ANSI-X9-TG-5-1992.pdf
《ANSI-X9-TG-5-1992.pdf》由会员分享,可在线阅读,更多相关《ANSI-X9-TG-5-1992.pdf(68页珍藏版)》请在三一文库上搜索。
1、Developed By Accredited Standards Committee X9 - Financial Services INFORMATION SECURITY GUIDELINE Developed by Accredited Standards Committee X9 - Financial Services PUBLISHED BY AMERICAN BANKERS ASSOCIATION X9 - SECRETARIAT Copyright American National Standards Institute Provided by IHS under lice
2、nse with ANSI Licensee=IHS Employees/1111111001, User=listmgr, listmgr Not for Resale, 04/29/2007 20:10:55 MDTNo reproduction or networking permitted without license from IHS -,-,- Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=IHS Employees/11111110
3、01, User=listmgr, listmgr Not for Resale, 04/29/2007 20:10:55 MDTNo reproduction or networking permitted without license from IHS -,-,- Information Security for Financial Institutions Developed by the Accredited Standards Committee on Financial Services, X9 operating under the procedures of the Amer
4、ican National Standards Institute Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=IHS Employees/1111111001, User=listmgr, listmgr Not for Resale, 04/29/2007 20:10:55 MDTNo reproduction or networking permitted without license from IHS -,-,- O 1992 by t
5、he American Bankers Association All Rights Reserved Published exclusively by Washington Publishing Company Printed in the United States of America 1992 Printing Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=IHS Employees/1111111001, User=listmgr, li
6、stmgr Not for Resale, 04/29/2007 20:10:55 MDTNo reproduction or networking permitted without license from IHS -,-,- Contents Foreword . Page . . vi 1 Introduction . 1 1.1 Scopeandpurpose . 1 1.2 Application 1 1.3 Note on definitions . 1 2 References 1 2.1 Standards referenced in text 7 2.2 Regulatio
7、ns referenced in text 1 2.3 Other documents referenced in text 2 3 Executivesumma ry . 2 4 How to use this document 3 5 Requirements 4 6 Information security program components 4 6.1 General Duties 4 6.1.1 Directors . 4 6.1.2 Chief Executive Officer 4 6.1.3 Managers 5 6.1.4 Employees, vendors, and c
8、ontractors should 5 6.1.5 Lawyers . 5 6.1.6 Information Security Officers . 5 6.1.7 Information Systems Security Administrator . 6 6.2 Riskacceptance . 7 6.3 Insurance 7 6.4 Audit 7 6.5 Regulatory compliance 7 6.6 Disaster recovery planning . 8 6.7 Information security awareness . 8 6.8 External ser
9、vice providers 9 6.9 Cryptographic operations 9 6.10 Privacy . 10 7 Discussion of threats and controls . 11 Platform Independent 7.1 Information classification 11 7.1.1 Highly sensitive 1 1 Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=IHS Employees
10、/1111111001, User=listmgr, listmgr Not for Resale, 04/29/2007 20:10:55 MDTNo reproduction or networking permitted without license from IHS -,-,- Contents continued 7.1.2 Sensitive . Page 11 7.1.3 Internal . 11 7.1.4 Public 11 7.2 Logical access control 12 7.2.1 Identification of users 12 7.2.2 Authe
11、ntication of users 12 7.2.3 Limiting sign-on attempts . 13 7.2.4 Unattended terminals 13 7.2.5 Operating system access control . 13 7.2.6 Warning 13 7.3 Audit trails . 13 7.4 Change controls 14 7.4.1 Emergency problems 14 7.5 Computers 14 7.5.1 Physical protection 14 7.5.2 Logical access control . 1
12、5 7.5.3 Change 15 7.5.4 Equipment maintenance . 15 7.5.5 Casual viewing . 15 7.5.6 Emulation concerns . 15 7.5.7 Business continuity . 15 7.5.8 Audit trails 15 7.6 Networks 15 7.6.1 Network integrity . 15 7.6.2 Access control . 16 7.6.3 Dial-in 16 7.6.4 Network equipment . 16 7.6.5 Change 16 7.6.6 C
