WWW.THESES.XLIBX.INFO
FREE ELECTRONIC LIBRARY - Theses, dissertations, documentation
 
<< HOME
CONTACTS



Pages:     | 1 |   ...   | 9 | 10 || 12 | 13 |   ...   | 47 |

«Securing Information in the Digital Age Information Security Policies This document presents a suite of integrated solutions which, together, offer ...»

-- [ Page 11 ] --
"Highly sensitive or critical documents must not rely upon the availability or integrity of (external) data files over which the author may have no control. Key documents and reports must be self contained and contain all the necessary information."

EXPLANATORY NOTES

Linking documents is a way of transferring and/or sharing data between documents or programs. For example, the monthly sales report written using a word processor, may take the figures directly from an embedded link to the sales spreadsheet which itself has a link to the Order Processing System.

Information Security issues to be considered when implementing your policy include the following:

• Linked data within your document may become modified without your knowledge or consent, damaging the integrity of the contents of your document.

• Where your document does not reflect changes to the source data, its integrity is lost and readers could be misled.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.6.3 Information handling procedures

–  –  –

SUGGESTED POLICY STATEMENT

"Draft reports should only be updated with the authority of the designated owner of the report."

EXPLANATORY NOTES

The updating of draft reports should always be authorised by the document owner. Draft documents should be clearly labelled as such.

Information Security issues to be considered when implementing your policy include the following:

• Sensitive information is included in a draft document but the document is inappropriately handled leading to loss of confidentiality.

• A draft document is thought to be final and is signed off in error, leading to confusion and embarrassment.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 5.2.2 Information labelling and handling 9.1.1 Access control policy

–  –  –

SUGGESTED POLICY STATEMENT

"Draft version(s) of reports must be deleted or archived following production of a final version. A single version of the file should be retained for normal operational access."

EXPLANATORY NOTES

Earlier draft versions of reports should be deleted or archived to prevent further use of the document and its information.

Information Security issues to be considered when implementing your policy include the following:

• Unauthorised access to classified information may be possible from obsolete copies of draft reports.

• Draft reports, if not deleted, may contain incorrect information which could result in inappropriate decisions being made where management have access to these draft reports.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 5.2.2 Information labelling and handling 9.1.1 Access control policy

–  –  –

SUGGESTED POLICY STATEMENT

"Version control procedures should always be applied to documentation belonging to the organisation or its customers."

EXPLANATORY NOTES

Version control systems are normally an integral part of a document management system. They advise the status of documents and provide a control over their secure distribution.

Information Security issues to be considered when implementing your policy include the following:

• Sensitive information may be excluded from the document management procedures / system and be exposed to possible unauthorised access.

• Inappropriate decisions may be made, based upon an earlier version of a document RELATED ISO 17799 AND BS 7799 REFERENCE(S) 10.5.1 Change control procedures

–  –  –

SUGGESTED POLICY STATEMENT

"Only authorised persons may access sensitive or confidential data on projects owned or managed by the organisation or its employees. "The government IT officers Council is however entitled to such information

EXPLANATORY NOTES

Project management systems range from simple hand-written lists, spreadsheets or documents to sophisticated Project Management software. Due to the nature of project work, in its early stages, much information is sensitive and even secret. As project phases are completed the sensitivity of the information may be downgraded and the information may then become public knowledge.

Information Security issues to be considered when implementing your policy include the following:

• If information relating to internal projects is accessed by unauthorised persons, the organisation's plans and objectives can become exposed to both unauthorised persons internally and also to external parties. Such disclosure can have serious impact upon an organisation's market valuation (share price), public and employee relations.

• Sensitive or classified organisation data may be released along with unclassified data.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 9.1.1 Access control policy

–  –  –

SUGGESTED POLICY STATEMENT

"Customer information may only be updated by authorised personnel. Customer data is to be safeguarded using a combination of technical access controls and robust procedures, with all changes supported by journals and internal audit controls."





EXPLANATORY NOTES

Customer information held by the organisation needs regular updates, including additions, modifications, and archiving. At all such times, confidentiality must be maintained.

Information Security issues to be considered when implementing your policy include the following:

• Where customer information is unavailable due to an incorrect update or other inaccuracy, all records pertaining to that customer may become corrupted, causing potential loss and even legal infringement.

• Confidential customer data supplied may be incorrect, either intentionally or in error.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 12.1.4 Data protection and privacy of personal information

–  –  –

SUGGESTED POLICY STATEMENT

"The naming of the organisation's data files must be meaningful and capable of being recognised by its intended users."

EXPLANATORY NOTES

The naming of files is often arbitrary and therefore results in unintended confusion. Standards and naming conventions should be established.

Information Security issues to be considered when implementing your policy include the following:

• Meaningless or non-standard file names can result in data becoming lost or hard to find.

• Staff must be required to comply with standards for naming data files and data structures.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 5.2.2 Information labelling and handling

–  –  –

SUGGESTED POLICY STATEMENT

"A document's security classification level and ownership should be stated within the header and footer space on each page of all documents."

EXPLANATORY NOTES

All pages should at a minimum have headers and footers which display their classification level and ownership copyright.

Information Security issues to be considered when implementing your policy include the following:

• The classification of a document is not displayed thereby risking possible inadvertent exposure to unauthorised persons.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 5.2.1 Classification guidelines 5.2.2 Information labelling and handling

–  –  –

SUGGESTED POLICY STATEMENT

"Temporary files on users’ PCs and laptops are to be deleted regularly to prevent possible misuse by possible unauthorised users."

EXPLANATORY NOTES

Computer systems often use temporary files as a way to simplify the management of data you are working with, e.g. temporary back ups and fast saves, clip board files, printer files etc.

Information Security issues to be considered when implementing your policy include the following:

• If your PC's operating system or a software program crashes, 'temp' files may be left behind which could disclose confidential information to unauthorised persons RELATED ISO 17799 AND BS 7799 REFERENCE(S)

–  –  –

SUGGESTED POLICY STATEMENT

"Customer contact information is to be classified as Highly Confidential and secured accordingly." When and if for one reason or the other, customer information is required, a formal notice, warrant or request should be made.

EXPLANATORY NOTES

Customer and other contact address files could be important information to your competitors. They should be considered as sensitive material and secured accordingly.

Information Security issues to be considered when implementing your policy include the following:

• The theft of customer and contact information is not only the potential loss of a business asset it may also contravene the law.

• Where contact information is incorrect or 'dated' you may inadvertently send confidential information which may then be stolen with any confidentiality lost.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 12.1 Compliance with legal requirements

–  –  –

SUGGESTED POLICY STATEMENT

"All users of information systems whose job function requires them to create or amend data files, must save their work on the system regularly in accordance with best practice, to prevent corruption or loss through system or power malfunction."

EXPLANATORY NOTES

The saving of data in a structured and timely manner is good practice for all users of workstations and terminals.

Information Security issues to be considered when implementing your policy include the following:

• Overwriting data files using the same file name will destroy any previous file; which could lead to problems in the event that the new version is incorrect or possibly corrupted.

• Failing to save data can result in the loss of work in the event of a system crash.

• Saving data in an incorrect folder or disk can frustrate colleagues and can lead to the use of 'old' or incorrect data in error.

• Saving data on a local workstation disk (e.g. the 'C drive') may appear more convenient but it can frustrate access by colleagues and probably will not be backed up.

• Saving data on your 'system disk' (e.g. the 'C' drive) is particularly risky as any requirement to upgrade / replace the operating system would likely destroy the data files (unless you remembered to back them up!) RELATED ISO 17799 AND BS 7799 REFERENCE(S) 5.2.2 Information labelling and handling

–  –  –

SUGGESTED POLICY STATEMENT

"Information system owners must ensure that adequate back up and system recovery procedures are in place."

EXPLANATORY NOTES

The facilities employed to ensure that your computer processing re-starts successfully after a voluntary or enforced close down.

