ABC Inc. is a leading telecom provider with a customer base of over million of users. It provides all the telephone and internet services to its customers.
ABC Inc. is ready with the disaster recovery technique, so the risks can be handled in the organization with care and proper management; they are also maintaining a risk assessment report.
Review of Security Controls
They have documented the security plan for the organization and they keep on reviewing and improving the same.
It deals with the configuration management system implemented in the company. On every Wednesday, the management plans a meeting for a ...view middle of the document...
Users who have direct access to the system have not gone for any background investigations.There are no clearly defined duties between programmers and administrators.
7. Physical Security
The Physical security is being provided to the system by manpower and by using access restricted zones in the organization. The system is also prepared for any disaster recovery by using disaster recovery management.
8. Production, Input/Output Controls
The input for the production is the responsibility of only the authorized users. The data is sensitive and it can be retrieved after its disposal. The company has not as such implemented any controls for data disposal.
9. Contingency Planning
The company takes back-up after each month’s end.The system can be restored using OIM.Restoration of the system can take few minutes to an hour.Back-up procedures have been tested successfully.
10. HW/SW Maintenance
The HW/SW is maintained using oracle guidelines. All the required security patches have been implemented in the system.
11. Data Integrity
There are no measures to control the virus attack which may result into a lot of hazards.
The company is following proper documentation. It has documented the security plan, risk evaluation & assessment report, etc.
13. Security Awareness and Training
The security awareness training has been provided only to limited number of employees, these employees are part of the upper-management. Rest of the employees does not know much about the security training.
14. Incident Response
If an incident occurs in the company, the reporter reports to the IT Helpdesk guys at the toll-free numbers and then they route the call to the concerned employee and then the action is taken. The logs are maintained for all this purpose.
15. Identification and Authentication
ABC Inc. is following user and access management based on Oracle Identity Manager (OIM) and Oracle Access Manager (OAM). Every user is assigned with a unique user-id and password so that they can manage their unique identity in the organization so that the system can authenticate the valid user.
16. Logical Access Controls