Page 40 - CISSO_Prep_ Guide
P. 40
- Access control
- Cryptography
- Physical and Environmental Security
- Operations security
- Communications security
- Systems acquisition, development, and maintenance
- Supplier relationships
- Information security incident management
- Information security aspects of business continuity
management
- Compliance
Many organizations use the ISO/IEC standard as a template to
build their own security program. It is a reputable and
comprehensive list that allows the flexibility to adjust an
organization's security program to its specific risk and business
environment.
Organizations that want to be evaluated and certified as
compliant with the ISO-defined information security best
practices can be certified under the ISO/IEC27001 standard.
That standard outlines the Information Technology - Security
techniques - Information security management systems -
requirements.
PCI-DSS - Payment Card Industry - Data Security Standard,
Requirements and Security Assessment Procedures (version
2.0)
The payment card industry data security standard is an excellent
template for the protection of sensitive information. This standard
was written by a consortium of companies that issue payment
