Information Security Management System ISO/IEC 27001:2013

Similar documents
Information Security Management System ISO/IEC 27001:2013

Information Security Management System ISO/IEC 27001:2013

Information Security Management System ISO/IEC 27001:2013

Information Security Office. Server Vulnerability Management Standards

BERGRIVIER MUNICIPALITY

ISO & ISO & ISO Cloud Documentation Toolkit

WEB HOSTING SERVICE OPERATING PROCEDURES AND PROCESSES UNIVERSITY COMPUTER CENTER UNIVERSITY OF THE PHILIPPINES DILIMAN

Web Hosting: Mason Home Page Server (Jiju) Service Level Agreement 2012

Information Security Office. Information Security Server Vulnerability Management Standards

Standard: Vulnerability Management & Standard

General Data Protection Regulation

COMMON CRITERIA CERTIFICATION REPORT

Data Security Standard 9 IT protection The bigger picture and how the standard fits in

Certification Report

CANADIAN PAYMENTS ASSOCIATION LVTS RULE 11 CHANGE MANAGEMENT, TESTING AND CERTIFICATION

KENYA UNIVERSITIES AND COLLEGES CENTRAL PLACEMENT SERVICE Tel: , P.O. Box , NAIROBI

EXAM PREPARATION GUIDE

Technical Vulnerability and Patch Management Policy Document Number: OIL-IS-POL-TVPM

Certification Report

APPLICATION FOR PRODUCT CERTIFICATION

Certification Report

Certification Report

Predstavenie štandardu ISO/IEC 27005

An Introduction to the ISO Security Standards

What is BS 7799? BS 7799 is the most influential, globally recognised standard for information security management.

ISO/IEC INTERNATIONAL STANDARD

Credentials Policy. Document Summary

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

Integrated Cloud Environment Security White Paper

201 CMR COMPLIANCE CHECKLIST Yes No Reason If No Description

epldt Web Builder Security March 2017

Advent IM Ltd ISO/IEC 27001:2013 vs

LVTS RULE 11 CHANGE MANAGEMENT, TESTING AND CERTIFICATION 2018 CANADIAN PAYMENTS ASSOCIATION

Certification Report

eprost System Policies & Procedures

EU General Data Protection Regulation (GDPR) Achieving compliance

Cloud Security Standards

GDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd

Certification Report

IT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)

ASD CERTIFICATION REPORT

COMMON CRITERIA CERTIFICATION REPORT

Maritime cyber risk management

SPECIFIC PROVISIONS FOR THE ACCREDITATION OF CERTIFICATION BODIES IN THE FIELD OF INFOR- MATION SECURITY MANAGEMENT SYSTEMS (ISO/IEC 27001)

REPORT Bill Bradbury, Secretary of State Cathy Pollino, Director, Audits Division

Security Standards for Electric Market Participants

STATE OF NORTH CAROLINA

ICT OPERATING SYSTEM SECURITY CONTROLS POLICY

COMMON CRITERIA CERTIFICATION REPORT

PHYSICAL AND ENVIRONMENTAL SECURITY

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

E-Security policy. Ormiston Academies Trust. James Miller OAT DPO. Approved by Exec, July Release date July Next release date July 2019

ISO Certification For Laboratory Accreditation. Dr Amadou TALL Consultation

Certification Report

OUR CUSTOMER TERMS CLOUD SERVICES - INFRASTRUCTURE

Cyber Security Requirements for Electronic Safety and Security

ISMS Implementation ISO IT Governance CEN 667

ITSM20F_Umang. Number: ITSM20F Passing Score: 800 Time Limit: 120 min File Version: 4.0. Exin ITSM20F

Certification Report

GUIDELINES FOR CERTIFICATION OF MALAYSIAN SUSTAINABLE PALM OIL (MSPO)

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers

KENYA ACCREDITATION SERVICE

Green Squared Certification Manual

Certification Report

3 rd Party Certification of Compliance with MA: 201 CMR 17.00

Certification Report

IT Security Evaluation and Certification Scheme Document

Information Security Controls Policy

Spillemyndigheden s Certification Programme. Instructions on Penetration Testing SCP EN.1.1

Website Guidelines. Website Guidelines. North Orange County Community College District

AppPulse Point of Presence (POP)

Data Security and Privacy Principles IBM Cloud Services

COMMON CRITERIA CERTIFICATION REPORT

Certification Report

CLOUDVPS SERVICE LEVEL AGREEMENT CLASSIC VPS

Cyber Security Reliability Standards CIP V5 Transition Guidance:

BCS, Professional Certifications

Product Versioning and Back Support Policy

Information Security Management Criteria for Our Business Partners

DATA BACKUP AND RECOVERY POLICY

Certification Report

Level Access Information Security Policy

EU GDPR & ISO Integrated Documentation Toolkit integrated-documentation-toolkit

Version 1/2018. GDPR Processor Security Controls

North Carolina Fire and Rescue Commission Certification Programs POLICY FOR TESTING

Certification Report

INVITATION OF BIDS FOR TENDER

HISPOL The United States House of Representatives Internet/ Intranet Security Policy. CATEGORY: Telecommunications Security

Version v November 2015

COMMON CRITERIA CERTIFICATION REPORT

ZyLAB delivers a SaaS solution through its partner data center provided by Interoute and through Microsoft Azure.

