Information and the supporting business applications, IT processes, databases and underlying infrastructure are important assets of Company and, like other important assets, must be suitably protected. The availability, integrity and confidentiality of information assets are essential in maintaining our competitive edge, cash flow, profitability, regulatory and legal compliance and respected Company image. Information (Technology) risk is the risk of loss due to inadequate information security, resulting in a loss of information confidentiality and/or integrity and/or availability.
The objective of the Information (Technology) Risk Policy is to provide Company’s approach to managing information (technology) risks and directives for the protection of information assets to all Company organizational units, and those contracted to provide services.
CONTENT
1. OVERVIEW
1.1 PROCEDURE OWNER
1.2 CLASSIFICATION
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.5 OBJECTIVES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. IT RISK ASSESSMENT
3.1 INTEGRATED RISK ASSESSMENT
3.2 INFORMATION RISK ASSESSMENT
3.3 CAPABILITIES REQUIRED FOR PERFORMING IT RISK ASSESSMENTS
4. INFORMATION RISK REDUCTION
4.1 FOUNDATION CONTROLS
4.2 USER ACCESS
4.3 PLATFORM SECURITY
4.4 IT RESILIENCE
4.5 CHANGE MANAGEMENT
4.6 SECURITY MONITORING
4.7 IT SOURCING
4.8 OTHER RISK AREAS
5. RESPONSIBILITIES FOR INFORMATION RISK MANAGEMENT
5.1 HEADS OF BUSINESS
5.2 INFORMATION ASSET OWNERS
5.3 INFORMATION ASSET CUSTODIAN
5.4 TECHNOLOGY INFRASTRUCTURE SERVICE PROVIDERS
5.5 APPLICATIONS DEVELOPERS
5.6 USERS
5.7 INFORMATION RISK MANAGEMENT FUNCTIONS
5.8 COMPUTER INCIDENT RESPONSE TEAM
5.9 COMMITTEES
5.10 CORPORATE AUDIT SERVICES (CAS)
6. EXCEPTIONS
7. FINAL CONSIDERATIONS
7.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
7.2 DOCUMENT REVISION
Pages: 15
This bundle contains all the products listed in the Risk Management section. Take advantage of the 25% OFF when buying the bundle!
The objective of this standard is to define the configuration to be met by all servers owned or managed by Company that are located outside of the firewalls. The standards are designed to minimize the exposure to Company from damages that may result from malicious activities from both internal and external entities. Internet facing devices located outside the Company firewalls are considered part of the DMZ.
The objective of the Internet Access Policy is to allow the secure and effective use of the Internet. This policy set the standard for appropriate behavior of users when accessing and using the Internet.
Review Technology Risk Policy – Template 2.
You must be logged in to post a review.