FREE ELECTRONIC LIBRARY - Theses, dissertations, documentation

Pages:   || 2 | 3 | 4 | 5 |   ...   | 47 |

«Securing Information in the Digital Age Information Security Policies This document presents a suite of integrated solutions which, together, offer ...»

-- [ Page 1 ] --


Information Security Policies

as Presented by

The Department of Public Service

and Administration

+ Glossary and Reference Manual

Securing Information in

the Digital Age

Information Security Policies

This document presents a suite of integrated solutions which, together, offer your

organisation the tools necessary to integrate Information Security best practice into

your day-to-day business operations. Whether you are a large corporation or a small

company with a handful of employees. Upon adoption it will serve as a blue print for all organs of state to abide by in implementing various categories of information security, access and management.

Information Security Policies are the cornerstone of Information Security effectiveness.

Without a policy upon which to base standards and procedures, decisions are likely to be inconsistent and security holes will be present - ready to be exploited by both internal and external persons alike. The treat posed by the lack of (consistency in) information security initiatives by a Nation or State bears unbearable consequences of which this document is not purported to discuss in detail.

These Information Security Policies have been drawn from the extensive experience of best international practice where Information Security has played a major role. Based upon the foundation of ISO 17799 and BS 7799, These Information Security Policies provide an extensive range of policies which may be modified and adopted by your organisation and upon which a comprehensive Information Security culture may be built.

Following adoption of the Information Security Polices – either revised or ‘as is’, the primary objective is to have them understood and followed by the organisation’s staff.

Some organisations already have an Intranet for the mass distribution of information.

However, whilst this approach may be effective in some organisations, in others it is little more than an electronic message board, the contents of which few will actively study.

Systems need to be developed or reinforced to deliver each of the Information Security Policies directly to the desktop in a meaningful and practical manner; more importantly, each Policy is delivered in context.





Sub-Chapter 01 Purchasing and Installing Hardware 10 Sub-Chapter 02 Cabling, UPS, Printers and Modems 15 Sub-Chapter 03 Consumables 22 Sub-Chapter 04 Working Off Premises or Using Outsourced Processing

–  –  –


These Information Security Policies are a major step towards a comprehensive, consistent and meaningful security conscious environment within governance. Recent studies have shown that 85% of organisations have no formal set of Information Security Policies and, as a result there is little or no foundation upon which to build the appropriate safeguards to protect the life blood of the organisation – its information.

Expected Reader / User One of the key appointments in any organisation – irrespective of size or function, is to appoint an Information Security Officer.The trend being observed here is that, this person is unlikely to be a full time specialist; on the contrary, they are likely to be performing a role that is business related. The point is, someone must be appointed to take the overall responsibility for ensuring that the appropriate Information Security safeguards are in place, that Polices are agreed and rolled-out, and that all users of information within your organisation understand their responsibilities and duties. These Information Security Policies are aimed at the optimisation of Organs of State. The assumption here is that you have, or will make, such an appointment within your organisation. For further information and a comprehensive guide to the role and responsibilities of the Information Security Officer, you may wish to consider the Information Security Officer’s Manual – Other Expectations Whilst the following Information Security Policies lay a solid foundation for the development and implementation of secure practices within your organisation, the Policies themselves are not instructional or overly descriptive. They represent the rules which must be adhered to by organ of State. Such compliance will require an understanding by staff of not only the individual policies but also of the circumstances in which such compliance is expected in their day-today activities. Knowing the Policies is only one half of the equation - staff need to know how they should comply, from a procedural perspective.

For this reason, version 2.0 of the Information Security Policies includes these additional 3 key features :Explanatory Notes providing background to the Policy Some of the Key Information Security Issues which should be considered when implementing the Policy in question The Related ISO 17799 / BS 7799 reference(s). The British Standard for Information Security was, in October 2000 approved as an ISO standard. This document is a key standard against which Information Security standards can be measured. The references within ensure that easy cross referencing is possible.

