Dozuki System Automated Release

Minor Versionm

by Dozuki System

Network security and information sharing shall be addressed to ensure protection of information in transit

T4.1 COMMUNICATIONS POLICY

OBJECTIVE

To maintain a communications policy covering the security of information shared internally and externally

PERFORMANCE INDICATOR

Extent of communications policy deployment and adoption across the entity

AUTOMATION GUIDANCE

Not applicable

RELEVANT THREATS AND VULNERABILITIES

  1. Unsuitable communications policy
  2. Unawareness of communications policy among IT staff

APPLICABLE CONTROLS

Followings are controls applicable for this control family.

T4.1.1 - P3 - COMMMUNICATIONS POLICY

T4.2 INFORMATION TRANSFER

OBJECTIVE

To maintain the security of information and software exchanged within an entity and with any external entity

PERFORMANCE INDICATOR

Percentage of people not complying with the information transfer policy

AUTOMATION GUIDANCE

Commercial DLP solutions are available to look for exfiltration attempts and detect other suspicious activities associated with a protected network holding sensitive information. Entities deploying such tools should carefully inspect their logs and follow up on any discovered attempts, even those that are successfully blocked, to transmit sensitive information out of the entity without authorization.

RELEVANT THREATS AND VULNERABILITIES

  1. Unprotected information in transit
  2. Tempering with information systems

APPLICABLE CONTROLS

Followings are controls applicable for this control family.

T4.3 ELECTRONIC COMMERCE SERVICES

OBJECTIVE

To ensure the security of electronic commerce services

PERFORMANCE INDICATOR

Percentage of e-commerce volume subject to information security incidents

AUTOMATION GUIDANCE

Not applicable

RELEVANT THREATS AND VULNERABILITIES

  1. Embezzlement, skimming, and related fraud
  2. Eavesdropping / Packet Sniffing

APPLICABLE CONTROLS

Followings are controls applicable for this control family.

T4.4 INFORMATION SHARING PROTECTION

OBJECTIVE

To ensure adequate protection of information shared within an information sharing community

PERFORMANCE INDICATOR

Frequency of information security incidents occurring within each information sharing community in which information is intentionally or unintentionally disclosed

AUTOMATION GUIDANCE

Not applicable

RELEVANT THREATS AND VULNERABILITIES

  1. Misappropriation of private knowledge
  2. Abuse of system access/privileges

APPLICABLE CONTROLS

Followings are controls applicable for this control family.

T4.5 NETWORK CONTROLS

OBJECTIVE

To ensure the protection of information in networks and the protection of the supporting infrastructure

PERFORMANCE INDICATOR

Percentage of information systems that meet all network security management requirements

AUTOMATION GUIDANCE

Port scanning tools are used on a range of target systems to determine which services are listening on the network. In addition to determining which ports are open, effective port scanners can be configured to identify the version of the protocol and service listening on each discovered open port. This list of services and their versions are compared against an inventory of services required by the entity for each server and workstation in an asset management system. Recently added features in these port scanners are being used to determine the changes in services offered by scanned machines on the network since the previous scan, helping security personnel identify differences over time.

RELEVANT THREATS AND VULNERABILITIES

  1. Abuse of system access/privileges
  2. Eavesdropping / Packet Sniffing
  3. Denial of Service (DOS) or DDOS

APPLICABLE CONTROLS

Followings are controls applicable for this control family.

View Statistics:

Past 24 Hours: 1

Past 7 Days: 1

Past 30 Days: 1

All Time: 78