kamagra how much to take

SharePoint Security Policy Checklist

Introduction – SharePoint Security Policy Checklist

The SharePoint Server Security Policy Checklist provides a concise view of the state of [Organization]  security policy development and implementation for an organization.

Required Policies

The SharePoint Server Security Policy Checklist indicates which policies are required by default by [Organization]  and which policies are optional based on the SharePoint resources used by an organization. For required policies indicate yes in each column where the column heading indicates a true statement and a targeted completion date in each column where the column heading indicates a condition that has not yet been met.

Optional Policies

This portion of the SharePoint Server Security Policy Checklist is for those policy areas that may be required depending on the SharePoint resources in use for [Organization] . For these policies examine the requirements statement associated with the policy. If the policy is required based on the requirements statement, complete the remaining columns as indicated above. If the policy is not required based on the requirements statement simply mark the Required column no.

Analysis Matrix

The Analysis Matrix .is provided as a tool to assist with the completion of the SharePoint Server Security Policy Checklist.
This matrix describes security elements, gives an industry best practice of the intent of the security element, indicates where the policy for a security element is most likely to be documented, and provides locations to document dates and plans.

 

Policy Checklist Required Published Approved Adopted Communicated Revised
             
Acceptable Use Yes          
Account Management Yes          
Admin/Special Access Yes          
Change Management Yes          
Disaster Recovery Yes          
Incident Management Yes          
Password Yes          
Physical Security Yes          
Privacy Yes          
Security Training Yes          
Software Licensing Yes          
Virus Protection Yes          
             
             
Intrusion Detection· Required for networked environments.            
Portable Computing· Required for organizations supporting laptops, PDA, or other portable devices.            
Security Monitoring· Required for networked environments.            
Server Hardening· Required for environments with servers.            
System Development· Required for environments where software is developed            
Vendor Access· Required for environments where access to or from entities external to organization is required. Outsourced maintenance, management, and network services must be considered.            

 

Analysis MatrixSecurity Element Industry Best Practice Location Last Revision Date Implementation
Policy Development and Evaluation Process Documented development process for the continual updating and review of security policies and procedures and compliance. Includes process for the continuous review and measurement of policy effectiveness.      
Ethics Policy Documented high-level statement of ethics standards.      
Security Policies        
Acceptable Use Documentation presenting general guidelines defining scope, behavior, and practices for uses; monitoring of compliance; and polices pertaining to special access users. Acceptable Use Policy    
Account Management Documentation requiring standards and procedures for the creation, distribution, revocation of user accounts. Account Management Policy    
Proprietary Information Documentation establishing responsibility and appropriate measures for protecting proprietary information from disclosure or modification.      
E-Mail Access and Use Documentation presenting general guidelines defining scope, behavior, and practices for uses; monitoring of compliance; and polices pertaining to special access users. Acceptable Use Policy    
Escalation ProceduresIncident Reporting

Incident Handling

Incident Investigation

Response plan for handling and resolving security incidents. Incident Management Policy    
Internet Access Documentation presenting general guidelines defining scope, behavior, and practices for uses; monitoring of compliance; and polices pertaining to special access users. Acceptable Use Policy    
Portable Computing Policy Documentation presenting general guidelines defining scope, behavior, and practices for uses; monitoring of compliance; and polices pertaining to special access users.      
Passwords Documentation requiring standards and procedures for the composition, creation, distribution, use, and revocation of passwords. Password Policy    
Privacy Documentation establishing responsibility and appropriate measures for protecting private and personally identifying information. Minimum efforts may be required by legislation. Privacy Policy    
Security Training Awareness and training program in information security and the protection of information resources for personnel who come in contact with sensitive resources. Security Training Policy    
Software Licensing Documentation establishing responsibility and appropriate compliance measures.      
Voice Mail Access and Use Documentation presenting general guidelines defining scope, behavior, and practices for uses; monitoring of compliance; and polices pertaining to special access users. Acceptable Use PolicySpecial Access Policy    
Physical Security        
Basic Physical Security Controlled building access, mandatory access controls for information systems; policy for use of controls and penalties for non-compliance. Physical Security Policy    
Natural Disasters Documented plan for the recovery of critical business functions in the case of flood, fire, loss of environmental controls, or power loss. Backup/Disaster Recovery Policy    
Data Access        
Data Classification Documentation policies and procedures for the classification, identification, and handling of sensitive information.      
Data Retention Documented policies and procedures for the archival and retention of sensitive data.      
Disposal of Sensitive Data Documented policies and procedures for the destruction of media containing sensitive data.      
Integrity and Confidentiality Controls for the assurance of data integrity, including those that pertain to confidentiality and privacy compliance policy. Vendor Access PolicySecurity Monitoring Policy

Virus Protection Policy

   
System Security ToolsIntrusion Detection

Security Monitoring

Virus Detection

The use of audit controls and tools to periodically review security compliance. Security Monitoring PolicyIntrusion Detection Policy    
Systems Development        
Development Procedures Documented policies and procedures governing acceptable standards of testing and documentation, as well as those for the lifecycle that places a system into production. System Development Policy    
Systems Administration        
Responsibilities and Roles Documented policies that define the roles and responsibilities of system administrators and their relation to the computer systems and network infrastructure in their care.      
Contingency Planning        
Contingency Planning Documentation establishing responsibility for policies and procedures and mechanisms for the creation, testing, and revision of contingency plans for business critical systems. Backup/Disaster Recovery Policy    
Backup Policies and procedures and mechanisms for the archival, retention, and recovery of data. Periodic testing of recovery schemes. Backup/Disaster Recovery Policy    
Off-Site Backup Copies of backup media and logs are stored off-site in a secured facility on a regular basis. Policies and procedures exist governing the transfer and handling of media. Backup/Disaster Recovery Policy    
Maintenance        
Equipment Computer equipment is maintained in accordance with manufacturer’s recommendations. Records of faults or suspected faults are maintained. Critical systems are under maintenance contract in proportion to their significance. Server Hardening Policy    
Software Policies and procedures for the monitoring of patch and vulnerability information sources, their review, remediation, and the creation of new baseline information for updated systems. Change Management PolicyServer Hardening Policy    
Share

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>