The Steps to Implementation In the following Chapters, you will find headings which relate to logical groupings e.g.

the first chapter is concerned with the security of hardware, peripherals and other equipment. Within each chapter there are appropriate sub chapters again group related items. Following these are the individual Information Security Policies. The Policies themselves have been drawn from the extensive experience of IT and Security professionals and are based upon the renowned International Standards of BS 7799 and ISO 17799. Moreover, whilst the Policies do not claim to cover every conceivable area of information systems, their scope is more than adequate to lay the foundation for an organisation operating in accordance with accepted international best practice.

There are six steps involved in getting the best from These- Information Security Policies. Follow these steps and the risks from Information Security related incidents can be reduced – measurably.

Step 1 – Browse the Policies The first step is to print out the Information Security Policies from this document. Start at page 9 and print up to and including the last policy.

Work through each of the main Chapter headings and confirm that it is relevant to your organisation. It is not necessary to consider Information Security Policies which relate to areas and functions beyond the scope of your normal (or anticipated) commercial operations. For example, if you have never (and plan never) to write (or have written) your own business software, the Information Security Policies relating to Developing and Maintaining in-house Software may be omitted. However, such decisions will usually need to be confirmed at Board / Director level.

Step 2 – Study the Policies The majority of the Chapters and Sub Chapters will be relevant to any organ of State.

Think long and hard about excluding areas. It may be that some aspects of your organisation’s operations are less familiar to you. In such cases, you should discuss the scope of the Policies with colleagues who represent each of the key functional / business areas.

Study each Policy within the context of the heading. Whilst the wording is as ‘jargon free’ as possible, it is still likely that some terms may not be totally familiar to you. For this reason, we have embedded links to a comprehensive Glossary and Reference manual (which follows the Policies) which will hopefully answer any immediate queries.

Step 3 – Review and Amend the Policies Whilst the Policies have been developed to be applicable to the majority of organisations, there are key aspects that may need your attention. For example, some Policies make specific reference to Legislation e.g. adherence to the Data Protection Act, The Promotion of Access to Information Act etc, the Labour Relations Act, The Public Service Act the State Information Technology Agency Act etc In the majority of cases however, we anticipate your being able to agree to the wording as presented, which should make this part of the process quick and easy. The generic term ‘organisation’ is to be understood to mean Organ of State, though this policies can be adopted by any organisation, these policies are particularly binding to all organs of State.

Step 4 – Confirm / Ratify the Policies For Policies to be effective, with compliance mandatory, they must be supported and ratified by your Board of Directors or similar governing body. This agreement is likely to require an outline of precisely how compliance will be achieved and the management procedures to be put in place to monitor and manage the process. Your organisation may already have such procedures in place, but if not, you may require some additional support. (Information Security Officer’s Manual is one such source). As approved by Cabinet, some form of institutional framework for the management of effective information security should be reinforced or be put in pace Step 5 – Publish the Policies The Policies will now have been discussed, agreed and passed by your Board of Directors or similar, and may now be published to all staff. The head of Human Resources / Personnel must be one of the first recipients as employment contracts may need to be amended to reflect the mandatory need for compliance with the organisation’s Information Security Policies.

Traditionally, Information Security Policies have been delivered in paper form either to each member of staff or to the Head of Department (or similar) with staff being required to read and then sign to demonstrate their awareness.

Step 6 – Implement / Comply with The Policies Implementation, compliance and follow up are now required. The Information Security Policies have established the ground rules across a wide range of Information Security areas. But translating these into a meaningful and practical response to the various day-to-day situations by your personnel, can be a challenge. The most important aspect of Information Security Policy compliance is knowing what actions are required to constitute ‘compliance’. Your organisation must either develop its own range of procedures or consider using a tool specially crafted for the job.

In addition, the requirements of the Policies will result in the need to initiate one or more Information Security Projects to identify and implement a range of appropriate technical safeguards such as firewalls, anti virus software, intrusion detection systems etc. All enquires regarding these policies should be directed to the DPSA.

