Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.


Share this Page URL
Help

Chapter 5. Application Security and ISO2... > A.10.10.3 Protection of log informat... - Pg. 80

5: Application Security and ISO27001 access to these utilities to specific users. As far as possible, maintain a log of the access and use of system utilities. A.11.5.5 Session time out A.11.5.6 Limitation of connection time These two controls together cover risks to unattended application terminals or critical application terminals in public or other high risk areas. Users might leave the application terminal unattended for a long time. This poses the risk that some other user can have unauthorised access to the application during this time, so applications should `time out' a user after a defined period of inactivity. Time out could terminate the session, or could just clear the screen until re-authentication.