IT Examiner School

Program Implementation Chief Information Security Officers

 Should report directly to the Board or senior management.  Should be risk managers and not an IT resource.  Prevent conflicts of interest.

47

Program Implementation Policy, Standards & Procedures

• Policy : All external business communication via the Internet will provide confidentiality, integrity, and availability. • Standards : We will use an FIPS 140-3 encryption for IPSec VPN with key exchange via IKE using RSA digital certificates. • Procedures : Configure Cisco 3620 with IPSec using AES128 encryption to host…

Policy

Standards

Procedures