Re: ISO IEC 27002 (ISO-17799) assistance please.

["Tima Soni" <tima.soni () gmail com>]

Please refer to section 11.3.2 - unattended user equipments and
section 11.3.3 that states clear screen policy. In this section, it
clearly states that systems should be kept locked with an appropriate
authentication mechanism when left unattended.

You should be able to demonstrate that you are protecting unattended
equipments and that users are aware of the policy of locking their
workstations when they  are away.

Thanks

Tima

On Jan 11, 2008 8:06 AM, Chris Barber <cmbarber () gmail com> wrote:
> I am hoping that the experts on this list might be able to assist me
> with problem.  I have a consultant who is doing some audit work for
> the company I work for.  This consultant has been quoting information
> about best business practice and standards and has my managment in a
> bit of a tizzy.  So far I have been able to prove or disprove most
> things that he has been telling my managment, but I am stuck one and
> it seems that this item has struck a nerve.
>
> The consultant has claimed that both NIST and ISO-17799 recomend the
> use of automated workstation locking after X minutes.  I have found
> information on the NIST Standard but have not been able to find
> anything on the ISO-17799 standard (or atleast not without buying it).
>  Does anyone on the list happen to have a copy of ISO-17799, if so
> could you help me prove or disprove this comment?
>
> I have done several google searches and all of the links I get end up
> asking me to purchase the Standard.  I think having it would be a good
> thing, just that I do not have money in my budget to purchase it.
>
> Many thanks in advance,
>
> Chris.