Property:Integrity rationale

From OIAr Archive 2013
Jump to navigation Jump to search

This text describes why a certain integrity has been selected.

Showing 17 pages using this property.
Access from non-ArchiSurance employees is easy in this open kind of Environment. Facilities should be protected from abuse.  +
Because facilities in this Environment are used for interaction with external systems and users, sufficient provisions should be taken to safeguard the integrity of these facilities. Because facilities are placed in a safe (physical) location, in most cases the "Medium" level will be adequate.  +
''is not an issue for ArchiSurance, but for the provider''  +
Sufficient integrity measures should be in place in order to safeguard that facilities in this environment are only used by ArchiSurance employees.  +
End-users have direct, unattended access to most infrastructure facilities in this Environment. To prevent abuse, vandalism and long periods of unavailability, facilities must be equipped with high-class integrity provisions.  +
Sufficient levels of authentication and encryption are necessary to counterbalance the effect of unauthorized use by people that find or steal client facilities of ArchiSurance employees.  +
''-''  +
''-''  +
Because this Environment offers facilities to establish connections with other networks and systems that are accessed by external users/machines, these facilities should be protected against (in-band) misuse, abuse and vandalism.  +
Facilities and (especially) storage media should be protected in this Environment, because of their importance to Business Continuity and legal obligations.  +
On-site facilities are vulnerable to unauthorized access and manipulation. Therefore, facilities should be hardened and protected from abuse. Although data that is supported by the facilities in this Environment is not business critical, misuse can cause damage to brand and/or cause customer dissatisfaction.  +
''-''  +