User Account

All Pages

Review of the policies for information security

Assignment Help Other Subject
Reference no: EM133179830

Governance - Risk - Compliance

Instruction

Complete the attached document only for the following tabs:

Question 1. Under the Statement of Applicability tab

A.5 Security Policy
A5.1 Information security policy
A.5.1.1 Policies for information security A set of policies for information security shall be defined, approved by management, published and communicated to employees and relevant external parties.
A.5.1.2 Review of the policies for information security The policies for information security shall be reviewed at planned intervals or if significant changes occur to ensure their continuing suitability, adequacy and effectiveness

A.6 Organization of information security
A.6.1 Internal Organization To manage information security within the organization.
A.6.1.1 Information security roles and responsibilities All information security responsibilities shall be defined and allocated.
A.6.1.2 Segregation of duties Conflicting duties and areas of responsibility shall be segregated to reduce opportunities for unauthorized or unintentional modification or misuse of the organization's assets.
A.6.1.3 Contact with authorities Appropriate contacts with relevant authorities shall be maintained.
A.6.1.4 Contact with special interest groups Appropriate contacts with special interest groups or other specialist security forums and professional associations shall be maintained.
A.6.1.5 Information security in project management Information security shall be addressed in project management, regardless of the type of the project.
A6.2 Mobile devices and teleworking
A.6.2.1 Mobile device policy A policy and supporting security measures shall be adopted to manage the risks introduced by using mobile devices.
A.6.2.2 Teleworking A policy and supporting security measures shall be implemented to protect information accessed, processed or stored at teleworking sites.

2. All of Section 9 tab - Info Sec PolicySecurity Policy [ISP]

"Please provide your response and any requested evidence for each question within the domain. All questions and fields marked with a * are mandatory.
o All questions need to be answered by selecting an appropriate response (Yes, Partial, No, Not Applicable)
o In case a question is not relevant to the service(s) being provided to KP, select ‘Not Applicable' and provide the explanation / reason in the Comment section
o In case a question is partially addressed or is partially relevant to the service(s) being provided to KP, select ‘Partial' and provide the explanation/components partially addressed in the Comment section
o For Yes/No responses, feel free to provide clarifying information where deemed appropriate or ""None"" in the Comments section
o All requested attachments (evidence) can be attached by selecting the Attachment icon (Note: .exe and .dll files are restricted)" "Please provide your response and any requested evidence for each question within the domain. All questions and fields marked with a * are mandatory.
o All questions need to be answered by selecting an appropriate response (Yes, Partial, No, Not Applicable)
o In case a question is not relevant to the service(s) being provided to KP, select ‘Not Applicable' and provide the explanation / reason in the Comment section
o In case a question is partially addressed or is partially relevant to the service(s) being provided to KP, select ‘Partial' and provide the explanation/components partially addressed in the Comment section
o For Yes/No responses, feel free to provide clarifying information where deemed appropriate or ""None"" in the Comments section
o All requested attachments (evidence) can be attached by selecting the Attachment icon (Note: .exe and .dll files are restricted)" "Please provide your response and any requested evidence for each question within the domain. All questions and fields marked with a * are mandatory.
o All questions need to be answered by selecting an appropriate response (Yes, Partial, No, Not Applicable)
o In case a question is not relevant to the service(s) being provided to KP, select ‘Not Applicable' and provide the explanation / reason in the Comment section
o In case a question is partially addressed or is partially relevant to the service(s) being provided to KP, select ‘Partial' and provide the explanation/components partially addressed in the Comment section
o For Yes/No responses, feel free to provide clarifying information where deemed appropriate or ""None"" in the Comments section
o All requested attachments (evidence) can be attached by selecting the Attachment icon (Note: .exe and .dll files are restricted)" "Please provide your response and any requested evidence for each question within the domain. All questions and fields marked with a * are mandatory.
o All questions need to be answered by selecting an appropriate response (Yes, Partial, No, Not Applicable)
o In case a question is not relevant to the service(s) being provided to KP, select ‘Not Applicable' and provide the explanation / reason in the Comment section
o In case a question is partially addressed or is partially relevant to the service(s) being provided to KP, select ‘Partial' and provide the explanation/components partially addressed in the Comment section
o For Yes/No responses, feel free to provide clarifying information where deemed appropriate or ""None"" in the Comments section
o All requested attachments (evidence) can be attached by selecting the Attachment icon (Note: .exe and .dll files are restricted)"

