Page 196 - Building Big Data Applications
P. 196

Chapter 10   Building the big data application  195


                   Access control
                     Does the agreement address the security issues based on the sensitivity of the
                      business information involved?
                 2. Other forms of information exchange
                     Are there are any policies, procedures or controls in place to protect the exchange of
                      information through the use of voice, facsimile and video communication facilities?

                 Business requirements for access control
                 1. Access control policy
                     Have the business requirements for access control been defined and documented?
                     Does the access control policy address the rules and rights for each user or a
                      group of users?
                     Are the users and service providers given a clear statement of the business
                      requirement to be met by access controls?

                 Mobile computing and telecommuting

                 1. Mobile computing
                     Has a formal policy been adopted that considers the risks of working with
                      computing facilities such as notebooks, tablets, and mobile devices etc., espe-
                      cially in unprotected environments?
                     Was training arranged for staff that use mobile computing facilities to raise their
                      awareness on the additional risks resulting from this way of working and con-
                      trols that need to be implemented to mitigate the risks?
                 2. Telecommuting
                     Are there any policies, procedures and/or standards to control telecommuting
                      activities, this should be consistent with organization’s security policy?
                     Is suitable protection of telecommuting site in place against threats such as
                      theft of equipment, unauthorized disclosure of information etc.?

                 Business continuity management

                 Aspects of business continuity management

                 1. Business continuity management process
                     Is there a managed process in place for developing and maintaining business
                      continuity throughout the organization? This might include Organization wide
                      Business continuity plan, regular testing and updating of the plan, formulating
                      and documenting a business continuity strategy etc.,
                 2. Business continuity and impact analysis
                     Are events that could cause interruptions to business process been identified?
                      Example: equipment failure, flood and fire.
   191   192   193   194   195   196   197   198   199   200   201