Scribd Logo
Upload

Welcome to Scribd!

  • Isms-C Doc 6.2.1 PDF

    Uploaded by

    dhir.ankur
    187 views2 pages

    Original Title

    ISMS-C_DOC_6.2.1.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    187 views2 pages

    Isms-C Doc 6.2.1 PDF

    Uploaded by

    dhir.ankur

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Document Control

    Reference: ISMS-C DOC


    WIRELESS NOTEBOOK COMPUTER 6.2.1
    SECURITY (TIER 2) Issue No:
    Issue Date:
    Page: 1 of 2

    This is a toolkit trial version only -


    Buy the full ISMS ISO 27001: 2013 Documentation Toolkit
    here

    1 Scope1

    All users of the Organisation Names wireless notebook computers [and other
    mobile devices] are within the scope of this procedure.

    2 Responsibilities

    The Head of IT (CIO) is responsible for specifying and/or providing the firewalls,
    anti-malware software, automatic updating, connectivity and backup facilities
    required under this procedure.

    The Head of HR is responsible for user training.

    All users have specific responsibilities in terms of their User Agreements.

    3 Procedure [ISO27002 Clause 6.2.1]

    3.1 Organisation Name requires notebook computer level deployment of [the


    companys specified] firewalls, anti-malware software, and automatic updating
    facilities that are all up to date [and meet the corporate minimum standards, which
    are specified in [ ] and in the User Agreement.
    3.2 Organisation Name requires notebook computer level deployment of the corporate
    policy on usernames and passwords (see control section 9.1 of the Manual), to
    have a password protected screensaver, and to [password protect/encrypt] all Commented [A1]: If so, how is to be done?
    folders containing [confidential] corporate information, and to disable folder and
    printer sharing, all of which is specified in the User Agreement.
    3.3 Organisation Name requires that notebook computers are physically protected
    against theft and damage while in transit, in storage or in use and that, in cases of
    loss or theft, the specified corporate policy (see User Agreement) for dealing with
    such incidents is followed.
    3.4 Organisation Name requires users (in the User Agreement) to ensure that all the
    most recent operating system and application security-related patches, fixes and
    updates have been installed.
    3.5 Organisation Name requires (in the User Agreement) that notebook computers are
    backed up in line with corporate specification [set out where?].
    3.6 [].
    3.7 [].

    1
    Chapter 21 of IT Governance: An International Guide to Data Security and ISO27001/ISO27002 deals with
    mobile computing. This template will need to be expanded to take into account mobile phones, Blackberries,
    PDAs and any other mobile devices, and adjusted to reflect different decisions on connectivity.
    Organisation Name Classification_3

    Customisable PROCEDURE template v3.0


    Comments to feedback@itgovernance.co.uk
    IT Governance Ltd 2015
    www.itgovernance.co.uk
    Document Control
    Reference: ISMS-C DOC
    WIRELESS NOTEBOOK COMPUTER 6.2.1
    SECURITY (TIER 2) Issue No:
    Issue Date:
    Page: 2 of 2

    3.8 [].
    3.9 [].
    3.10 Organisation Name provides users with appropriate training and awareness to
    ensure that they understand the risks of wireless on the road computing and that
    they understand and can carry out their agreed security obligations.
    3.11 Work instruction ISMS DOC [ ] sets out how the corporate requirements set out in
    Clause 3.1 and 3.4 above are enforced.
    3.12 WI ISMS DOC [ ] sets out how the [VPN or other connectivity solution] is to be Commented [A2]: A risk assessment should drive your choice of
    operated. connectivity
    3.13 WI ISMS DOC [ ] sets out how e-mails are to be encrypted when sent from mobile Commented [A3]: A risk assessment should drive your decision
    devices. on this

    Document Owner and Approval

    The Network Manager is the owner of this document and is responsible for ensuring
    that this procedure is reviewed in line with the review requirements of the ISMS.

    A current version of this document is available to [all/specified] members of staff


    on the [corporate intranet] and is published [ ].

    This procedure was approved by the Chief Information Security Officer (CISO) on
    [date] and is issued on a version controlled basis under his/her signature.

    Signature: Date:

    Change History Record

    Issue Description of Change Approval Date of Issue


    1 Initial issue <Manager> Xx/yy/zz

    This is a toolkit trial version only -


    Buy the full ISMS ISO 27001: 2013 Documentation Toolkit
    here

    Organisation Name Classification_3

    Customisable PROCEDURE template v3.0


    Comments to feedback@itgovernance.co.uk
    IT Governance Ltd 2015
    www.itgovernance.co.uk

    You might also like