Question
"[ISP 1.01] Does the Information Security Policy address the following:
- Access control
- Asset Management
- Business Continuity Management
- Communications and Operations Management
- Compliance
- Human Resource Security
- Information Security Incident Management
- Information Systems Acquisition, Development, and Maintenance
- Physical and Environmental Security"
[ISP 1.02] Do you maintain an information security policy that is , approved by top management, communicated to all vendor resources, and reviewed at least annually?
[ISP 1.03] Do data classification requirements define rules for managing, handling, and labeling of data for each data class?
[ISP 1.04] Is there a documented, approved, and communicated formal disciplinary or sanction policy?

3. All of Section 10 tab - Organization of Information Security

Organization of Information Security [OIS]
"Please provide your response and any requested evidence for each question within the domain. All questions and fields marked with a * are mandatory.
o All questions need to be answered by selecting an appropriate response (Yes, Partial, No, Not Applicable)
o In case a question is not relevant to the service(s) being provided to KP, select ‘Not Applicable' and provide the explanation / reason in the Comment section
o In case a question is partially addressed or is partially relevant to the service(s) being provided to KP, select ‘Partial' and provide the explanation/components partially addressed in the Comment section
o For Yes/No responses, feel free to provide clarifying information where deemed appropriate or ""None"" in the Comments section
o All requested attachments (evidence) can be attached by selecting the Attachment icon (Note: .exe and .dll files are restricted)" "Please provide your response and any requested evidence for each question within the domain. All questions and fields marked with a * are mandatory.
o All questions need to be answered by selecting an appropriate response (Yes, Partial, No, Not Applicable)
o In case a question is not relevant to the service(s) being provided to KP, select ‘Not Applicable' and provide the explanation / reason in the Comment section
o In case a question is partially addressed or is partially relevant to the service(s) being provided to KP, select ‘Partial' and provide the explanation/components partially addressed in the Comment section
o For Yes/No responses, feel free to provide clarifying information where deemed appropriate or ""None"" in the Comments section
o All requested attachments (evidence) can be attached by selecting the Attachment icon (Note: .exe and .dll files are restricted)" "Please provide your response and any requested evidence for each question within the domain. All questions and fields marked with a * are mandatory.
o All questions need to be answered by selecting an appropriate response (Yes, Partial, No, Not Applicable)
o In case a question is not relevant to the service(s) being provided to KP, select ‘Not Applicable' and provide the explanation / reason in the Comment section
o In case a question is partially addressed or is partially relevant to the service(s) being provided to KP, select ‘Partial' and provide the explanation/components partially addressed in the Comment section
o For Yes/No responses, feel free to provide clarifying information where deemed appropriate or ""None"" in the Comments section
o All requested attachments (evidence) can be attached by selecting the Attachment icon (Note: .exe and .dll files are restricted)" "Please provide your response and any requested evidence for each question within the domain. All questions and fields marked with a * are mandatory.
o All questions need to be answered by selecting an appropriate response (Yes, Partial, No, Not Applicable)
o In case a question is not relevant to the service(s) being provided to KP, select ‘Not Applicable' and provide the explanation / reason in the Comment section
o In case a question is partially addressed or is partially relevant to the service(s) being provided to KP, select ‘Partial' and provide the explanation/components partially addressed in the Comment section
o For Yes/No responses, feel free to provide clarifying information where deemed appropriate or ""None"" in the Comments section
o All requested attachments (evidence) can be attached by selecting the Attachment icon (Note: .exe and .dll files are restricted)"

