Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
5.2.1.2 Implement Anti-Malware Protection<br />
Malware (including viruses, worms, Trojan Horses, spyware and<br />
spam) represents one <strong>of</strong> the most pervasive types <strong>of</strong> security threats<br />
and can be leveraged against the organization in many ways.<br />
Protection requires appropriate solutions:<br />
• Determine points <strong>of</strong> protection.<br />
• Select and implement solutions according to the<br />
requirements.<br />
• Establish standard configuration for implemented solutions.<br />
• Make changes as per change control processes (see section<br />
5.1.3 <strong>of</strong> the Non-Mandatory Procedures).<br />
• Maintain as per maintenance processes (see section 6.3.3 <strong>of</strong><br />
the Non-Mandatory Procedures).<br />
5.2.1.3 Implement Security Monitoring<br />
To ensure the effectiveness <strong>of</strong> both the security controls inherent to<br />
the system as well as the security infrastructure external to the<br />
system ongoing monitoring is required:<br />
• Determine the nature <strong>of</strong> the monitoring information that is to<br />
be gathered and the manner in which it is to be presented.<br />
• Select and implement solutions according to the<br />
requirements.<br />
• Establish standard configuration for implemented solutions.<br />
• Make changes as per change control processes (see section<br />
5.1.3 <strong>of</strong> the Non-Mandatory Procedures).<br />
• Maintain as per maintenance processes (see section 6.3.3 <strong>of</strong><br />
the Non-Mandatory Procedures).<br />
5.3. Data and Media Protection<br />
The following are the Mandatory Procedures that support the Data and Media<br />
Protection section <strong>of</strong> the Default Security Requirements:<br />
5.3.1. Securely Handle Data and Media<br />
Protect data while it is in system, both in storage and use, as well as out <strong>of</strong><br />
system in media, in both storage and transit:<br />
5.3.1.1 Configure Transmissions for Confidentiality and Integrity<br />
Ensure both the integrity and confidentiality <strong>of</strong> electronic PII data<br />
transmissions through the use <strong>of</strong> cryptography. Cryptographic<br />
solutions must meet established standards.<br />
5.3.1.2 Validate Data Inputs<br />
No applicable Mandatory Procedures.<br />
13