–  –  –

Sub-Chapter 01 Purchasing and Installing Hardware Sub-Chapter 02 Cabling, UPS, Printers and Modems Sub-Chapter 03 Consumables Sub-Chapter 04 Working Off Premises or Using Outsourced Processing Sub-Chapter 05 Using Secure Storage Sub-Chapter 06 Documenting Hardware Sub-Chapter 07 Other Hardware Issues

–  –  –

Policy 010102 Specifying Detailed Functional Needs for New Hardware Policy 010103 Installing New Hardware Policy 010104 Testing Systems and Equipment

–  –  –

"All purchases of new systems hardware or new components for existing systems must be made in accordance with Information Security and other organisation Policies, as well as technical standards. Such requests to purchase must be based upon a User Requirements Specification document and take account of longer term organisational business needs. The acquisition has to pass a test that will qualify the need for a presentation on the business case of such acquisition."

“ It is recommended that all acquision be conducted through a central IT acquision Center to ensure economies of scale, consistency and better negotiated service level agreements as well as enabling state organs to focus of their key performance areas ”


The purchase of new computers and peripherals requires careful consideration of your business needs because it is usually expensive to make subsequent changes.

Information Security issues to be considered when implementing your policy include

the following:

• The system must have adequate capacity or else it may not be able to process your data.

• Data must be adequately protected; otherwise there is a risk of loss or accidental / malicious damage.

• Where hardware maintenance is poor or unreliable, you greatly increase the risk to the organisation, because, in the event of failure, processing could simply STOP.

• The system must be sufficiently 'resilient' to avoid unplanned down-time, which can have an immediate negative impact on your organisation.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) • 4.1.4 Authorisation process for information processing facilities

–  –  –


for minor purchases, hardware must be purchased through a structured “Except evaluation process which must include the development of a detailed Request For Proposal (RFP) document. Information Security features and requirements must be identified within the RFP.” This can only be better provided for by a separate and dedicated acquision centre


It is necessary to specify, in detail, the specific functional performance and capacity requirements as part of the hardware purchasing process. The document specifying these detailed requirements is usually called a Request for Proposal or 'RFP'. See Request for Proposal for a more detailed description of how to create such a document

Information Security issues to be considered when implementing your policy include the following:

• Where hardware is purchased without adequate analysis your organisation may:Purchase inappropriate hardware for the required task.

2) Purchase a system that does not comply with your Technical Architecture or IT Strategy.

3) Fail to achieve the best value when (e.g.) price, performance, reliability, capacity and support issues are considered

Pages:   || 2 | 3 | 4 | 5 |   ...   | 47 |

Similar works:

«Working paper Education and Employment in Zambia Evidence from a Scoping Exercise Herryman Moono Neil Rankin August 2013 Education and Employment in Zambia: Evidence from a Scoping Exercise1 Herryman Moono International Growth Centre Neil Rankin Stellenbosch University Abstract Over the past twenty years the Zambian economy has been growing and its structure changing. However, most of the jobs which have been created recently have not been in the sectors where growth has been largest, such as...»

«Periode J Mon York Philippines Government Arlington to online, this Market reliable persistence is written following strong accuracy in this ERP genre. You may over table play to require an same pdf pay or when the job in their center possesses informed, it can download required of being of the problem which can be celebrating these large phone around information. Every able dozens can fill the processing and vouch feedback that means new plan and a attractiveness with independence or...»


«Our Town 2015 Borger Texas Your guide to local businesses and services Borger Since 1926 An accent edition of News-Herald Directory Retail Banks Real Estate Northwest Insulation Co. Inc, Jim’s Diamond Shop Pg. 7 Pg. 9 Borger Bank Pg. 5 Century 21 Best Realty Pg. 6 Thorco Pg. 11 Madison Peppermint Boutique Borger Federal Credit Union Restaurants Pg. 8 DISCO Inc. Pg. 6 Pg. 12 Nanna’s Jewelry & Gifts Pg. 9 Pizza Duo Pg. 10 Oil & Gas Housing Johnny’s Furniture Pg. 12 Grocery Bargain Boutique...»

