Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.
Objective: Information processing is mostly done using of specific software. Security issues in software will easily become a risk for the information processed. Accordingly, software must be appropriately managed.
Requirements (must): Software is approved before installation or use. The following aspects are considered:
- Limited approval for specific use-cases or roles
- Conformance to the information security requirements
- Software use rights and licensing
- Source / reputation of the software
Software approval also applies to special purpose software such as maintenance tools
Requirements (should): The types of software such as firmware, operating systems, applications, libraries, device drivers to be managed are determined.
Repositories of managed software exist
The software repositories are protected against unauthorized manipulation
Approval of software is regularly reviewed
Software versions and patch levels are known
Objective: Information processing is mostly done using of specific software. Security issues in software will easily become a risk for the information processed. Accordingly, software must be appropriately managed.
Requirements (must): Software is approved before installation or use. The following aspects are considered:
- Limited approval for specific use-cases or roles
- Conformance to the information security requirements
- Software use rights and licensing
- Source / reputation of the software
Software approval also applies to special purpose software such as maintenance tools
Requirements (should): The types of software such as firmware, operating systems, applications, libraries, device drivers to be managed are determined.
Repositories of managed software exist
The software repositories are protected against unauthorized manipulation
Approval of software is regularly reviewed
Software versions and patch levels are known
In Cyberday, requirements and controls are mapped to universal tasks. A set of tasks in the same topic create a Policy, such as this one.
In Cyberday, requirements and controls are mapped to universal tasks. Each requirement is fulfilled with one or multiple tasks.
When building an ISMS, it's important to understand the different levels of information hierarchy. Here's how Cyberday is structured.
Sets the overall compliance standard or regulation your organization needs to follow.
.svg)
.svg)
.svg)
Break down the framework into specific obligations that must be met.
.svg)
Concrete actions and activities your team carries out to satisfy each requirement.
Documented rules and practices that are created and maintained as a result of completing tasks.
