【国外标准】 Wireless Management and Security - Part 1: General Requirements

In today苨 world, both private and public sectors depend upon information technology systems to perform essential and mission-critical functions. In the current environment of increasingly open and interconnected systems and networks, network and data security are essential for the effective use of information technology. Privacy and regulatory requirements highlight this need. For example, systems that perform electronic commerce must protect against unauthorized access to confidential records and unauthorized modification of data. Wireless technologies are rapidly emerging as significant components of these networks. As such, data classification and risk assessments should be performed to determine the sensitivity of, and risk to, data transmitted over wireless networks. Various methods and controls should be considered for data that is sensitive, has a high value, or represents a high value if it is vulnerable to unauthorized disclosure or undetected modification during transmission over wireless networks. These methods and controls support communications security, for example by encrypting the communication prior to transmission and decrypting it at receipt. Note that data classification and risk assessments, regardless of whether data transmission is over wired or wireless environments, should be part of an organization苨 general security policy and best practices. Refer to Annex A Wireless Validation Control Objectives for further details. Part 1 of this Standard provides an overview of wireless radio frequency (RF) technologies and general requirements applicable to all wireless implementations for the financial services industry. Subsequent parts of this Standard will address specific applications to wireless technology and associated risks, as well as technologies, methods and controls that mitigate those risks. Note that other wireless non-radio frequency technologies, such as infrared and lasers are considered out of scope of this Standard. For the purposes of this Standard the use of the terms 魋hall?and 鬽ust?are requirements and therefore mandatory, whereas 魋hould?is a recommendation. Refer to Annex B Wireless Technology for examples.