Question
[OIS 1.01] Is there an independent Information Security Organization with defined and documented roles and is upper management represented in the Information Security Organization?
[OIS 1.02] Are processes in place to ensure that risks are identified and managed appropriately?
[OIS 1.03] Is there a formal risk assessment performed at least annually or upon significant changes to the environment?
[OIS 1.04] Are processes in place to address and remediate issues identified during a risk assessment?
[OIS 1.05] Is a risk register maintained in which identified risks are recorded (including owner and remediation plan)?
[OIS 2.01] Are subcontractors subject to same requirements regarding workforce security (i.e., background check, security awareness training, and signing of NDA) as FTE's?
[OIS 2.02] Do agreements with third parties include requirements regarding the information security and compliance framework of the third party?

Attachment:- Audit_and_Assessment.rar

Reference no: EM133179830

Questions Cloud

What is the maximum you would be willing to pay : The firm's most recent dividend is $3.25 and the required rate of return is 9%. What is the maximum you would be willing to pay for a share of the stock
Key performance indicators : Given this reality, assume you are the newly appointed HR Director of a large organization, and there is an assumption, that employees do not have the competenc
Some of advantages and disadvantages of home ownership : Roy talks about some of the advantages and disadvantages of home ownership. When would renting be a better option for an individual?
Performing change investigation : The exercises the board bookkeepers give comprehensive of anticipating and arranging, performing change investigation, surveying and observing costs innate in t
Review of the policies for information security : Review of the policies for information security The policies for information security shall be reviewed at planned intervals or if significant changes occur
Identify the service measurement unit in a municipal service : You are required to compile and interpret a unit cost statement and apply the results in a decision-making process. Identify the service measurement unit
Calculate the required return : This year PHOTO Bhd. announced a dividend of RM2.00 per share. Calculate the required return
Identify the key environmental influences : Identify and discuss the key environmental influences from the following model that have significance for employee recruitment.
Identity metrics for the organizational goals : For each organizational goal, identify at least two metrics that would provide you with evaluation information, including at least one leading and one lagging i

Reviews

Write a Review

Other Subject Questions & Answers

  Cross-cultural opportunities and conflicts in canada

Short Paper on Cross-cultural Opportunities and Conflicts in Canada.

  Sociology theory questions

Sociology are very fundamental in nature. Role strain and role constraint speak about the duties and responsibilities of the roles of people in society or in a group. A short theory about Darwin and Moths is also answered.

  A book review on unfaithful angels

This review will help the reader understand the social work profession through different concepts giving the glimpse of why the social work profession might have drifted away from its original purpose of serving the poor.

  Disorder paper: schizophrenia

Schizophrenia does not really have just one single cause. It is a possibility that this disorder could be inherited but not all doctors are sure.

  Individual assignment: two models handout and rubric

Individual Assignment : Two Models Handout and Rubric,    This paper will allow you to understand and evaluate two vastly different organizational models and to effectively communicate their differences.

  Developing strategic intent for toyota

The following report includes the description about the organization, its strategies, industry analysis in which it operates and its position in the industry.

  Gasoline powered passenger vehicles

In this study, we examine how gasoline price volatility and income of the consumers impacts consumer's demand for gasoline.

  An aspect of poverty in canada

Economics thesis undergrad 4th year paper to write. it should be about 22 pages in length, literature review, economic analysis and then data or cost benefit analysis.

  Ngn customer satisfaction qos indicator for 3g services

The paper aims to highlight the global trends in countries and regions where 3G has already been introduced and propose an implementation plan to the telecom operators of developing countries.

  Prepare a power point presentation

Prepare the power point presentation for the case: Santa Fe Independent School District

  Information literacy is important in this environment

Information literacy is critically important in this contemporary environment

  Associative property of multiplication

Write a definition for associative property of multiplication.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd