About CommentOnThis.com
This is a site designed to make it easier to take the core of large published reports and allow anyone to comment on them.
More...
Send the page:
2.2.18 Prior to rol -out of an e-Government service, the service provider must consider how the required level of IA wil be delivered. This might include developing a clearly documented policy on what compromises and losses are and are not acceptable (these might not necessarily be limited to financial losses), how to monitor such losses and what exception-handling procedures should be used to respond to compromise, minimise loss, and improve the service. This may include the development and implementation of a liability model. Considerations might include, for example, ensuring that third-parties are subject to contractual bindings and are incentivised through transferral or sharing of risk where possible. Measures for audit and accounting, and any other activities that may be reasonably employed to monitor, record and analyse incidences of compromise or potential compromise must be put into place.