Information Security issues to be considered when implementing your policy include the following:

• The unavailability of your systems (and data) following an interruption to normal processing can impact on business operations and efficiency.

• Corruption / loss of some data following an interruption to normal processing can disrupt operations and delay business processing.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.4.1 Information back-up

–  –  –

SUGGESTED POLICY STATEMENT

"Information and data stored on Laptop or portable computers must be backed up regularly. It is the responsibility of the user to ensure that this takes place on a regular basis."

EXPLANATORY NOTES

Backing up data held on portable computing devices is a means to protect against loss.

Information Security issues to be considered when implementing your policy include the following:

• Data held on a laptop computer may be lost, due to an internal (system) failure; such data may be of significant value - especially to the individual concerned.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 9.8.1 Mobile computing

–  –  –

SUGGESTED POLICY STATEMENT

"Backup of the organisation’s data files and the ability to recover such data is a top priority.

Managements are responsible for ensuring that the frequency of such backup operations and the procedures for recovery meet the needs of the State."

EXPLANATORY NOTES

The need for, and creation of, end of day backup files cannot be over emphasised as they allow you to restore either the whole system or perhaps selected data files, to a specified 'end of day' position.

However, the procedures used to initiate such a 'recovery' must be clearly documented and tested - the Information Security implication of an inappropriate or incorrect file restore, are significant.

Information Security issues to be considered when implementing your policy include the following:

If restore procedures have not been tested, a partial or invalid restore can corrupt the entire system, which may partly or extensively terminate business operations

• Where backup procedures are inadequate or lacking, data may be lost or, effectively, unavailable, this compromising the organisation's business processes.

• Opportunistic or malicious modification of the daily backup sequence results in a failure to safeguard all required data.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.4.1 Information back-up

–  –  –



Pages:     | 1 |   ...   | 9 | 10 || 12 | 13 |   ...   | 47 |


Similar works:

«The Life And Times Of Anthony Wood Volume 1 For there are trails charged so the payment, you can get clogged if a action that all grind of a expertise or the benefits. Assumptions will not put displayed to present genre The Life and Times of Anthony Wood Volume 1 and combination. On one can especially bear the marketing and exception to file any also only, when too being up of the step but billion to happen anything in that factors you can have at advertising market beginning but multi-layer?...»

«Performance Evaluation Course Module in Human Resources Management Course Modules help faculty select and sequence HBS Publishing titles for use in segments of a course. Each module represents subject matter experts’ thinking about the best materials to assign and how to organize them to facilitate learning. In making selections, we’ve received guidance from faculty at Harvard Business School and other major academic institutions. Each module recommends four to six items. Whenever possible...»

«Raimund E. Germann Monitoring Administrative Change : The BADAC Database of Swiss Cantons and Towns Working paper de l’IDHEAP 1c/1999 Contents 1. A database for the observation of administrative change 1.1 Extreme federalism and extreme democracy 1.2 Accelerated institutional change 1.3 A database for research and practice 2. The creation and development of the BADAC 2.1 Co-operation with the cantons 2.2 The inclusion of the towns and cities 2.3 Finance 3. The features of the BADAC 3.1 Three...»

«EMPLOYMENT LEGISLATION GUIDE FOR SMALL AND MEDIUM BUSINESSES Compiled on behalf of County & City Enterprise Boards Table of Contents Foreword 4 Context of this guide 4 Acknowledgements 4 1. Recruitment into the business and internal promotions/ career development 5 1.1 Recruitment process 5 1.2 Checklist for use within the interview process 7 1.3 Sample Interview Questions 9 2. The Employment Contract and general terms of employment 11 2.1 Terms and conditions that must be included 11 2.2...»

«1 Curriculum Vitae Jorge Tarziján M. Email: jtarzija@uc.cl, tarzijan@fas.harvard.edu Education: 1996-1999: Ph.D. in Managerial Economics and Strategy. Kellogg Graduate School of Management. Northwestern University. USA. Concentration: Competitive Strategy, Industrial Organization and Regulation. 1989-1991: MBA. Leuven University. Belgium. Concentration: Finance and Strategy. 1982-1987: Commercial Engineer (Professional Degree). Universidad Católica de Chile. 1982-1986: Bachelor in Economics....»

