RE: ISO IEC 27002 (ISO-17799) assistance please.
- From: "Ardian Silvano" <asilvano@xxxxxxxxx>
- Date: Tue, 15 Jan 2008 08:34:34 +0700
Hi Thyago,
AFAIK, for clear desk and clear screen policy, it is not topic 7.3.1. It
should be on A.11.3.3 (CMIIW). I agree with other, it is mentioned on
A.11.3.2 Unattended user equipment, under User Responsibilities topic.
Cheers,
Ardian
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of Thyago Braga da Silva
Sent: Saturday, January 12, 2008 1:22 AM
To: cmbarber@xxxxxxxxx
Cc: security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: ISO IEC 27002 (ISO-17799) assistance please.
Hi Chris.
You can find in the topic 7.3.1 (Clear desk and clear screen policy)
included in Physical and environmental security topic, where the objective
is to prevent compromise or theft of information and information processing
facilities.
c) Personal computers and computer terminals and printers should not be left
logged on when unattended and should be protected by key locks, passwords or
other controls when not in use.
It means that your organization should provide mechanisms for not exposing
information on computers. And it's related with "the use of automated
workstation locking after X minutes". If that is necessary and not made, the
organization is not in compliance to ISO/IEC 17799 or 27002.
===================================
Thyago Braga da Silva
Gestor de Projetos de Segurança da Informação
GA Security and Audit
Rua da Quitanda 19, 714
Rio de Janeiro - Centro
CEP: 20011-030
Telefone: 55-21-2242-0835
Celular: 55-21-8747-7232
-----------------
I am hoping that the experts on this list might be able to assist me
with problem. I have a consultant who is doing some audit work for
the company I work for. This consultant has been quoting information
about best business practice and standards and has my managment in a
bit of a tizzy. So far I have been able to prove or disprove most
things that he has been telling my managment, but I am stuck one and
it seems that this item has struck a nerve.
The consultant has claimed that both NIST and ISO-17799 recomend the
use of automated workstation locking after X minutes. I have found
information on the NIST Standard but have not been able to find
anything on the ISO-17799 standard (or atleast not without buying it).
Does anyone on the list happen to have a copy of ISO-17799, if so
could you help me prove or disprove this comment?
I have done several google searches and all of the links I get end up
asking me to purchase the Standard. I think having it would be a good
thing, just that I do not have money in my budget to purchase it.
Many thanks in advance,
Chris.
__________ NOD32 2791 (20080114) Information __________
This message was checked by NOD32 antivirus system.
http://www.eset.com
- References:
- RE: ISO IEC 27002 (ISO-17799) assistance please.
- From: Thyago Braga da Silva
- RE: ISO IEC 27002 (ISO-17799) assistance please.
- Prev by Date: Re: SNMP attempts every 10 minutes
- Next by Date: RE: SSL VPN
- Previous by thread: RE: ISO IEC 27002 (ISO-17799) assistance please.
- Next by thread: Cisco's SDM firewall and IDS reviews
- Index(es):
Relevant Pages
|
|
