic and conf

insert into master_comp_proc (comp_proc_desc) values ('A.11.4.5 Segregation in networks');insert into master_comp_proc (comp_proc_desc) values ('A.11.4.6 Network connection control'

insert into master_comp_proc (comp_proc_desc) values ('A.11.4.7 Network routing control');

insert into master_comp_proc (comp_proc_desc) values ('A.11.5 Operating system access cont

insert into master_comp_proc (comp_proc_desc) values ('A.11.5.1 Secure log on procedure');

insert into master_comp_proc (comp_proc_desc) values ('A.11.5.2 User identification and authe

insert into master_comp_proc (comp_proc_desc) values ('A.11.5.3 Password management syst

insert into master_comp_proc (comp_proc_desc) values ('A.11.5.4 Use of system utilities');

insert into master_comp_proc (comp_proc_desc) values ('A.11.5.5 Session time out');

insert into master_comp_proc (comp_proc_desc) values ('A.11.5.6 Limitation of connection tim

insert into master_comp_proc (comp_proc_desc) values ('A.11.6 Application and information acinsert into master_comp_proc (comp_proc_desc) values ('A.11.6.1 Information Access restrictio

insert into master_comp_proc (comp_proc_desc) values ('A.11.6.2 Sensitive system isolation');

insert into master_comp_proc (comp_proc_desc) values ('A.11.7 Mobile computing and telewor

insert into master_comp_proc (comp_proc_desc) values ('A.11.7.1 Mobile computing and comm

insert into master_comp_proc (comp_proc_desc) values ('A.11.7.2 Teleworking');

insert into master_comp_proc (comp_proc_desc) values ('A.12 Information System Acquisition

insert into master_comp_proc (comp_proc_desc) values ('A.12.1 Security requirements');

insert into master_comp_proc (comp_proc_desc) values ('A.12.1.1 Security requirements analy



insert into master_comp_proc (comp_proc_desc) values ('A.12.2 Correct processing in applicat

insert into master_comp_proc (comp_proc_desc) values ('A.12.2.1 Input Data Validation');

insert into master_comp_proc (comp_proc_desc) values ('A.12.2.2 Control of internal processin

insert into master_comp_proc (comp_proc_desc) values ('A.15.1.4 Data Protection and Privacy

insert into master_comp_proc (comp_proc_desc) values ('A.12.2.4 Output data validation');

insert into master_comp_proc (comp_proc_desc) values ('A.12.3 Cryptographic controls');

insert into master_comp_proc (comp_proc_desc) values ('A.12.3.1 Policy on use of cryptograpinsert into master_comp_proc (comp_proc_desc) values ('A.12.3.2 Key management');

insert into master_comp_proc (comp_proc_desc) values ('A.12.4 Security of system files');

insert into master_comp_proc (comp_proc_desc) values ('A.12.4.1 Control of operational Softw

insert into master_comp_proc (comp_proc_desc) values ('A.12.4.2 Protection of system test');

insert into master_comp_proc (comp_proc_desc) values ('A.12.4.3 Access control to program s

insert into master_comp_proc (comp_proc_desc) values ('A.12.5 Security in development and

insert into master_comp_proc (comp_proc_desc) values ('A.12.5.1 Change Control Procedure')

insert into master_comp_proc (comp_proc_desc) values ('A.12.5.2 Technical Review of applica

insert into master_comp_proc (comp_proc_desc) values ('A.12.5.3 Restrictions on changes to

insert into master_comp_proc (comp_proc_desc) values ('A.12.5.4 Information Leakage');insert into master_comp_proc (comp_proc_desc) values ('A.12.5.5 Outsourced software develo

insert into master_comp_proc (comp_proc_desc) values ('A.12.6 Technical vulnerability manag

insert into master_comp_proc (comp_proc_desc) values ('A.12.6.1 Control of technical vulnera

insert into master_comp_proc (comp_proc_desc) values ('A.13 Information security Incident m

insert into master_comp_proc (comp_proc_desc) values ('A.13.1 Reporting Information securit

insert into master_comp_proc (comp_proc_desc) values ('A.13.1.1 Reporting Information secu

insert into master_comp_proc (comp_proc_desc) values ('A.13.1.2 Reporting information secu

insert into master_comp_proc (comp_proc_desc) values ('A.13.2 Management of information s

insert into master_comp_proc (comp_proc_desc) values ('A.13.2.1 Responsibilities and proced

insert into master_comp_proc (comp_proc_desc) values ('A.13.2.2 Learning from information s

insert into master_comp_proc (comp_proc_desc) values ('A.13.2.3 Collection of evidence');

insert into master_comp_proc (comp_proc_desc) values ('A.14 Business continuity manageme

insert into master_comp_proc (comp_proc_desc) values ('A.14.1 Information security aspects

insert into master_comp_proc (comp_proc_desc) values ('A.14.1.1 Including information secur

insert into master_comp_proc (comp_proc_desc) values ('A.14.1.2 Business continuity and risk

insert into master_comp_proc (comp_proc_desc) values ('A.14.1.3 Developing and implement

insert into master_comp_proc (comp_proc_desc) values ('A.14.1.4 BCP Framework');

insert into master_comp_proc (comp_proc_desc) values ('A.14.1.5 Testing maintaining and rea

insert into master_comp_proc (comp_proc_desc) values ('A.15 Compliance');

insert into master_comp_proc (comp_proc_desc) values ('A.15.1 Compliance with legal require

insert into master_comp_proc (comp_proc_desc) values ('A.15.1.1 Identification of Applicable

insert into master_comp_proc (comp_proc_desc) values ('A.15.1.2 Intellectual property rights

insert into master_comp_proc (comp_proc_desc) values ('A.15.1.3 Protection of organizational

insert into master_comp_proc (comp_proc_desc) values ('A.15.1.4 Data Protection and Privacy

insert into master_comp_proc (comp_proc_desc) values ('A.15.1.5 Prevention and misuse of in

insert into master_comp_proc (comp_proc_desc) values ('A.15.1.6 Regulation of cryptographic



insert into master_comp_proc (comp_proc_desc) values ('A.15.2 compliance with security poli

insert into master_comp_proc (comp_proc_desc) values ('A.15.2.1 Compliance with security Po

insert into master_comp_proc (comp_proc_desc) values ('A.15.2.2 Technical compliance check

insert into master_comp_proc (comp_proc_desc) values ('A.15.3 Information system audit con

insert into master_comp_proc (comp_proc_desc) values ('A.15.3.1 Information system audit co

insert into master_comp_proc (comp_proc_desc) values ('A.15.3.2 Protection of information sy









;





Normal

Abnormal

Emergency

Legal requirement

Interested party concern



insert into master_comp_proc (comp_proc_desc) values ('Normal');

insert into master_comp_proc (comp_proc_desc) values ('Abnormal');

insert into master_comp_proc (comp_proc_desc) values ('Emergency');

insert into master_comp_proc (comp_proc_desc) values ('Legal requirement');

insert into master_comp_proc (comp_proc_desc) values ('Interested party concern');

Documents

Query Process