|
 | 作者: songhbo [songhbo]
 论坛用户 |
登录 |
| 本帖由 [Rootong] 从 << 电脑门诊
>> 转移而来我英语不好,请大家一定要帮我翻译.要不我这份工作搞不成了.谢谢各位大哥. GEOVISION is an application to the service of the audit on the IT security Procedure of IT Security audit is as follows: Each BU or DR is audited The interlocutor is the IT Manager in charge for BU The questionnaire will be transmitted him 1 Month before the audit which lasts from 3 to 4 Days The HQ and 2 agencies will be audited During period of 1 month beetwen the notification of audit and the day of the audit The person in charge will have to prepare the different prerequisites indicated in the questionnaire the document is completed during the audits by the auditor but in the presence of the BU interlocutor . PERIMETER: Audits will include only the IT security policies published NOTATION: Each question is noted on a scale from 0 to 4 with a step of 0.5. 4 being the note more high. The notation is carried out compared to a scale established. And the objecyive is to standardize the answers, but also to compare and of to consolidate the results of BU Each question is balanced Fields comment is intended for the justification of the note RESULT The result of the audit will be available to Audit +30 days Each subject audited will be accompanied by recommendations and a level of priority or urgently. FUNCTION OF The APPLICATION: With through this application, it is possible: To prepare them questionnaires of audits To diffuse them questionnaires To seize it result To do it follow-up of the recommendations To consolidate audits To compare year by year progression To prepare a dashboard consolidated on SSI ISS AUDIT 2005/2006 Language : English Description : Object Level Status Question Backup Rules High Do you implement a formalized strategy of backup ? High Do you respect the backup strategy of GEODIS? High Do you restore periodically your backup, and according to the GEODIS strategy? High Are your supports of backup stored in a building different from that of the environment to be protected? Middle Do you respect the dates of lapsing of supports? Middle Do you implement a legal backup policy ? Middle Are your tape stored in a secure and fireproofed cupboard Middle Do you implement a dashboard of quality including the backup and the restorations? Logical access Administrator login High Is the length of the password 10 characters minimum? High For any applications and systems, does it exist the accounts administrators of help (not used) stored in a securised High Is there a procedure to get back the accounts of help and it is known? High Is the password unique (15 versions minimum)? High Is the change of password forced every 60 Days maximum? High Is the challenge of login secured (encoding)? Middle In case of connection of an administrator, is there limitations of access by MAC address ? Application High Were your applications the object of an analysis of risk on the SSI? High Manage you the accesses to the applications by the couple LOGIN / PROFILE? High Do you apply the group policy of passwords to your applications? High Is there a log of connection and logoff for each application? High If need, did you declare your applications to the DATA privacy department? ID/Password User High Is the password unique (15 versions minimum)? High Is the change of password forced every 90 Days maximum? High Is the length minimum of the password 7 characters minimum? High For the temporary staff, is the login subjected to an expiry date? |
| 地主 发表时间: 06-02-11 11:13 |
| 回复: songhbo [songhbo] 论坛用户 |
登录 |
|
怎么没人帮我呢?晕死了. 大家不会见死不救吧,再说,我们还是同行. |
| B1层 发表时间: 06-02-14 17:42 |
| 回复: songhbo [songhbo] 论坛用户 |
登录 |
|
怎么没人帮我呢?晕死了. 大家不会见死不救吧,再说,我们还是同行. |
| B2层 发表时间: 06-02-14 17:43 |
 | 回复: nygxlj [nygxlj]  论坛用户 |
登录 |
|
金山快译!!!!!! |
| B3层 发表时间: 06-02-14 23:20 |
| 回复: songhbo [songhbo] 论坛用户 |
登录 |
|
试了,译出来不准. |
| B4层 发表时间: 06-02-15 09:17 |
 | 回复: zhbangwei [zhbangwei] 论坛用户 |
登录 |
|
GEOVISION 是应用对审计的服务在它安全 做法它安全审计是如下: 各BU 或DR 被验核 对话者是它经理负责为BU 查询表将被传送他1 个月在持续从3 到4 天的审计之前 HQ 和2 个代办处将被验核 在1 个月的期间beetwen 审计的通知和审计的天 人负责意志必须准备不同的前提被表明在查询表 文件被完成在审计期间由审计员但在BU 对话者面前。 周长: 审计只将包括它安全政策被出版 记法: 各个问题是着名在一等级从0 到4 以步0.5 。 4 是笔记更高。 记法被执行与a 比较了 标度建立。 并且objecyive 将规范化答复, 而且比较和巩固BU 的结果 各个问题是平衡的 领域评论意欲为笔记的辩解 结果 审计的结果将有时间验核+30 天 各个主题被验核将由推荐和优先权的水平伴随或迫切。 应用的作用: 与通过这种应用, 这是可能的: 准备他们审计查询表 散开他们查询表 占领它结果 做它推荐的后续 巩固审计 比较年复一年进步 准备仪表板被巩固在SSI 发行验核2005/2006 语言: 英语 描述: 对象平实状态问题 备份 规则 上流您实施备份一个形式化的战略吗? 上流您尊敬GEODIS 备用战略吗? 上流您阶段性地恢复您的备份, 并且根据GEODIS 战略? 上流是备份您的支持被存放在大厦与那环境不同被保护? 中部您尊敬日期下降支持吗? 中部您实施一项法律备用政策吗? 中部是您的磁带被存放在安全和被耐火的碗柜 中部您实施质量仪表板包括备份和恢复吗? 逻辑通入 管理员注册 上流是密码10 字符的长度极小? 上流为任何应用和系统, 它存在帮助的管理员的帐户(没被使用) 被存放在a securised 上流在那里做法让回到帮助帐户并且它为人所知吗? 上流是密码独特(15 个版本极小值)? 上流是密码的变动强迫了每60 天最大? 上流是注册的挑战获取(内码)? 中部在管理员的连接的情况下, 有是通入的局限由机器位址吗? 应用 上流是您的应用对风险的分析的对象在SSI? 上流处理您对应用的通入由夫妇注册/ 外形? 上流您向您的应用运用密码小组政策吗? 上流是那里连接和注销日志为各种应用? 高如果需要, 您宣称您的应用对数据保密性部门吗? 身份证密码用户 上流是密码独特(15 个版本极小值)? 上流是密码的变动强迫了每90 天最大? 上流是密码7 字符的长度极小值极小? 上流为临时职员, 注册被服从对有效期限吗? |
| B5层 发表时间: 06-02-15 11:46 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 茶余饭后 标题: 这个是我们公司4月份的审计.