Page 195 - Building Big Data Applications
P. 195
194 Building Big Data Applications
5. Secure disposal or reuse of equipment
Are storage devices containing sensitive information either physically destroyed
or securely over written?
1. Removal of property
Can equipment, information, or software be taken offsite without appropriate
authorization?
Are spot checks or regular audits conducted to detect unauthorized removal of
property?
Are individuals aware of these types of spot checks or regular audits?
Communications and operations management
1. Documented-operating procedures
Does the security policy identify any operating procedures such as Backup,
Equipment maintenance etc.?
2. Incident management procedures
Does an incident management procedure exist to handle security/threat
incidents?
Does the procedure address the incident management responsibilities, orderly
and quick response to security/threat incidents?
Does the procedure address different types of incidents ranging from denial of
service to breach of confidentiality etc., and ways to handle them?
Are the audit trails and logs relating to the incidents are maintained and proac-
tive action taken in a way that the incident doesn’t reoccur?
3. External facilities management
Are any of the Information processing facilities managed by an external com-
pany or contractor (third party)?
Are the risks associated with such management identified in advance, discussed
with the third party and appropriate controls incorporated into the contract?
Is necessary approval obtained from business and application owners?
Media handling and security
1. Management of removable computer media
Does a procedure exist for management of removable computer media such as
tapes, disks, cassettes, memory cards, and reports?
Exchange of information and software
1. Information and software exchange agreement
Is there any formal or informal agreement between the organizations for ex-
change of information and software?
