Best Practices for Security definitions

Best Practices for Security definitions
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Best Practices for Security definitions MJ 03-18-2008
Posted by MJ on March 18, 2008, 6:25 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Just want to get some best practices on the following plus what is the
source of the answer.
1. What is the review frequency of an IT information systems?
2. Best practice for the maximum limit of invalid login.
3. How long will the limit in no. 2 be defined in the system?
4. How long will the session be inactive before it will be terminated?
5. What are the standard auditable events?
6. What is the common practice if there is an system audit failure or
audit storage capacity being reached?
7. How long should an audit log be retain?
8. How often should personnel be train as a refresher for contigency
planning?
9. How often should a contingency plan be tested?
10. How often should a contingency plan be reviewed?
11. What is the generally acceptable up-time of the alternate
processing site if the primary site went down?
12. How about for the telecom services?
13. How often should a complete system back-up be made?
14. How long before an inactive user be inactive in the USERID system
before all access be disabled?
15. How frequent should an incident capability response be tested?
16. How often should an uthorized personnel list be updated?

I can't find any source in the internet for the list above.

Thanks in advance

Posted by Todd H. on March 18, 2008, 10:58 am
If you were  Registered and logged in, you could reply and use other advanced thread options

> Just want to get some best practices on the following plus what is the
> source of the answer.

I've always tried to avoid doing other people's homework for them.

Seems the point of the exercise is to get to find this information on
your own and cite a source because none of them have universally
accepted answers for all situations and all countries (as some
questions require legal input and are industry dependent as well).

> I can't find any source in the internet for the list above.

Nah, actually the problem is that you can find too many opinions.

One place to do some looking is NIST, and focus on the documents that
include "security benchmark" in their title
http://csrc.nist.gov/checklists/repository/category.html

--
Todd H.
http://www.toddh.net/

Posted by MJ on March 19, 2008, 1:03 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Todd,

You are right, i can't seem to find which source should i check. This
is what frustrate my search, that is why i asked the group.

Thanks for your help.

Similar ThreadsPosted
Newbieish question about standard security practices June 11, 2005, 11:04 pm
Identity Management Best Practices July 14, 2006, 5:16 pm
Best Practices for secure delivery / transportation of physical media (tapes, CDs, etc.) April 24, 2007, 4:13 pm
Security Breaches Pandemic - Deloitte Touche 2006 Global Security Survey June 29, 2006, 12:42 am
New site dedicated to security conferences : www.security-briefings.com May 6, 2006, 11:16 am
New It Security News and Information site for security professionals August 6, 2008, 2:46 am
Excellent website for IT Security (Security+) February 8, 2008, 12:32 am
Google Closes Security Holes in Google Base Security November 21, 2005, 5:37 pm
Security IP June 10, 2005, 3:09 pm
BGP Security October 4, 2005, 1:49 pm

The site map in XML format XML site map

Contact Us | Privacy Policy