Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Best Practices for Security definitions
March 18, 2008, 10:25 am
rate this thread
source of the answer.
1. What is the review frequency of an IT information systems?
2. Best practice for the maximum limit of invalid login.
3. How long will the limit in no. 2 be defined in the system?
4. How long will the session be inactive before it will be terminated?
5. What are the standard auditable events?
6. What is the common practice if there is an system audit failure or
audit storage capacity being reached?
7. How long should an audit log be retain?
8. How often should personnel be train as a refresher for contigency
9. How often should a contingency plan be tested?
10. How often should a contingency plan be reviewed?
11. What is the generally acceptable up-time of the alternate
processing site if the primary site went down?
12. How about for the telecom services?
13. How often should a complete system back-up be made?
14. How long before an inactive user be inactive in the USERID system
before all access be disabled?
15. How frequent should an incident capability response be tested?
16. How often should an uthorized personnel list be updated?
I can't find any source in the internet for the list above.
Thanks in advance
Re: Best Practices for Security definitions
I've always tried to avoid doing other people's homework for them.
Seems the point of the exercise is to get to find this information on
your own and cite a source because none of them have universally
accepted answers for all situations and all countries (as some
questions require legal input and are industry dependent as well).
Nah, actually the problem is that you can find too many opinions.
One place to do some looking is NIST, and focus on the documents that
include "security benchmark" in their title
- » CFP: Wireless Applications and Computing 2008 - extension
- — Next thread in » General Computer Security