13、onnection with other networks 16 7.6.7 Network monitoring . 16 7.6.8 Disclosure during transmission 16 7.6.9 Network availability . 16 7.6.10 Audit trails 17 Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=IHS Employees/1111111001, User=listmgr, listm
14、gr Not for Resale, 04/29/2007 20:10:55 MDTNo reproduction or networking permitted without license from IHS -,-,- Contents continued Page 7.7 Software 17 7.7.1 Applications . 17 7.7.2 Databases 17 7.7.3 Application testing 18 7.7.4 Defective software 18 7.7.5 Change . 18 7.7.6 Availability of softwar
15、e code . 18 7.7.7 Unlicensed software . 18 7.7.8 Property rights . 18 7.7.9 Viruses . 18 7.7.1 O Memory resident programs . 19 7.7.1 1 Remote control . 19 7.7.1 2 Software provided to customers 19 7.8 Human factors 19 7.8.1 Awareness 19 7.8.2 Management 20 7.8.3 Unauthorized use of information resou
16、rces . 20 7.8.4 Hiring practices 20 7.8.5 Ethics policy . 20 7.8.6 Fraud detection 20 7.8.7 Know your employee 20 7.8.8 Former employees 20 7.9 Voice, telephone and related equipment 20 7.9.1 Access to VoiceMail system . 21 7.9.2 Private Branch Exchange (PBX) . 21 7.9.3 Spoken word 21 7.9.4 Intercep
17、t 21 7.9.5 Business continuity . 21 7.9.6 Documentation . 21 7.9.7 Voice Response Units (VRU) 22 7.1 O Facsimile and image . 22 7.1 0.1 Modification . 22 7.10.2 Misdirection of messages . 22 Platform Dependent . 111 Copyright American National Standards Institute Provided by IHS under license with A
18、NSI Licensee=IHS Employees/1111111001, User=listmgr, listmgr Not for Resale, 04/29/2007 20:10:55 MDTNo reproduction or networking permitted without license from IHS -,-,- Contents continued Page 7.10.3 Disclosure 22 7.1 0.4 Business continuity . 23 7.10.5 Denial of service . 23 7.1 0.6 Retention of
19、documents 23 7.1 1 Electronic Mail 23 7.1 1.1 Authorized users . 23 7.1 1.2 Physical protection 23 7.1 1.3 Integrity of transactions 23 7.11.4 Disclosure 23 7.1 1.5 Business continuity . 23 7.1 1.6 Message retention 24 7.1 1.7 Privacy and E-Mail 24 7.1 2 Paper documents . 24 7.1 2.1 Modification . 2
20、4 7.12.2 Viewing 24 7.1 2.3 Storage facilities . 24 7.12.4 Destruction 24 7.12.5 Business continuity . 24 7.12.6 Preservation of evidence . 24 7.12.7 Labeling 25 7.12.8 Forged documents 25 7.12.9 Output distribution schemes 25 7.13 Microform and other media storage . 25 7.13.1 Disclosure 25 7.13.2 D
21、estruction 25 7.1 3.3 Business continuity . 25 7.14 Financial transaction cards 25 7.1 4.1 Physical security . 26 7.14.2 Insider abuse 26 7.14.3 Transportation of PINS . 26 7.14.4 Personnel . 26 7.14.5 Audit . 26 7.14.6 Enforcement . 26 7.13.4 Environmental 25 iv Copyright American National Standard
22、s Institute Provided by IHS under license with ANSI Licensee=IHS Employees/1111111001, User=listmgr, listmgr Not for Resale, 04/29/2007 20:10:55 MDTNo reproduction or networking permitted without license from IHS -,-,- Contents continued Page 7.1 4.7 Counterfeit card prevention . 26 7.1 5 Automated
23、Teller Machines . 26 7.15.1 User identification . 26 7.1 5.2 Authenticity of information 27 7.15.3 Disclosure of information . 27 7.1 5.4 Fraud prevention . 27 7.15.5 Maintenance and service . 27 7.16 Electronic Fund Transfers . 27 7.16.1 Unauthorized source 27 7.16.2 Unauthorized changes . 27 7.16.
24、3 Replay o f messages . 27 7.16.4 Record retention 28 7.16.5 Legal basis for payments . 28 8 Sources of further help 28 8.1 Financial service institutions . 28 7.17 Checks . 28 8.2 Standards . 29 8.2.1 ASC X9 standards 29 8.2.2 Electronic Data Interchange standards 29 8.2.3 ANSVIEEE software standar
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- ANSI X9 TG 1992
链接地址:https://www.31doc.com/p-3730654.html