Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.
Objective: Information security is an integral part of the entire lifecycle of IT systems. This particularly includes consideration of information security requirements in the development or acquisition of IT systems.
Requirements (must): The information security requirements associated with the design and development of IT systems are determined and considered.
The information security requirements associated with the acquisition or extension of IT systems and IT components are determined and considered.
Information security requirements associated with changes to developed IT systems are considered.
System approval tests are carried out under consideration of the information security requirements.
Requirements (should): Requirement specifications are prepared. The following aspects are considered:
- The information security requirements.
- Vendor recommendations and best practices for secure configuration and implementation
- Best practices and security guidelines
- Fail safe (designed to return to a safe condition in the event of a failure or malfunction)
Requirement specifications are reviewed against the information security requirements.
The IT system is reviewed for compliance with specifications prior to productive use.
The use of productive data for testing purposes is avoided as far as possible (if applicable, anonymization or pseudonymization):
- Where productive data are used for testing purposes, it shall be ensured that the test system is provided with protective measures comparable to those on the operational system,
- Requirements for the lifecycle of test data (e.g. deletion, maximum lifetime on the IT system),
- Case-related specifications for the generation of test data are defined.
Objective: Information security is an integral part of the entire lifecycle of IT systems. This particularly includes consideration of information security requirements in the development or acquisition of IT systems.
Requirements (must): The information security requirements associated with the design and development of IT systems are determined and considered.
The information security requirements associated with the acquisition or extension of IT systems and IT components are determined and considered.
Information security requirements associated with changes to developed IT systems are considered.
System approval tests are carried out under consideration of the information security requirements.
Requirements (should): Requirement specifications are prepared. The following aspects are considered:
- The information security requirements.
- Vendor recommendations and best practices for secure configuration and implementation
- Best practices and security guidelines
- Fail safe (designed to return to a safe condition in the event of a failure or malfunction)
Requirement specifications are reviewed against the information security requirements.
The IT system is reviewed for compliance with specifications prior to productive use.
The use of productive data for testing purposes is avoided as far as possible (if applicable, anonymization or pseudonymization):
- Where productive data are used for testing purposes, it shall be ensured that the test system is provided with protective measures comparable to those on the operational system,
- Requirements for the lifecycle of test data (e.g. deletion, maximum lifetime on the IT system),
- Case-related specifications for the generation of test data are defined.
In Cyberday, requirements and controls are mapped to universal tasks. A set of tasks in the same topic create a Policy, such as this one.
In Cyberday, requirements and controls are mapped to universal tasks. Each requirement is fulfilled with one or multiple tasks.
When building an ISMS, it's important to understand the different levels of information hierarchy. Here's how Cyberday is structured.
Sets the overall compliance standard or regulation your organization needs to follow.
.svg)
.svg)
.svg)
Break down the framework into specific obligations that must be met.
.svg)
Concrete actions and activities your team carries out to satisfy each requirement.
Documented rules and practices that are created and maintained as a result of completing tasks.
