Data leakage prevention measures should be applied to systems, networks and any other devices that process, store or transmit sensitive information.
Backup copies of information, software and systems should be maintained and regularly tested in accordance with the agreed topic-specific policy on backup.
Information processing facilities should be implemented with redundancy sufficient to meet availability requirements.
Logs that record activities, exceptions, faults and other relevant events should be produced, stored, protected and analysed.
Networks, systems and applications should be monitored for anomalous behaviour and appropriate actions taken to evaluate potential information security incidents.
The clocks of information processing systems used by the organization should be synchronized to approved time sources.
The use of utility programs that can be capable of overriding system and application controls should be restricted and tightly controlled.
Procedures and measures should be implemented to securely manage software installation on operational systems.
Networks and network devices should be secured, managed and controlled to protect information in systems and applications.
Security mechanisms, service levels and service requirements of network services should be identified, implemented and monitored.
Passcode