Using Reflex Disknet Pro to Aid Compliance with BS 7799 & ISO/IEC ...

Contents
INTRODUCTION 4
EXECUTIVE OVERVIEW 4
MEETING AND RETAINING THE STANDARD 5
1. ASSET CLASSIFICATION AND CONTROL [5] 6
1.1. INVENTORY OF ASSETS – PHYSICAL ASSETS [5.1.1 (C)] 6
2. PHYSICAL AND ENVIRONMENTAL SECURITY [7] 7
2.1. SECURITY OF EQUIPMENT OFF-PREMISES [7.2.5 (A) & (C)] 7
2.2. SECURE DISPOSAL OR RE-USE OF EQUIPMENT [7.2.6] 8
3. COMMUNICATIONS AND OPERATIONS MANAGEMENT [8] 8
3.1. OPERATIONAL CHANGE CONTROL [8.1.2] 8
3.2. INCIDENT MANAGEMENT PROCEDURES [8.1.3 (A) (B) (C)] 9
3.3. PROTECTION AGAINST MALICIOUS SOFTWARE [8.3] 10
3.4. CONTROLS AGAINST MALICIOUS SOFTWARE [8.3.1 (A) (B) (E) (F)] 11
3.5. MEDIA HANDLING AND SECURITY [8.6] 12
3.6. MANAGEMENT OF REMOVABLE MEDIA [8.6.1 (A) (B)] 12
3.7. DISPOSAL OF MEDIA [8.6.2 (A)] 13
3.8. EXCHANGES OF INFORMATION AND SOFTWARE [8.7] 13
3.9. SECURITY OF MEDIA IN TRANSIT [8.7.2 (C)] 13
4. ACCESS CONTROL [9] 13
4.1. EVENT LOGGING [9.7.1 (A) (B) (C) (E)] 13
4.2. MOBILE COMPUTING AND TELEWORKING [9.8] 13
5. SYSTEMS DEVELOPMENT AND MAINTENANCE [10] 14
5.1. POLICY ON THE USE OF CRYPTOGRAPHIC CONTROLS [10.3.1] 14
5.2. SECURITY OF SYSTEM FILES [10.4] 14
5.3. CONTROL OF OPERATIONAL SOFTWARE [10.4.1 (A) (C)] 14
5.4. CHANGE CONTROL PROCEDURES [10.5.1] 15
5.5. COVERT CHANNELS AND TROJAN CODE [10.5.4 (E)] 15
6. COMPLIANCE [12] 15
© Reflex Magnetics Ltd 2