Difference between revisions of "5) Infrastructure and Security Risk Management"

From CLOCKSS Trusted Digital Repository Documents
Jump to: navigation, search
(Initial version)
 
(Initial version)
 
Line 1: Line 1:
 
= Infrastructure and Security Risk Management =
 
= Infrastructure and Security Risk Management =
  
[[5.1) Technical Infrastructure Risk Management]]
+
== 5.1) Technical Infrastructure Risk Management ==
  
[[5.2) Security Risk Management]]
+
* [[5.1.1 Identify and manage the risks to its preservation operations and goals associated with system infrastructure | 5.1.1 - The repository shall identify and manage the risks to its preservation operations and goals associated with system infrastructure.]]
 +
* [[5.1.1.1 Employ technology watches or other technology monitoring notification systems | 5.1.1.1 - The repository shall employ technology watches or other technology monitoring notification systems.]]
 +
* [[5.1.1.1.1 Hardware technologies appropriate to the services it provides to its designated communities | 5.1.1.1.1 - The repository shall have hardware technologies appropriate to the services it provides to its designated communities.]]
 +
* [[5.1.1.1.2 Procedures in place to monitor and receive notifications when hardware technology changes are needed | 5.1.1.1.2 - The repository shall have procedures in place to monitor and receive notifications when hardware technology changes are needed.]]
 +
* [[5.1.1.1.3 Procedures in place to evaluate when changes are needed to current hardware | 5.1.1.1.3 - The repository shall have procedures in place to evaluate when changes are needed to current hardware.]]
 +
* [[5.1.1.1.4 Procedures, commitment and funding to replace hardware when evaluation indicates the need to do so | 5.1.1.1.4 - The repository shall have procedures, commitment and funding to replace hardware when evaluation indicates the need to do so.]]
 +
* [[5.1.1.1.5 Software technologies appropriate to the services it provides to its designated communities | 5.1.1.1.5 - The repository shall have software technologies appropriate to the services it provides to its designated communities.]]
 +
* [[5.1.1.1.6 Procedures in place to monitor and receive notifications when software changes are needed | 5.1.1.1.6 - The repository shall have procedures in place to monitor and receive notifications when software changes are needed.]]
 +
* [[5.1.1.1.7 Procedures in place to evaluate when changes are needed to current software | 5.1.1.1.7 - The repository shall have procedures in place to evaluate when changes are needed to current software.]]
 +
* [[ 5.1.1.1.8 Procedures, commitment and funding to replace software when evaluation indicates the need to do so | 5.1.1.1.8 - The repository shall have procedures, commitment and funding to replace software when evaluation indicates the need to do so.]]
 +
* [[5.1.1.2 Adequate hardware and software support for backup functionality sufficient for preserving the repository content and tracking repository functions | 5.1.1.2 - The repository shall have adequate hardware and software support for backup functionality sufficient for preserving the repository content and tracking repository functions.]]
 +
* [[5.1.1.3 Effective mechanisms to detect bit corruption or loss | 5.1.1.3 - The repository shall have effective mechanisms to detect bit corruption or loss.]]
 +
* [[5.1.1.3.1 Record and report to its administration all incidents of data corruption or loss, and steps shall be taken to repair/replace | 5.1.1.3.1 - The repository shall record and report to its administration all incidents of data corruption or loss, and steps shall be taken to repair/replace corrupt or lost data.]]
 +
* [[5.1.1.4 Process to record and react to the availability of new security updates based on a risk-benefit assessment | 5.1.1.4 - The repository shall have a process to record and react to the availability of new security updates based on a risk-benefit assessment.]]
 +
* [[5.1.1.5 Defined processes for storage media and/or hardware change (e.g., refreshing, migration) | 5.1.1.5 - The repository shall have defined processes for storage media and/or hardware change (e.g., refreshing, migration).]]
 +
* [[5.1.1.6 Identified and documented critical processes that affect its ability to comply with its mandatory responsibilities | 5.1.1.6 - The repository shall have identified and documented critical processes that affect its ability to comply with its mandatory responsibilities.]]
 +
* [[5.1.1.6.1 Documented change management process that identifies changes to critical processes that potentially affect the repository's ability to comply with its mandatory responsibilities | 5.1.1.6.1 - The repository shall have a documented change management process that identifies changes to critical processes that potentially affect the repository's ability to comply with its mandatory responsibilities.]]
 +
* [[5.1.1.6.2 Process for testing and evaluating the effect of changes to the repository's critical processes | 5.1.1.6.2 - The repository shall have a process for testing and evaluating the effect of changes to the repository's critical processes.]]
 +
* [[5.1.2 Manage the number and location of copies of all digital objects | 5.1.2 - The repository shall manage the number and location of copies of all digital objects.]]
 +
* [[5.1.2.1 Mechanisms in place to ensure any/multiple copies of digital objects are synchronized | 5.1.2.1 - The repository shall have mechanisms in place to ensure any/multiple copies of digital objects are synchronized.]]
 +
 
 +
== 5.2) Security Risk Management ==
 +
 
 +
* [[5.2.1 Maintain a systematic analysis of security risk factors associated with data, systems, personnel, and physical plant | 5.2.1 - The repository shall maintain a systematic analysis of security risk factors associated with data, systems, personnel, and physical plant.]]
 +
* [[5.2.2 Implemented controls to adequately address each of the defined security risks | 5.2.2 - The repository shall have implemented controls to adequately address each of the defined security risks.]]
 +
* [[5.2.3 Staff shall have delineated roles, responsibilities, and authorizations related to implementing changes | 5.2.3 - The repository staff shall have delineated roles, responsibilities, and authorizations related to implementing changes within the system.]]
 +
* [[5.2.4 Suitable written disaster preparedness and recovery plan(s), including at least one off-site backup of all preserved information together with an offsite copy of the recovery plan(s) | 5.2.4 - The repository shall have suitable written disaster preparedness and recovery plan(s), including at least one off-site backup of all preserved information together with an offsite copy of the recovery plan(s).]]

Latest revision as of 00:20, 22 September 2013

Infrastructure and Security Risk Management

5.1) Technical Infrastructure Risk Management

5.2) Security Risk Management