Procedures

The thirteen layers of e-security described in The World Bank publication covers both the hardware and software pertaining to network infrastructures. These 13 layers comprise a matrix, which manages the externalities associated with open architecture environments.

1. Risk Management—A broad based framework for managing assets and relevant risks to those assets.

2. Policy Management- A program should control Bank policy and procedural guidelines vis-à-vis employee computer usage.

3. Cyber-Intelligence- Experienced threat and technical intelligence analysis regarding threats, vulnerabilities, incidents, and countermeasure should provide timely and customized reporting to prevent a security incident before it occurs.

4. Access Controls/Authentication—Establish the legitimacy of a node or user before allowing access to requested information. The first line of defense is access controls; these can be divided in to passwords, tokens, biometrics, and public key infrastructure (PKI).

5. Firewalls—Create a system or combination of systems that enforces a boundary between two or more networks.

Download Free IT Security Awareness and Training Program Plan Templates. This templates consist of explanation and sample of Background of the Awareness and Training Program such as: OMB A-130, Appendix III, Federal Information Security Management Act (FISMA) or Specific department and/or agency policy (and other relevant information or rationale that may drive an awareness and training program and plan). This template also give complete

1. Systems Maintenance
Objective: Determine that all maintenance activity is performed and documented according to installation standards and procedures by reviewing documentation related to systems maintenance.

Audit steps
a. Determine whether standards have been established for the documentation of systems maintenance
b. Evaluate existing standards to determine whether they are comprehensive enough and cover issues such as compliance with International Standards Organization (ISO) 17799
c. Review a sample of existing documentation to determine whether it complies with installation standards
d. Ascertain whether systems maintenance documentation is maintained in a secure environment and protected against tampering

Until its final enactment on June 1, 2007, REACH (EC 1907/2006) was a matter not only of serious legislative debate, but also on the receiving end of bitter condemnation. And though it may still be grounds for all sorts of feelings, good and bad, the fact is that its regulations will force businesses around the world to make some excruciating decisions about tens of thousands of substances by June 2008, because that is the date of the first regulatory deadline set to affect existing chemical products. REACH, whose provisions will be phased-in over 11 years, now replaces 40 existing pieces of legislation in the European Union (EU). Companies can find explanations of REACH in the guidance documents, on the EU’s REACH web site (see Figure 12-1) and a number of help desks are available for consultation. The European Commission is slated to conduct a series of reviews of REACH Annexes until December 2008 (Annexes I, IV, V, XI, XIII).

What REACH says

The TSCA (which hasn’t been amended since its enactment over 30 years ago) is to REACH what a speck of dust is to the sun. The difference between them — to say nothing of both the immediate and long-term consequences of the latter — is enormous. Remember our discussion on the difference between substances and materials? Well, this is where those differences come into play even as they are obliterated. Forget materials. REACH forces companies to comply on the level of substances — an enormous task compared to complying with the TSCA.

The current registration process, in which you must register every product you make with the European Chemicals Agency (ECA), covers nearly 30,000 substances. Of these, 2,500 are likely to be hazardous to human health or the environment and will have to undergo continued testing to show that they can be used safely. Over the next dozen years, however, as many as 100,000 existing substances will be subject to REACH evaluation, authorization, and, in many cases, restriction. Ultimately, the ECA estimates that a total of 150,000 to 200,000 substances will be registered, though some authorities put that number much higher, going so far as to suggest that there will be half a million applications for approval.