Page 194 - Building Big Data Applications
P. 194
Chapter 10 Building the big data application 193
3. Terms and conditions of employment
Do the terms and conditions of the employment cover the employee’s re-
sponsibility for
User training
1. Information security education and training
Do all employees of the organization and third-party users (where relevant)
receive appropriate information security training and regular updates in organi-
zational policies and procedures?
Responding to security/threat incidents
1. Reporting security/threat incidents
Does a formal reporting procedure exist, to report security/threat incidents
through appropriate management channels as quickly as possible?
2. Reporting security weaknesses
Does a formal reporting procedure or guideline exist for users, to report security
weakness in, or threats to, systems or services?
Physical and environmental security
1. Equipment location protection
Are items requiring special protection isolated to reduce the general level of
protection required?
Are controls adopted to minimize risk from potential threats such as theft, fire,
explosives, smoke, water, vibration, chemical effects, electrical supply interfaces,
electromagnetic radiation, and flood?
2. Power Supplies
Is the equipment protected from power failures by using redundant power sup-
plies such as multiple feeds, uninterruptible power supply (ups), backup gener-
ator etc.?
3. Equipment Maintenance
Is maintenance carried out only by authorized personnel?
Is the equipment covered by insurance, and are the insurance requirements
satisfied?
4. Securing of equipment offsite
Does any equipment usage outside an organization’s premises for information
processing have to be authorized by the management?
Is the security provided for equipment while outside the premises equal to or
more than the security provided inside the premises?
