Personnel management
policies describe how people are expected to behave Software Development Companies. For each intended audience
(management, system administrators, general employees, and so on), the policy addresses
specific behaviours that are expected by management with respect to computer technologies and how they are used.
Application
Monitoring: All servers containing
applications designated for monitoring must be constantly monitored during the
hours the application operates. At least the following activities must be
monitored:
• Application
up/down status
• Resource usage
• Non-standard behaviour of application
• Addition or change
of the version, or application of software patches
• Any other relevant
application information
Desktop
System Administration: No user of a workstation or desktop system may be the
system administrator for their own system. The root or Administrator password
may not be made available to the user.
Intrusion-Detection
Monitoring: All critical servers must be constantly monitored at all
times for intrusion detection. This monitoring must cover at least the
following categories:
• Port scans and attempts to discover active services
• Nonstandard application connections
• Nonstandard application behavior
• Multiple applications
• Sequential activation of multiple applications
• Multiple failed system login attempts
• Any other relevant intrusion-detection information
Firewall
Monitoring: All firewalls must be constantly monitored, 24×7×365, by
trained security analysts. This monitoring must include at least the following
activities:
• Penetration
detection (on the firewall)
• Attack detection
(through the firewall)
• Denial of service
detection
• Virus detection
• Attack prediction
• Intrusion response
System
Administrator Authorization: System administration staff may
examine user files, data, and e-mail when required to troubleshoot or solve
problems. No private data may be disclosed to any other parties, and if any
private passwords are thus identified, this must be disclosed to the account
owner so they can be changed immediately.
Network
Security Monitoring: All internal and external networks must be constantly
monitored, 24×7×365, by trained security analysts. This monitoring must detect
at least the following activities:
• Unauthorized
access attempts on firewalls, systems, and network devices
• Port scanning
• System intrusion
originating from a protected system behind a firewall
• System intrusion
originating from outside the firewall
• Network intrusion
• Unauthorized modem
dial-in usage
• Unauthorized modem
dial-out usage
• Denial of services
• Correlation
between events on the internal network and the Internet
• Any other relevant
security events
System
Administrator Authentication: Two-factor token or biometric
authentication is required for all system administrator account access to
critical servers in Software Development Companies.
System
Administrator Disk-Space Usage Monitoring: System administration staff may
examine user files, data, and e-mail when required to identify disk-space usage
for the purposes of disk usage control and storage capacity enhancement and
planning.
System
Administrator Account Monitoring: All system administration accounts on
critical servers must be constantly monitored at all times. At least the
following categories of activities must be monitored:
• System administrator
account login and logout
• Duration of login
session
• Commands executed
during login session
• Multiple simultaneous login
sessions
• Multiple sequential
login sessions
• Any other relevant
account information
System
Administrator Appropriate Use Monitoring: System administration staff may
examine user files, data, and e-mail when required to investigate appropriate use.
Remote
Virus-Signature Management: All virus software must be set up to support secure remote
virus-signature updates, either automatically or manually, to expedite the
process of signature file updating and to ensure that the latest signature
files are installed on all systems.
Remote
Server Security Management: All critical servers must be set up to support secure
remote management from a location different from where the server resides. Log
files and other monitored data must be sent to a secure remote system that has
been hardened against attack, to reduce the probability of log file tampering.
System
Administrator Account Login: System administration staff must use
accounts that are traceable to a single individual. Access to privileged system
commands must be provided as follows:
• On Unix systems
Initial login must be from a standard user account, and root access must be
gained
• On Windows systems
System administration must be done from a standard user account that has been
set up with Administrator privileges.
Direct login to the root
or Administrator account is prohibited.
Remote
Network Security Monitoring: All network devices must be set up to
support security management from a location different from where the network
equipment resides. Log files and other monitored data must be sent to a secure
remote system that has been hardened against attack, to reduce the probability
of log file tampering.
Remote Firewall Management: All firewalls must be
set up to support secure remote management from a location different from where
the firewall resides. Log files and other monitored data must be sent to a
secure remote system that has been hardened against attack, to reduce the
probability of log file tampering in Software Development Companies.
Really awesome blog. Your blog is really useful for me. Thanks for sharing this informative blog. Keep update your blog.
ReplyDeleteISO 27001 Certification
The information on this blog is very useful and very interesting. Thank You.
ReplyDeleteISO 27001 in iraq