Controls

Zoekopdracht annuleren
Zoekresultaten op 'asset'
Gevonden items
Asset Management
Low
Low
Low
Organisation
v2.0 (Q1 2024)

Organisations maintain an accurate and up-to-date registry of organisational hardware and software assets in a Configuration Management Database (CMDB).

Lees meer
Asset Management
Low
Low
Low
System Owner
v2.0 (Q1 2024)

The assets making up a system that are under control of the organisation are registered and tracked in the CMDB. System owners periodically check that the information in the CMDB regarding their systems is accurate and up-to-date. System owners accurately maintain any documentation needed to deliver, describe, support and maintain the systems.

Lees meer
Asset Management
Medium
Medium
Medium
Organisation
v2.0 (Q1 2024)

Description Organisations actively and passively detect assets that may not be registered in the CMDB, both within the network and outside. Discrepancies in CMDB and detected assets are resolved.

Lees meer
Asset Management
Low
Low
Low
Organisation
v2.0 (Q1 2024)

End users are actively informed on the organisational policies regarding acceptable use of assets. Organisationally offered IT assets and services must be used for professional purposes, the usage of free/private alternatives is not allowed. Templates & References Example AUP (NL): GebruiksreglementDownload

Lees meer
Identity & Access Management
Low
Low
Low
Process Owner
v2.0 (Q1 2024)

Process approve users getting authorisations to the data in the process. The requests of individuals that want access to information assets or authorisations to do so, are logged and retained for at least 1 year. It includes the requester, and the approval (or rejection) of the appropriate data owner. Revocation requests, end of employment notifications and changes are recorded and retained for at least 1 year. After role changes or upon termination of contractual or formal relations between the organisation and the individual, access to data that is no longer part of your role is revoked at first opportunity. If...

Lees meer
Medium
Medium
Medium
Network Security
Organisation
v2.0 (Q1 2024)

Network Access Control is used to determine the level of access users are given to the internal network. Unidentified users get access to the guest network. The authentication system shall be tied to the hardware asset inventory data to ensure only authorised devices can connect to the network. Authenticated users with managed devices can be allowed on the internal network pending verification by a client program of the device OS security update level and anti-malware status. Filters are in place against spoofed addresses.

Lees meer
Medium
Medium
Medium
Network Security
Organisation
v2.0 (Q1 2024)

Networks are segmented if they serve different business purposes or have differing risk levels, determined by the classification of the assets in the same segment. Each network segment is separated by a (virtual) Firewall. Best practices for Network Naming Security are followed. Managed systems belong to one organisationally managed security domain.

Lees meer