Gap Assessment 2

1. Develops, Distributes And Maintains A Formal Policy And Procedure For The Management Of Information Security Incidents.

2. Establishes A Capability (Incident Response Team) For The Information Security Incidents Response And Handling Across The Entity.

3. Assigns Responsibility To All Employees Or Any Users Dealing With The Entity's Information, Through Any Means, For Reporting Promptly Any Observed Or Suspected Information Security Incidents Or Weaknesses In Systems Or Services, To The Responsible Entity's Team.

4. Implements An Escalation Process For Reporting Information Security Incidents Identified As High Severity For The Entity And Identifies And Engages External Authorities For Further Investigation If Needed For Such Incidents.

5. Gathers And Retains Any Evidences Related To Any Information Security Incidents

6. Develops A Knowledge Base From All Information Security Incidents Which Includes Details Of Previous Incidents, Their Types, Cost, And Any Other Relevant Information.

7. Develops, Distributes And Maintains Appropriate Authentication Policy(Ies) (E.G. A Password Management Policy That Clearly Addresses The Password Allocation Process, Users' Responsibilities On Passwords Use And The Recommended Password Structure, Etc.).

8. Employs A Process For Review And Re-Authorization Of User Access Rights On A Periodic Basis, As Defined By The Entity.

9. Ensures That All Employees, Contractors And Outsourced Employees Are Provided With Information Security Awareness Programs On A Regular Basis

10. Develops an Application or Software Development Life Cycle (SDLC) methodology incorporating adequate security controls at all phases of the software development life cycle, while considering the defined security requirements (e.g. functional, technical, assurance etc.) at each software development stage.

11. Defines, distributes and maintains a formal procedure for secure deployment, distribution, provisioning and decommissioning of portable computing device applications, application interfaces (APIs) (including third party components), through regular updates / checks to ensure adequate level of security