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015

Battery Program Management Document

EEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1,

Computer Security Policy

Certification Report

Juniper Vendor Security Requirements

AUDIT OF ICT STRATEGY IMPLEMENTATION

Global Wind Organisation CRITERIA FOR THE CERTIFICATION BODY

When Recognition Matters INTRODUCING NEW PECB CERTIFICATION SCHEMES.

Transcription:

Information Security Management System ISO/IEC 27001:2013 WEB HOSTING POLICY For PTM Use Only Date: 18 th Nov 2016 Written By: Junnaini Ismun Ketua Bahagian Pengurusan Pusat Data, PTM Verified By: Nor ain Mohamed Wakil Pengurusan Keselamatan Maklumat (ISMR) Approved By: ICT Council

Revision History No Date of Change 1 8 April 2016 Modified statement 3.3, 4.3 & 4.4 Description Page Version Approved By 3-4 1.1 ICT Council FOR UNIVERSITY OF MALAYA USE ONLY Page 1 of 4

1.0 Purpose The purpose of this document is to provide a clear understanding on the management of Responsibility Centres s (RC s) websites that are being put in the web hosting server(s) of UM Centre For Information technology (PTM) based on the risks identified and international best practices. 2.0 Scope The scope of this document covers all websites in the web hosting servers under the management of PTM. However the scope of the Information Security Management System (ISMS) audit and certification only covers PTM s staff and PTM s assets which are located in the PTM premises. 3.0 Responsibilities of RCs 3.1 Only official websites from the following departments can be hosted by PTM : I. Responsibility Centres II. Associations III. Uniform bodies recognized by UM IV. Research Centres V. Residential Colleges Others may be considered, if approved by the PTM management The Responsibility Centres, Associations, Uniform bodies, Research Centres and Residential Colleges will be referred to as RC in this document. 3.2 Only websites that have been scanned and confirmed without vulnerabilities will be allowed to use the web hosting services. 3.3 Websites placed in the webhosting servers must comply to the environment listed below: FOR UNIVERSITY OF MALAYA USE ONLY Page 2 of 4

Environment of Application Server i. Operating System : Linux, Windows 2003, Windows 2008, Windows 2012 ii. Web Application : IIS 7.0 and above, Apache ver 5 and above iii. Programming language : HTML,ASP, PHP ver 5 and above iv. ODBC : MySQL Driver Environment of Database Server i. Operating System : Redhat Linux ii. Database : MySQL 5 3.4 RC has to apply at least 3 weeks before placing their websites in the web hosting server in PTM. During this period, the websites will be scanned for vulnerabilities. 3.5 RC is fully responsible for the contents of the website placed in the web hosting server. 3.6 RC has to practice secure coding to ensure the security of the website. 3.7 RC has to ensure only official sites are operating in the website. 3.8 RC is to send an official letter to PTM requesting the website to be closed when the web hosting services are no longer required. 3.9 RC has to cooperate with PTM to recover data and services should the website experience problems or is corrupted. 3.10 RC has to appoint a certified webmaster to manage the website as well as the security aspects of the website. 3.11 RC is responsible to safeguard the password given by PTM. 3.12 RC has to monitor the version of the programming language and the content management system engine (if applicable), and upgrade them if any security issues exist. PTM has the rights to close the website if no action was taken to address the vulnerabilities within a month. 3.13 RC is fully responsible for the development process of their website. FOR UNIVERSITY OF MALAYA USE ONLY Page 3 of 4

4.0 Roles and Responsibilities of PTM 4.1 Liaise with RC s representative on matters concerning PTM s web hosting services and facilities. 4.2 Ensure backup for the website is being implemented according to the details stated in RC s application form. 4.3 Ensure the security of the web hosting servers by doing the necessary updates and patching, as well as monitoring webhosting server security, on a continuous and periodic basis. 4.4 If there is any security issue on webhosting application, RC will be responsible to ensure they are resolved. 4.5 Ensure the webserver and database of the website are continuously available. If there are any problems, implement the workaround to revive the website according to the procedure given by the RC. If unsuccessful, communicate with RC. FOR UNIVERSITY OF MALAYA USE ONLY Page 4 of 4

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback