The Access Control System Security Standard specifies the requirements with respect to the “need-to-know / need to have” principle, segregation of duties, user account management, access management, logging and access specific system configuration requirements. The mandatory controls in this standard aim to protect corporate information assets through: the prevention of errors and opportunities for fraud and system abuse, keeping track of significant security events, and ensuring the provision of secure access controls over Company managed information.
CONTENT
1. OVERVIEW
1.1 PROCEDURE OWNER
1.2 CLASSIFICATION
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.5 OBJECTIVES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. ACCESS CONTROL
3.1 PROVISION OF ACCESS
3.2 SEGREGATION OF DUTIES
3.3 AUTHORIZATION OF ACCESS
3.4 USER ACCESS MANAGEMENT
4. EXCEPTIONS
5. FINAL CONSIDERATIONS
5.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
5.2 DOCUMENT REVISION
Pages: 13
This bundle contains all the products listed in the Identity and Access Management section. Take advantage of the 25% OFF when buying the bundle!
The objective of the Information Security Incident Policy is to set up the foundation of security incidents management in order to minimize the damage and malfunctions, and to monitor and learn from such incidents.
The Information Ownership, Classification and Handling Policy sets out the control objectives and minimum standards for the ownership, classification and handling of all forms of information.
Review Access Control System Security Standard.
You must be logged in to post a review.