- IS security
- Personal Data Protection Security Project
- Security Project for Technical Device Designed for Work with Classified Information
- Risk Analysis and CRAMM Risk Analysis
- Personal Security
- Business Continuity Management - BCM
- Business Impact Analysis - BIA
- Network Security
- Protection Against Malicious Code
- Security Incident Monitoring and Management
- Access Control
- Security Policy Enforcement
- Security Control Documents
- Effective Use of the Internet
- Protection of technical means against unwanted electromagnetic radiation using TEMPEST filters
- Technical and object security
- IT solutions
- SW solutions
Security Control Documents
Security solutions must form a cornerstone of IS building process. The building strategy assumes interoperability of individual IS components. It is therefore necessary to promote interoperability also in the field of security, applying the same standard as is valid in the entire organization. The task of such standard is to provide for compatibility of measures in various IS components as well as IS HW and SW components, and to secure a unified system for security measure administration and monitoring. This is the main reason for documenting system security using a complex of internal control documents that lay down clear and unambiguous rules for users, administrators and suppliers.
Security control documents include:
- security policy
- security manual
- security architecture
The Security Policy is the fundamental control document, declaring information, technical and personal security policy for all organizational components as well as for the organization’s environment. The Security Policy defines a strategy for protecting all tangible as well as intangible assets.
The Security Manual determines the security system structure at the level of legislation, standards, technologically independent specifications and practices, which are intended to achieve security requirements for IS development, operation and administration as well as for security system operation, as set out by the Security Policy.
The Security Architecture is a document created based on the Security Policy requirements concerning the technical measures area. It contains a specification of security standards and security procedures implemented in the IS environment. The security architecture is technologically independent, specifying unambiguous interconnection of security procedures with processes and their most important components.
Security control documents preferentially respect, and are based on the ISO-27000 family of international standards.
An essential prerequisite for security system functionality is also the existence of a stable organizational security structure that is responsible for the performance of the following tasks:
- design, implementation and approval of technical and organizational measures
- operation of implemented measures
- monitoring of compliance with the implemented security measures