Monash University IT Security Framework

IMS3110 & IMS5002 Students: You can view the contents of this page, but you are unable to view any of the contents of this framework.

1. Security Organisation

1.1   Introduction
1.2   Information Technology Security Policy
1.3   Information Technology Security Infrastructure
1.4   Security of Third Party Access
1.5   Outsourcing

2. Asset Control

2.1   Introduction
2.2   Asset Management
2.3   Information Classification
2.4   Information Disposal

3. User Awareness

3.1   Introduction
3.2   User Responsibility and Education
3.3   Security & Other Incident Response

4. Physical Security

4.1   Introduction
4.2   Secure Areas
4.3   Equipment Security

5. Data Centre Management

5.1   Introduction
5.2   Operational Procedures & Responsibilities
5.3   System Planning and Acceptance
5.4   Protection Against Malicious Software
5.5   Backup and Logging
5.6   Management of Cryptography
5.7   Media Handling and Security
5.8   Exchanges of Information and Software

6. Network Security

6.1   Introduction
6.2   Network Management
6.3   Network Access Control
6.4   Perimeter Security
6.5   Monitor System Use

7. Access Control

7.1   Introduction
7.2   Business Requirement for Access Control
7.3   User Access Management
7.4   Operating System Access Control
7.5   Application Access Control
7.6   Mobile Computing and Teleworking

8. Systems Development Life Cycle

8.1   Introduction
8.2   Security - Applications
8.3   Security - Operating Systems
8.4   Security - Development & Support Processes

9. Business Continuity and Disaster Recovery Planning

9.1   Introduction
9.2   Business Continuity and Disaster Recovery Management
9.3   Security Incident Handling

10. Compliance

10.1   Introduction
10.2   Compliance with Legal Requirements
10.3   Security Policy Technical Compliance
10.4   Audit & Risk Management