Previous | Table of Contents | Next |
35. A B C D
For interactive data communication, the security measures items 20-32 shall be included.
36. A B C D
The use of encryption should be decided jointly by the personnel responsible for security at the sending and the receiving companies. Their feasibility study shall include sensitivity of data, risks, and costs. Before deciding for encryption, corporate approval must be obtained.
37. A B C D
For synchronous communication, the identities shall be unique.
38. A B C D
Dial-up asynchronous communication, X21 and X25, must be specially secured against unauthorized access. The following methods may be used:
39. A B C D
For each application where data communication is being used, fallback alternatives to the communication and its routines shall be developed and tested.
40. - B C D
Investigations have shown that the risk of loss is as great in the area of swindle and sabotage as it is for fire and water damage. In light of these facts, the background of those who will be employed in sensitive positions should be carefully checked.
41. A B C D
The employment agreement for IT personnel should include a paragraph stating, &147;Programs made in working hours or otherwise made for the employer are the property of the employer and cannot be sold or given away without written permission from the employer.
43. - - C D
A logbook of disturbances shall be kept. It should contain the time when the disturbance was discovered, the kind of disturbance and where it occurred, the time for notification of error, and the time when the system was working again.
44. - - C -
A contingency plan should be worked out and kept updated.
45. - - - D
A contingency plan must be worked out and kept updated.
46. - - C D
The computer installations should have insurance against fire. Water and extra cost insurance is often recommended. For leased equipment, check whether the leasing company or the Group company is responsible for taking out the insurance policy.
47. A B C D
A complete system and operation documentation shall be kept up to date. One copy of it shall be kept in a fireproof place.
48. - B C D
Before putting a new system or a new version into production, a thorough test shall be carried out. This
49. - - C D
A test system or a test company should be installed, so that tests and education will not affect the production environment.
50. A B C D
Methods shall be applied to ensure that all input allowed and nothing else is entered into the system. Such methods are automatic checking of batch sums or serial numbers and a split input by two clerks and a comparison between the two input files.
51. A B C D
Quality checks of data entry shall be used, such as check digits, format, and reasonableness checks, combination controls, matching checks, and batch totals.
Previous | Table of Contents | Next |