Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Table <strong>of</strong> Contents<br />
Introduction ................................................................................................. 1<br />
2. Assessment & Planning ........................................................................... 2<br />
2.1. Risk and Privacy Assessment ...................................................................... 2<br />
2.1.1. Perform Risk Assessment ......................................................................... 2<br />
2.1.2. Perform Privacy Assessment.................................................................... 2<br />
2.2. Create a Security Plan ................................................................................ 4<br />
2.3. Maintain Records ....................................................................................... 4<br />
3. Awareness & Training ............................................................................. 5<br />
3.1. Security Awareness Training ...................................................................... 5<br />
3.1.1. Design and Develop an Awareness Training Program ............................. 5<br />
3.1.2. Provide Awareness Training .................................................................... 6<br />
3.2. Security Operations Training ...................................................................... 6<br />
3.2.1. Design and Develop an Operations Training Program ............................ 7<br />
3.2.2. Provide Operations Training .................................................................... 7<br />
3.3. Maintain Records ....................................................................................... 8<br />
4. Access Control ........................................................................................ 9<br />
4.1. Identification and Authentication .............................................................. 9<br />
4.1.1. Manage Identification and Authentication.............................................. 9<br />
4.2. Account Management .............................................................................. 10<br />
4.3. Session Management ............................................................................... 11<br />
4.4. Maintain Records ..................................................................................... 11<br />
5. Systems Configuration .......................................................................... 12<br />
5.1. Configuration Management ..................................................................... 12<br />
5.2. Systems Protection .................................................................................. 12<br />
5.2.1. Create and Maintain Security Infrastructure ......................................... 12<br />
5.3. Data and Media Protection ...................................................................... 13<br />
5.3.1. Securely Handle Data and Media........................................................... 13<br />
5.4. Application Protection ............................................................................. 14<br />
5.5. Maintain Records ..................................................................................... 14<br />
6. Systems Operation ................................................................................ 15<br />
6.1. Assessment Operations ............................................................................ 15<br />
6.1.1. Perform Security Assessments .............................................................. 15<br />
6.1.2. Perform Security Self Assessment ......................................................... 15