Risico’s van een gevirtualiseerde IT-omgeving

More documents

Recommendations

Info

Risico’s van een gevirtualiseerde IT-omgeving Possen & Ulrich----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ProcessnumberDS05DS09DS09DS09ProcessEnsure systemssecurityManage theconfigurationManage theconfigurationManage theconfigurationControlobjectivenumberControl objectiveControl objective descriptionDS5.11 Exchange of Sensitive Data Exchange sensitive transaction data only over a trusted path or medium withcontrols to provide authenticity of content, proof of submission, proof ofDS9.1DS9.2Configuration Repository andBaselineIdentification and Maintenanceof Configuration Itemsreceipt and non-repudiation of origin.Establish a supporting tool and a central repository to contain all relevantinformation on configuration items. Monitor and record all assets and changesto assets. Maintain a baseline of configuration items for every system andservice as a checkpoint to which to return after changes..Establish configuration procedures to support management and logging of allchanges to the configuration repository. Integrate these procedures withchange management, incident management and problem managementprocedures.DS9.3 Configuration Integrity Review Periodically review the configuration data to verify and confirm the integrityof the current and historical configuration. Periodically review installedsoftware against the policy for software usage to identify personal orunlicensed software or any software instances in excess of current licenseagreements. Report, act on and correct errors and deviations.DS11 Manage data DS11.1 Business Requirements forData ManagementDS11 Manage data DS11.2 Storage and RetentionArrangementsDS11 Manage data DS11.3 Media Library ManagementSystemVerify that all data expected for processing are received and processedcompletely, accurately and in a timely manner, and all output is delivered inaccordance with business requirements. Support restart and reprocessingneeds.Define and implement procedures for effective and efficient data storage,retention and archiving to meet business objectives, the organisation’ssecurity policy and regulatory requirements.Define and implement procedures to maintain an inventory of stored andarchived media to ensure their usability and integrity.DS11 Manage data DS11.4 Disposal Define and implement procedures to ensure that business requirements forprotection of sensitive data and software are met when data and hardware aredisposed or transferred.DS11 Manage data DS11.5 Backup and Restoration Define and implement procedures for backup and restoration of systems,applications, data and documentation in line with business requirements andthe continuity plan.----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Pagina 120
Risico’s van een gevirtualiseerde IT-omgeving Possen & Ulrich----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ProcessnumberProcessControlobjectivenumberControl objectiveDS11 Manage data DS11.6 Security Requirements forData ManagementDS12DS12DS12DS12DS12Manage the physicalenvironmentManage the physicalenvironmentManage the physicalenvironmentManage the physicalenvironmentManage the physicalenvironmentControl objective descriptionDefine and implement policies and procedures to identify and apply securityrequirements applicable to the receipt, processing, storage and output of datato meet business objectives, the organisation’s security policy and regulatoryrequirements.DS12.1 Site Selection and Layout Define and select the physical sites for IT equipment to support thetechnology strategy linked to the business strategy. The selection and designof the layout of a site should take into account the risk associated with naturaland man-made disasters, whilst considering relevant laws and regulations,such as occupational health and safety regulations.DS12.2 Physical Security Measures Define and implement physical security measures in line with businessrequirements to secure the location and the physical assets. Physical securitymeasures must be capable of effectively preventing, detecting and mitigatingrisks relating to theft, temperature, fire, smoke, water, vibration, terror,vandalism, power outages, chemicals or explosives.DS12.3 Physical Access Define and implement procedures to grant, limit and revoke access topremises, buildings and areas according to business needs, includingemergencies. Access to premises, buildings and areas should be justified,authorised, logged and monitored. This should apply to all persons enteringthe premises, including staff, temporary staff, clients, vendors, visitors or anyother third party.DS12.4DS12.5Protection AgainstEnvironmental FactorsPhysical FacilitiesManagementDesign and implement measures for protection against environmental factors.Install specialised equipment and devices to monitor and control theenvironment.Manage facilities, including power and communications equipment, in linewith laws and regulations, technical and business requirements, vendorspecifications, and health and safety guidelines.----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Pagina 121
Page 1:
Risico’s van een gevirtualiseerde
Page 4 and 5:
Possen & UlrichRisico’s van een g
Page 6 and 7:
Page 8 and 9:
Page 10 and 11:
Page 12 and 13:
Page 14 and 15:
Page 16 and 17:
Page 18 and 19:
Page 20 and 21:
Page 22 and 23:
Page 24 and 25:
Page 26 and 27:
Page 28 and 29:
Page 30 and 31:
Page 32 and 33:
Page 34 and 35:
Page 36 and 37:
Page 38 and 39:
Page 40 and 41:
Page 42 and 43:
Page 44 and 45:
Page 46 and 47:
Page 48 and 49:
Page 50 and 51:
Page 52 and 53:
Page 54 and 55:
Page 56 and 57:
Page 58 and 59:
Page 60 and 61:
Page 62 and 63:
Page 64 and 65:
Page 66 and 67:
Page 68 and 69:
Page 70 and 71:
Page 72 and 73: Possen & UlrichRisico’s van een g
Page 84 and 85: Risico’s van een gevirtualiseerde
Page 128: Possen & UlrichRisico’s van een g
show all

Risico’s van een gevirtualiseerde IT-omgeving

Create successful ePaper yourself

Delete template?

Save as template?