Best Practices for Security definitions

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Just want to get some best practices on the following plus what is the
source of the answer.
1. What is the review frequency of an IT information systems?
2. Best practice for the maximum limit of invalid login.
3. How long will the limit in no. 2 be defined in the system?
4. How long will the session be inactive before it will be terminated?
5. What are the standard auditable events?
6. What is the common practice if there is an system audit failure or
audit storage capacity being reached?
7. How long should an audit log be retain?
8. How often should personnel be train as a refresher for contigency
9. How often should a contingency plan be tested?
10. How often should a contingency plan be reviewed?
11. What is the generally acceptable up-time of the alternate
processing site if the primary site went down?
12. How about for the telecom services?
13. How often should a complete system back-up be made?
14. How long before an inactive user be inactive in the USERID system
before all access be disabled?
15. How frequent should an incident capability response be tested?
16. How often should an uthorized personnel list be updated?

I can't find any source in the internet for the list above.

Thanks in advance

Re: Best Practices for Security definitions

Quoted text here. Click to load it

I've always tried to avoid doing other people's homework for them.

Seems the point of the exercise is to get to find this information on
your own and cite a source because none of them have universally
accepted answers for all situations and all countries (as some
questions require legal input and are industry dependent as well).  

Quoted text here. Click to load it

Nah, actually the problem is that you can find too many opinions.  

One place to do some looking is NIST, and focus on the documents that
include "security benchmark" in their title

Todd H. /

Re: Best Practices for Security definitions


You are right, i can't seem to find which source should i check. This
is what frustrate my search, that is why i asked the group.

Thanks for your help.

Site Timeline