202 Managing Network Vulnerability Assessment
10.5.5 Outsourced Software
Development
When software development is outsourced, have details been arranged to protect
the project from intellectual property to pre-installation testing?
Y ___ N ___
Score (number of questions answered Yes):
11 Business Continuity Management
11.1 Aspects of Business
Continuity Planning
Business continuity plans should be available to counteract interruptions to
business activities.
11.1.1 Business Continuity
Management Process
Is there a managed process for developing/maintaining business continuity plans
across the organization?
Y ___ N ___
11.1.2 Business Continuity and
Impact Analysis
Has a strategy been developed to determine the overall approach to business
continuity, and endorsed by management?
Y ___ N ___
11.1.3 Writing and Implementing
Continuity Plans
Has the business continuity planning process encompassed identification and
agreement of all responsibilities and emergency procedures?
Y ___ N ___
11.1.4 Business Continuity Planning
Framework
Is a single business continuity plan framework maintained to ensure that all levels
of the plan are consistent?
Y ___ N ___
11.1.5 Testing, Maintaining, and
Reassessing Business
Continuity Plans
Are business continuity plans tested regularly to ensure that they are current and
effective?
Y ___ N ___
Score (number of questions answered Yes):
12 Compliance
12.1 Compliance with Legal
Requirements
All relevant requirements for each IT system should be identified and
documented.
12.1.1 Identification of Applicable
Legislation
Are all relevant statutory, regulatory, and contractual requirements specifi
cally
defined and documented for each information system?
Y ___ N ___
ISO 17799 Self-Assessment Checklist 203
12.1.2 Intellectual Property Rights Is there compliance with legal restrictions on the use of copyright material,
ensuring that only software developed by the organization, or licensed or
provided by the developer to the organization, is used?
Y ___ N ___
12.1.3 Safeguarding of
Organizational Records
Are important organizational records securely maintained to meet statutor
y
requirements, as well as to support essential business activities?
Y ___ N ___
12.1.4 Data Protection and Privacy of
Personal Information
Do applications that process personal data on individuals comply with applicable
data protection legislation?
Y ___ N ___
12.1.5 Prevention of Misuse of
Information Processing
Facilities
Are IT facilities to be used only for business purposes?
Y ___ N ___
12.1.6 Regulation of Cryptographic
Controls
Has legal advice been sought on the organization’s compliance with national and
international laws on cryptographic controls?
Y ___ N ___
12.1.7 Collection of Evidence When an action against a person involves the law, have the rules for evidence
been followed for admissibility, quality, and completeness?
Y ___ N ___
12.2 Reviews of Security Policy
and Technical Compliance
To ensure compliance of IT systems with organizational security policies and
standards, compliance reviews should be conducted regularly.
12.2.1 Compliance with Security
Policy
Are all areas within the organization considered for regular review to ensure
compliance with security policies and standards?
Y ___ N ___
12.2.2 Technical Compliance
Checking
Are IT facilities regularly checked for compliance with security implementation
standards?
Y ___ N ___
12.3 System Audit Considerations There should be controls over operational systems and audit tools during system
audits to minimize interference to and from the system audit process, and to
protect the integrity and prevent the misuse of audit tools.
204 Managing Network Vulnerability Assessment
12.3.1 System Audit Controls Are audits and activities involving checks on operational systems carefully
planned and arranged?
Y ___ N ___
12.3.2 Protection of System Audit
Tools
Is access to system audit tools controlled?
Y ___ N ___
Score (number of questions answered Yes):
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.