...
DaveK - No access unless authorised. Hide the existence of jobs and their details
Integrity example Dave?
DaveK - Researchers like to be sure that their data has not been tampered with. It is interesting to know what has been done to ensure integrity during data transfer and then also during storage
Examples of compliance mechanisms are top-level security policies, resource provider agreements, and terms of service that allow the organization to enforce policies for entities bypassing the model. For example, a resource provider setting up a gateway which bypasses authentication and authorization by sharing an account might be cut off from resources for breaking the model.
Dave, does this just duplicate OS7?
DaveK - I guess it could do but I think the idea was that OS1 talks more about the management commitment to ensure compliance and the policies requiring this, whereas OS7 is more about the escalation and enforcement procedures. The words don't make this clear so we need to modify
[OS2]
A process that ensures that security patches in operating system and application software are applied in a timely manner, and that patch application is recorded and communicated to the appropriate contacts.
...