Scribd
Upload
75 views2 pages

Minimum Information Security Standards

The document outlines minimum information security standards and components of an effective disaster recovery plan. The security standards include requirements such as changing default passwords after installation, encrypting passwords during transmission, automatically expiring passwords after 60 days, locking users out after 3 failed login attempts, and terminating inactive sessions after 5 minutes. The disaster recovery plan components cover activating plans during an incident, emergency and resumption procedures, maintenance and testing, and roles and responsibilities for executing the plan. It also includes details about vendors, employee contacts, emergency numbers, medical procedures, insurance, backup locations, and trained emergency personnel.

Uploaded by

Akash79
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
75 views2 pages

Minimum Information Security Standards

The document outlines minimum information security standards and components of an effective disaster recovery plan. The security standards include requirements such as changing default passwords after installation, encrypting passwords during transmission, automatically expiring passwords after 60 days, locking users out after 3 failed login attempts, and terminating inactive sessions after 5 minutes. The disaster recovery plan components cover activating plans during an incident, emergency and resumption procedures, maintenance and testing, and roles and responsibilities for executing the plan. It also includes details about vendors, employee contacts, emergency numbers, medical procedures, insurance, backup locations, and trained emergency personnel.

Uploaded by

Akash79
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Minimum information security standards:

1. After the completion of installation of software, password should be changed by the system
security administrators.
2. A backup system security administrator should be developed and trained to ensure continued
operation of the system.
3. System security administrator shall set parameters to require passwords to be a minimum 8
characters.
4. System shall be designed so that passwords are invisible in the workstation.
5. System should be designed so that files are encrypted by a secure algorithm.
6. System security administrators shall set passwords so that it is automatically expired within
60 days.
7. Attempt of using wrong user ID and passwords shall be suspended after 3 consecutive
attempts where passwords and ID can reset through communicating with the system
administrators.
8. Users session shall be terminated after five minutes of inactivity.
9. Users shall not be allowed con-current sign on sessions.
10. Terminated and transferred user ID should be immediately removed upon notification from
the user department manager or HR department.
11. Departmental manager should train user so that the user do not share or divulge passwords to
anyone, write them down, post them in their workstation.
12. Adequate insurance coverage shall be maintained over the hardware, operating system and
application software and data.
13. System security administrator shall install software that automatically checks for viruses
when it is installed.
14. Confidential information such as passwords shall be encrypted by a secure algorithm during
electronic transmission.
The disaster recovery plan may cover the following areas

1. Condition for activating the plans which describe the process to be followed before each plan
is activated.
2. Emergency procedures which describe the action to be taken when particular incident is
incurred and jeopardize the business operation.
3. Feedback procedures which describe the action to be taken in order to move the business
operation to alternative location following the disaster.
4. Resumption procedures which describe the action to be taken to return to the original business
location.
5. Maintenance schedule which describe how and when the plan will be tested.
6. Awareness and education activities- designed to create an understanding of the business
continuity, process and ensure that business continues to be effective.
7. The responsibilities of the individual which describe who is responsible for executing which
component of the plan.
8. Contingency plan testing and recovery procedure.
9. Detailed description of the purpose and scope of the plan.
10. List of vendors doing business with the organization, their contact numbers and address for
emergency purpose.
11. List of phone numbers of the employee in case emergency.
12. Emergency phone number list of firefighter, police, hardware software supplier and customers.
13. Medical procedure to be followed in case injury.
14. Insurance papers and claim forms.
15. Backup location contractual agreements and correspondence.
16. Names of the employees trained for emergency situation, first aid and life saving techniques.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy