-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathss584_nn.html
120 lines (114 loc) · 7.09 KB
/
ss584_nn.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
<?xml version="1.0"?>
<!DOCTYPE html SYSTEM "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns:epub="http://www.idpf.org/2007/ops">
<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Management oversight of information security</title>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<!--TOC script import-->
<script type="text/javascript" src="https://cdn.rawgit.com/jgallen23/toc/0.3.2/dist/toc.min.js"></script>
<!--Google fonts-->
<link href="https://fonts.googleapis.com/css?family=Overpass:300,300i,600,900" rel="stylesheet" />
<link href="https://fonts.googleapis.com/css?family=Lato:400,400i,700,900" rel="stylesheet" />
<!--Font awesome import for the link icon-->
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.0.8/css/solid.css" integrity="sha384-v2Tw72dyUXeU3y4aM2Y0tBJQkGfplr39mxZqlTBDUZAb9BGoC40+rdFCG0m10lXk" crossorigin="anonymous" />
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.0.8/css/fontawesome.css" integrity="sha384-q3jl8XQu1OpdLgGFvNRnPdj5VIlCvgsDQTQB6owSOHWlAurxul7f+JpUOVdAiJ5P" crossorigin="anonymous" />
</head>
<body lang="EN-US" link="blue" vlink="#954F72" xml:lang="EN-US">
<div class="title-section">
<p> </p>
</div>
<br />
<div class="prefatory-section">
<p> </p>
</div>
<br />
<main class="main-section"><button onclick="topFunction()" id="myBtn" title="Go to top">Top</button>
<p class="zzSTDTitle1">Management oversight of information security</p>
<div id="_management_oversight_of_information_security">
<h1>1.  Management oversight of information security</h1>
<div id="_general"><h2>1.1. General</h2>
<div class="require"><p class="AdmonitionTitle">Requirement 1:<br />/ss/584/2015/general/632</p><div><p id="_a1ea0c28-549a-43a6-b9f2-1b584bdd96e5">The Cloud Service Provider’s management and board of directors shall be responsible for the following requirements and audit procedures.</p>
</div></div>
</div>
<div id="_level_1_requirements_and_audit_procedures"><h2>1.2. Level 1 requirements and audit procedures</h2>
<div class="require"><p class="AdmonitionTitle">Requirement 2:<br />/ss/584/2015/level/1</p><div>
<ol type="a" id="_f2490ac7-515c-470d-adf8-87918cb0242a">
<li>
<p id="_1bbca9e0-4148-4e19-8bd1-a5131bfd2682">Managing information security risks related to people, process, technology and governance.</p>
</li>
<li>
<p id="_878966f8-97ff-45ed-9f39-c62bc879c28e">Oversight of the effective implementation of the technology controls.</p>
</li>
<li>
<p id="_92f16226-6fc6-4b5b-a9b3-25a3d5f014b5">Oversight of risk management practices.</p>
</li>
</ol>
</div>
<div>
<ol type="a" id="_369a3d64-5bbc-4d36-acbc-f406f2e8e594">
<li>
<p id="_27deec6a-46d8-400b-99af-8a7e40b0f360">Determine that the responsibilities of management and board of directors in managing and overseeing information security risks are documented and communicated.</p>
</li>
<li>
<p id="_1273e625-c5ac-4974-bf70-2ead382706dc">Inspect documents such as meeting minutes and committee charter to identify the participants involved in the meeting or committee, their respective job functions and the reporting relationship.</p>
</li>
<li>
<p id="_64949386-f021-4a55-89ac-ff739d53e7ee">Determine whether the management and board of directors meet regularly, at an appropriate and monitored frequency.</p>
</li>
<li>
<p id="_53c2e533-2a4e-4646-bb28-bbf888453785">Determine whether the information security function is headed by a Chief Information Security Officer (CISO) or similar function.</p>
</li>
</ol>
</div></div>
</div>
<div id="_level_2_requirements_and_audit_procedures"><h2>1.3. Level 2 requirements and audit procedures</h2>
<div class="require"><p class="AdmonitionTitle">Requirement 3:<br />/ss/584/2015/level/2</p><div>/ss/584/2015/level/1</div><div><p id="_f30371a5-182a-44b2-bc21-edb5a61d341a">The requirements and audit procedures are the same as those in Level 1.</p>
</div><div></div></div>
</div>
<div id="_level_3_requirements_and_audit_procedures"><h2>1.4. Level 3 requirements and audit procedures</h2><div class="require"><p class="AdmonitionTitle">Requirement 4:<br />/ss/584/2015/level/3</p><div>/ss/584/2015/level/2</div><div><p id="_573eb4b3-cf70-46d0-8b99-95106a58afab">The requirements are the same as those in Level 2.</p>
</div><div><p id="_a8e3849c-8a06-4614-a5b4-0af6c6999e74">The audit procedures are those in Level 1 and the following:</p>
<ol type="a" id="_03643979-8b83-4f45-86e6-0c97ba6abd9e">
<li>
<p id="_d9edf41a-a43c-411f-9f15-80a6766845b8">Verify risks have been reviewed, understood, and addressed (i.e. including a cost benefit analysis) by management and the board.</p>
</li>
</ol></div></div>
<div class="recommend"><p class="AdmonitionTitle">Recommendation 1:<br />/ogc/recommendation/wfs/2</p><div><p id="_be628993-14ea-4fa7-9724-4dd701556567">I recommend <i>this</i>.</p>
</div><div><p id="_251fde7b-d106-4e7b-ac3a-ba0652fe3a07">This is the object of the recommendation:</p>
<p class="TableTitle" align="center">Table 1</p><table id="_bb9501b4-9feb-4732-a68b-43bf34bae43a" class="MsoISOTable" border="1" cellspacing="0" cellpadding="0"><thead><tr><th align="left" style="font-weight:bold;border-top:solid windowtext 1.5pt;border-bottom:solid windowtext 1.5pt;">Object</th><th align="left" style="font-weight:bold;border-top:solid windowtext 1.5pt;border-bottom:solid windowtext 1.5pt;">Value</th></tr></thead><tbody><tr><td align="left" style="border-top:solid windowtext 1.5pt;border-bottom:solid windowtext 1.5pt;">Mission</td><td align="left" style="border-top:solid windowtext 1.5pt;border-bottom:solid windowtext 1.5pt;">Accomplished</td></tr></tbody></table></div><div>
<p id="_f99a0f60-3e91-4f1f-9862-28291792e625">As for the measurement targets,</p>
</div><div><p id="_736f91ad-7693-45d6-8250-fc4705b758dd">The measurement target shall be measured as:</p>
<div id="_8952875f-fa30-4c46-b52d-1dcecff4a23d" class="formula"><p><span class="stem"><math xmlns="http://www.w3.org/1998/Math/MathML">
<mfrac>
<mi>r</mi>
<mn>1</mn>
</mfrac>
<mo>=</mo>
<mn>0</mn>
</math></span>  (1)</p></div>
</div>
<div>
<ol type="a" id="_bb63e445-e0ec-4356-9af7-746f959fe090">
<li>
<p id="_92e2cde0-61d5-445d-a064-12e5afabc879">We take a measurement</p>
</li>
<li>
<p id="_e1ca3ff7-c0d5-4cf8-b0a7-d856f341dacd">The measurement is consistent with the formula above</p>
<ol type="1" id="_12fed887-262e-42b4-9da6-fac00430f950">
<li>
<p id="_77c8bccd-744f-41d3-a778-88c53f107341">If the measurement is not consistent with the formula above, then the verification has failed</p>
</li>
</ol>
</li>
</ol>
</div></div></div>
</div>
</main>
<script type="text/x-mathjax-config">
MathJax.Hub.Config({
asciimath2jax: {
delimiters: [['(#(', ')#)']]
}
});
</script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.1/MathJax.js?config=AM_HTMLorMML"></script>
<script src="https://cdn.rawgit.com/google/code-prettify/master/loader/run_prettify.js"></script></body>
</html>