This is a site designed to make it easier to take the core of large published reports and allow anyone to comment on them.
2.2.18 Prior to rol -out of an e-Government service, the service provider must consider how the required level of IA wil be delivered. This might include developing a clearly documented policy on what compromises and losses are and are not acceptable (these might not necessarily be limited to financial losses), how to monitor such losses and what exception-handling procedures should be used to respond to compromise, minimise loss, and improve the service. This may include the development and implementation of a liability model. Considerations might include, for example, ensuring that third-parties are subject to contractual bindings and are incentivised through transferral or sharing of risk where possible. Measures for audit and accounting, and any other activities that may be reasonably employed to monitor, record and analyse incidences of compromise or potential compromise must be put into place.
As ageneral observation, it's always a mistake to write these "best practice" policy documents in the passive. If you say "something must be done" it overlooks the important matter of who is responsible for doing it, and what the consequences for them are if they dont do it.Posted by William on 2007-02-14 16:00:46. Link. Report abuse to firstname.lastname@example.org. Back to the main document list