Scribd
Upload
111 views3 pages

Best Practices in Information Security

Uploaded by

Monie Jake Montalban

The document discusses best practices for information security, maintenance, and accountability. It covers topics like information security definitions, best practices according to PCI standards, system security practices, data protection practices, network security practices, and governance practices. It also defines terms related to maintenance of information systems within a university.

Copyright:

© All Rights Reserved
Download as DOCX, PDF, TXT or read online from Scribd
Download as docx, pdf, or txt

Best Practices in Information Security

Uploaded by

Monie Jake Montalban
111 views3 pages
The document discusses best practices for information security, maintenance, and accountability. It covers topics like information security definitions, best practices according to PCI standards, system security practices, data protection practices, network security practices, and governance practices. It also defines terms related to maintenance of information systems within a university.

Copyright

© © All Rights Reserved

Available Formats

DOCX, PDF, TXT or read online from Scribd

Did you find this document useful?

Is this content inappropriate?

The document discusses best practices for information security, maintenance, and accountability. It covers topics like information security definitions, best practices according to PCI standards, system security practices, data protection practices, network security practices, and governance practices. It also defines terms related to maintenance of information systems within a university.

Copyright:

© All Rights Reserved
Download as DOCX, PDF, TXT or read online from Scribd
Download as docx, pdf, or txt
111 views3 pages

Best Practices in Information Security

Uploaded by

Monie Jake Montalban
The document discusses best practices for information security, maintenance, and accountability. It covers topics like information security definitions, best practices according to PCI standards, system security practices, data protection practices, network security practices, and governance practices. It also defines terms related to maintenance of information systems within a university.

Copyright:

© All Rights Reserved
Download as DOCX, PDF, TXT or read online from Scribd
Download as docx, pdf, or txt
You are on page 1/ 3

Best Practices in Information Security,

Maintainance and accountability


 Information Security
 The term information security means the protection and back-up of
information and services as well as systems and telecommunications in
order to manage the risks directed at them. Protection and back-up are
achieved in both normal and emergency conditions through administrative,
technical and other measures. The objective of information security is to
safeguard the confidentiality, integrity and availability of information
from threats and accidents arising from hardware and software faults,
natural events and wilful, negligent or accidental actions.

Best Information Security Practices


According to PCI (Payment Card Industry)
 Assign a unique ID for each person who access to a computer.
 Limit database access to only thos who absolutely need it.
 Properly configured your firewall
 Use antivirus Protection on every computer
 Periodically gives security training for employees
 Regularly test systems and procedures
 ask your thir-party service providers for proof of compliance

Security Best Practices


 System Security
Patches, Anti-Virus, Malware,
File Integrity Monitoring, Host – based Intrusion Detection,Rogue Applications,
Vulnerability Scanning.
 Data Protection
Data loss Prevention (Endpoint, Storage & Network), encryption, Tokenization
 Network Security
Firewalls, Network Intrusion Detection, Web Filtering, Virtual Private Network
(VPN), Cloud Security, 24x7 Monitoring
 Governance
PCI-DSS 3.2, HIPAA, NACHA, SOC 1&2 type II, National Institute of Standards
& Techology(NIST), Computer Security Incident Response Team(CSIRT),
Source Code Scanning
RULES FOR THE MAINTENANCE OF INFOR-
MATION SYSTEMS
1. INTRODUCTION

1.1 Definitions
In these rules, maintenance and administration refer to

 keeping information systems functional and secure

 making necessary alterations to or corrections in the information systems


 documenting the use of and alterations made to the information systems

 administering user IDs, user accounts and access rights for information systems, and

 monitoring the operation and use of information systems and compiling statistics on
them.

In these rules, an information system or a system refers to

 a single data processing device or facility, or a system composed of such devices that
are owned by the University or are connected to the University network

 the University computer network

 software and services running in the University computer network, and

 the information content of all the above-mentioned systems.

A University unit refers to a faculty, department, division or other functional unit of the
University.

The responsible owner of a specific information system within the University refers to
the unit for which the information system has been acquired, and which designates the
persons entitled to use the information system. The owner of information materials may
also be the author of the materials, as defined in the Copyright Act.

The manager of an University information system is responsible for the


management of said information system unless the management responsibilities have
been transferred to another unit within the University or outsourced by contract. Usually,
the manager of an information system is not the system administrator.

System administration refers to persons responsible for the technical management of


the University’s information systems and to other University IT support personnel, who
collaborate to maintain the systems and provide user support and guidance. In a broad
sense, the term ‘administrator’ refers to all persons having administrative rights in the
system.

 Accountability
Definition: Accountability is an essential of an Information Security Plan. The
phrase means that every individual who works with an information System should
have specific responsibilities for information assurance. The task for which an
individual is responsible are part of the overall information security plan and can
be readily measurable by a person who has managerial responsibility for
information assurance. One example would be a policy statement that all
employees must avoid installing outside software on a company-owned
information infrastructure.The Person in charge of information should perform
periodic checks to be certain that the policy being followed. Individual must be
aware of what is expected of them and guide continual improvementEvery
information asset should be owned by an individual in the organization who
primarily responsible each one.

Its Relevance : the duties and responsibilities of all employees, as they relate to
information assurance, need to be specified in detail.Otherwise the attempt of
stablishing and maintaining information security is haphazard and virtually absent.
Users should remember that the biggest threat Category against an information
system comes from insiders.

You might also like