Đang chuẩn bị liên kết để tải về tài liệu:
IT Security & Audit Policy

The selection must be announced at the latest on the day preceding the interview. The audit team may also arrange joint discussions for various actors within the institution concerning key topics in terms of quality management. The visit concludes with a meeting with the management, where the audit team has the opportunity to ask more specific questions about the institution’s quality system. At the end of the meeting, the audit team gives the institution preliminary feedback on the functioning of its quality system based on the observations made during the visit | IT Security Audit Policy Page 1 of 91 Prepared by - Department Of IT Govt. Of NCT Of Delhi Prakash Kumar - Special Secretary IT Sajeev Maheshwari - System Analyst CDAC Noida Anuj Kumar Jain - Consultant BPR Rahul Singh - Consultant IT Arun Pruthi - Consultant IT Ashish Goyal - Consultant IT Rahul Goyal - Consultant IT IT Security Audit Policy document is also available on the site http it.delhigovt.nic.in Suggestions and comments are welcomed and can be posted at webupdate@.hub.nic.in IT Security Audit Policy Page 3 of 91 INDEX 1 INTRODUCTION.8 1.1 Information Security.8 1.2 Data Loss Prevention.8 1.3 about viruses.10 A. POLICY FOR GENERAL USERS.12 2 POLICIES FOR GENERAL USERS. 14 2.1 using floppies cd flash Drives.14 2.2 Password.14 2.3 backup.14 2.4 Physical Safety of System.15 2.5 computer files.15 2.6 General Instructions.16 B. POLICY FOR DEPARTMENT.18 3 DEPARTMENTAL POLICIES.20 C. POLICY FOR SYSTEM ADMINISTRATOR.22 4 SECURITY POLICY FOR PURCHASING HARDWARE.24 5 SECURITY POLICY FOR ACCESS CONTROL.25 5.1 managing access control Standards.25 5.2 managing user access.25 5.3 Securing unattended W orkstations.26 5.4 managing network access controls.26 5.5 Controlling access to operating System Software.27 5.6 managing Passwords.27 5.7 Securing Against Unauthorized Physical access.28 5.8 Restricting Access.28 5.9 monitoring System Access and Use.29 5.10 Giving Access to files and Documents.29 5.11 managing Higher Risks System Access.29 5.12 Controlling Remote User Access.30 5.13 Recommendations On Accounts and Passwords.30 6 SECURITY POLICY FOR NETWORKS.32 6. 1 Configuring networks.32 6.2 managing the network.32 6.3 Accessing network Remotely.32 6.4 Defending network Information from malicious Attack.33 6.5 Recommendations On network and Configuration Security.33 6.6 Recommendation on host based firewall.34 7 SECURITY POLICY FOR OPERATING SYSTEM.35 IT Security Audit Policy Page 4 of .