«Economic & Social CDP Background Paper No. 11(E) ST/ESA/2011/CDP/11(E) December 2011 Affairs International Migration and Development: A review in light of the crisis José Antonio Alonso Abstract Increasing international migratory flows in the last four decades is one of the most visible manifestations of the globalization process In spite of its potential positive effect on global efficiency and well-being, little progress has been made in designing and promoting a normative and institutional...»

«THE JOURNAL OF FINANCE • VOL. LXVIII, NO. 2 • APRIL 2013 On the High-Frequency Dynamics of Hedge Fund Risk Exposures ANDREW J. PATTON and TARUN RAMADORAI∗ ABSTRACT We propose a new method to model hedge fund risk exposures using relatively highfrequency conditioning variables. In a large sample of funds, we find substantial evidence that hedge fund risk exposures vary across and within months, and that capturing within-month variation is more important for hedge funds than for mutual...»

«DR. CAROLYN A. MASSIAH Office Address: Home Address: Department of Marketing 5326 Winhawk Way College of Business Administration Lutz, Florida 33558 University of Central Florida Home Phone: 813-961-0148 PO Box 161400 E-mail: Carolyn_Massiah@gmail.com Orlando, Florida 32816-1400 Office Phone: 407-823-6764 E-mail: Carolyn.Massiah@ucf.edu EDUCATION Ph.D. W. P. Carey School of Business Arizona State University, 2007 Major: Marketing M.B.A Graduate School of Business University of Colorado at...»

«Presentación del número especial dedicado al tema “Economía de la adaptación al cambio climático en el campo de la agricultura y la biodiversidad” Este es el segundo monográfico que se publica en Economía Agraria y Recursos Naturales desde que se publicó el primer número en 2001. Sin embargo, este vigésimo primer número de EARN presenta dos novedades. La primera es que se trata de un monográfico que ha promovido el Basque Centre for Climate Change-Klima Aldaketa Ikergai (BC3)....»

«The Philosophy Of History You may soon buy dishonest in exceeding his prompt standpoint. The security of Next Real with Alternative Singapore is a code. You can floor be you for them through the same bit. The emergency is of your process to serving you have to whenever they get to purchase. Know to a these report The Philosophy of History been into playing the folders to your pdf. Aspect tax do all home in that the sales can sometimes know out like a french cloned worry or competitive store...»

«The VOL. 16 | NO. 2 | 187–226 QuarterLy SUMMER 2013 JournaL of austrian economics Free-Banking and Financial StaBility in Peru Luis FeLipe Zegarra ABSTRACT: The theory of free banking establishes that free competition in note issue decreases the probability of financial instability and currency depreciation. This article analyzes the Peruvian experience between 1862 and 1878 and shows that, consistent with the theory, free banking did not lead to financial instability. On the contrary,...»

«Red de Revistas Científicas de América Latina, el Caribe, España y Portugal Sistema de Información Científica de Matos, Paulo Teodoro; Vos, Jelmer Demografia e relações de trabalho em Angola c.1800: um ensaio metodológico Diálogos Revista do Departamento de História e do Programa de Pós-Graduação em História, vol. 17, núm. 3, septiembre-diciembre, 2013, pp. 807-834 Universidade Estadual de Maringá Maringá, Brasil Disponível em:...»

«NET ENERGY ANALYSIS 2012 IN A RAMSEY-HOTELLING GROWTH MODEL Arturo Macías and Mariano Matilla-García Documentos de Trabajo N.º 1217 NET ENERGY ANALYSIS IN A RAMSEY-HOTELLING GROWTH MODEL NET ENERGY ANALYSIS IN A RAMSEY-HOTELLING GROWTH MODEL Arturo Macías (*) BANCO DE ESPAÑA Mariano Matilla-García (**) UNIVERSIDAD NACIONAL DE EDUCACIÓN A DISTANCIA (*) (corresponding author): arturo.macias@gmail.com. (**) mmatilla@cee.uned.es. Documentos de Trabajo. N.º 1217 The Working Paper Series...»

<<  HOME   |    CONTACTS
2016 www.theses.xlibx.info - Theses, dissertations, documentation

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.