Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.
An inventory that reflects what software platforms and applications are being used in the organization shall be documented, reviewed, and updated when changes occur.
Guidance
- This inventory includes software programs, software platforms and databases, even if outsourced (SaaS).
- Outsourcing arrangements should be part of the contractual agreements with the provider.
- Information in the inventory should include for example: name, description, version, number of users,
data processed, etc.
- A distinction should be made between unsupported software and unauthorized software.
- The use of an IT asset management tool could be considered.
The inventory of software platforms and applications associated with information and information processing shall reflect changes in the organization’s context and include all information necessary for effective accountability.
Guidance
The inventory of software platforms and applications should include the title, publisher, initial install/use date, and business purpose for each entry; where appropriate, include the Uniform Resource Locator (URL), app store(s), version(s), deployment mechanism, and decommission date.
Individuals who are responsible and who are accountable for administering software platforms and applications within the organization shall be identified.
When unauthorized software is detected, it shall be quarantined for possible exception handling, removed, or replaced, and the inventory shall be updated accordingly.
Guidance
- Any unsupported software without an exception documentation, is designated as unauthorized.
- Unauthorized software can be detected during inventory, requests for support by the user or other means.
Mechanisms for detecting the presence of unauthorized software within the organization’s ICT/OT environment shall be identified.
Guidance
- Where safe and feasible, these mechanisms should be automated.
- There should be a process to regularly address unauthorised assets; The organization may choose to remove the asset from the network, deny the asset from connecting remotely to the network, or quarantine the asset.
An inventory that reflects what software platforms and applications are being used in the organization shall be documented, reviewed, and updated when changes occur.
Guidance
- This inventory includes software programs, software platforms and databases, even if outsourced (SaaS).
- Outsourcing arrangements should be part of the contractual agreements with the provider.
- Information in the inventory should include for example: name, description, version, number of users,
data processed, etc.
- A distinction should be made between unsupported software and unauthorized software.
- The use of an IT asset management tool could be considered.
The inventory of software platforms and applications associated with information and information processing shall reflect changes in the organization’s context and include all information necessary for effective accountability.
Guidance
The inventory of software platforms and applications should include the title, publisher, initial install/use date, and business purpose for each entry; where appropriate, include the Uniform Resource Locator (URL), app store(s), version(s), deployment mechanism, and decommission date.
Individuals who are responsible and who are accountable for administering software platforms and applications within the organization shall be identified.
When unauthorized software is detected, it shall be quarantined for possible exception handling, removed, or replaced, and the inventory shall be updated accordingly.
Guidance
- Any unsupported software without an exception documentation, is designated as unauthorized.
- Unauthorized software can be detected during inventory, requests for support by the user or other means.
Mechanisms for detecting the presence of unauthorized software within the organization’s ICT/OT environment shall be identified.
Guidance
- Where safe and feasible, these mechanisms should be automated.
- There should be a process to regularly address unauthorised assets; The organization may choose to remove the asset from the network, deny the asset from connecting remotely to the network, or quarantine the asset.
In Cyberday, requirements and controls are mapped to universal tasks. A set of tasks in the same topic create a Policy, such as this one.
In Cyberday, requirements and controls are mapped to universal tasks. Each requirement is fulfilled with one or multiple tasks.
When building an ISMS, it's important to understand the different levels of information hierarchy. Here's how Cyberday is structured.
Sets the overall compliance standard or regulation your organization needs to follow.
.svg)
.svg)
.svg)
Break down the framework into specific obligations that must be met.
.svg)
Concrete actions and activities your team carries out to satisfy each requirement.
Documented rules and practices that are created and maintained as a result of completing tasks.
