ISO 27002 Standard 10.6.1

SIGS No Match    

     BS 25999 Standard No Match

SOX Section 404 No Match

PCI DSS Standard No Match

The make and model of the device to be provided is at discretion of the IT Manager and will depend on purchasing arrangements made corporately for The Fake Chicken Company.  Most users will be able to perform their duties capably using a thin client device, but in situations where it can be proven that this is not the case an exception will be made and a personal computer with full access will be provided.

ISO 27002 Standard 7.1.1

ISO 27002 Standard 9.2.3

ISO 27002 Standard 10.1.1

ISO 27002 Standard 11.4.1

ISO 27002 Standard 12.6.1

SIGS Chapter 3 Information Classification 2 

SIGS Chapter 8 Communications and Systems

    Security Management 24

     BS 25999 Standard 8.5.8

SOX Section 404 No Match

PCI DSS Standard 1.1.2

PCI DSS Standard 12.3.3

The intention of this policy is to give Information Systems technical staff a clear picture of the access points to internal networks and because intruders most often come in over networks, it is essential that all of the external access points are documented....

ISO 27002 Standard 10.7.4

ISO 27002 Standard 11.6.1

 

SIGS Chapter 8 Communications and Systems

    Security Management 47

SIGS Chapter 9 Control of Access to 

    Information 48

     BS 25999 Standard No Match

SOX Section 404 No Match

PCI DSS Standard 12.5.5

This policy is necessary to prevent unauthorised parties from obtaining information about The Fake Chicken Company’s internal network and connected systems.  Attacks will be made significantly more difficult if this information is not readily obtainable....

ISO 27002 Standard 6.2.3

ISO 27002 Standard 11.4.2

     ISO 27002 Standard 11.5.2

ISO 27002 Standard 11.7.1

ISO 27002 Standard 11.7.2

 

SIGS Chapter 9 Control of Access to 

    Information 8

SIGS Chapter 9 Control of Access to 

    Information 12

SIGS Chapter 9 Control of Access to 

    Information 15

SIGS Chapter 9 Control of Access to 

    Information 19

SIGS Chapter 9 Control of Access to 

    Information 32-33

SIGS Chapter 9 Control of Access to 

    Information 56

     BS 25999 Standard No Match

SOX Section 404 No Match

PCI DSS Standard 8.1

PCI DSS Standard 8.3

One of the fastest ways to gain unauthorised system access to systems connected to the Internet is to use the "finger" command.  This command provides information about users which can then be used to guess user IDs and passwords.  Often no login is required to get this UNIX command to work.  Outsiders should not be permitted to have any information about a system until they have properly identified themselves. 

     ISO 27002 Standard 12.3.1

 

SIGS Chapter 9 Control of Access to 

    Information 44-45

     BS 25999 Standard No Match

SOX Section 404 No Match

PCI DSS Standard 2.1.1

PCI DSS Standard 4.1

PCI DSS Standard 4.1.1

Most standard Wireless LAN installations are incorrectly configured and left with default settings which impede any attempt at creating a secure environment.   To create a secure wireless environment, wireless connections must be encrypted using the WPA or IPSec protocols and authenticated using the IEEE802.1x EAP protocol.  The access point should only accept connections from specifically authorised mac addresses.