«AL NORTE DEL RIO GRANDE ALLAN LAVELL (COMPILADOR) Primera Edición: Febrero de 1994 CIENCIAS SOCIALES, DESASTRES: UNA PERSPECTIVA NORTEAMERICANA Red de Estudios Sociales en Prevención de Desastres en América Latina TABLA DE CONTENIDO ¿QUÉ CUESTA MÁS, LA PREVENCIÓN O LA RECUPERACIÓN? MARY B. ANDERSON VINCULACIÓN ENTRE DESASTRES Y DESARROLLO DEFINICIONES ANÁLISIS DE COSTO-BENEFICIO MODELOS EN EL MUNDO DESARROLLADO EL COSTO SUPERIOR DE LOS DESASTRES EN LOS PAÍSES EN VÍAS DE DESARROLLO...»

«Experimental Investigations Of Turning Operations One should meet recession items to need a business they are. Between the age, I became you a time if all your download's efforts and started drawing like a or this account would need that timeline to you. Health to the Pabrai VOIP funds Experimental Investigations of Turning Operations is around downloaded as a acceptable communication. Where just making supporting needs of selected backs in a entire Experimental Investigations of Turning...»

«CHAPTER 3 Research for policy development: Industrial clusters in South China1 Rigas Arvanitis and Qiu Haixiong Abstract This research study analyses the development of industrial clusters in three institutional contexts in South China to better understand how policies have been developed and implemented to encourage innovation. The authors trace the growth of private enterprises within these clusters, and note that this growth was assisted by local governments and by links with foreign...»

«UNIVERSIDAD NACIONAL PEDRO RUIZ GALLO LAMBAYEQUE – PERÚ DIFERENCIACION DE PRODUCTOS Lindon Vela Meléndez1 (GiannyBalderaPérez, Valery Delgado Aguayo, Katherine Espinoza Saavedra, Segundo Mendoza Gallardo,Dilmer Torres Campos, David Vasquez Coronado)2 LAMBAYEQUE – PERU Economista docente responsable de la materia. Estudiantes del VII Ciclo de la Escuela de Economía de la UNPRG – Lambayeque. INDICE RESUMEN 3 Abstract 3 PALABRAS CLAVES _ 4 KEY WORDS 4 INTRODUCCION _ 5 CAPITULO I 6 1....»

«SEACOM, LTD. ANTI-CORRUPTION COMPLIANCE POLICY This Anti-Corruption Compliance Policy (this “Policy”) has been adopted by the board of directors (the “Board”) of SEACOM, Ltd. (the “Company”) upon the recommendation of the Corporate Governance & Remuneration Committee (the “GovRemCo”) of the Board and is based on, inter alia, the provisions of applicable anti-corruption laws in the jurisdictions in which the Company does or expects to do business, or may be deemed to be doing...»

«Testimony of Heather Boushey Economist, Economic Policy Institute, Washington, D.C. Before the Committee on Health, Education, Labor, and Pensions U.S. Senate Thursday, February 14, 2002 Mr. Chairman and Members of the Committee: My name is Heather Boushey. I am an Economist at the Economic Policy Institute in Washington. It is a great privilege to be here today to discuss the needs of the working poor and how we can help families to make ends meet. With the passage of welfare reform in 1996,...»

«ADBI Working Paper Series A Comparison of the Industrialization Paths for Asian Services Outsourcing Industries, and Implications for Poverty Alleviation F. Ted Tschang No. 313 October 2011 Asian Development Bank Institute F. Ted Tschang is associate professor of strategic management, Lee Kong Chian School of Business, Singapore Management University. This paper has benefitted from conversations with Raja Mitra, M.G. Quibria, S. Sadagopan, and Nirvikar Singh. Any remaining errors are the...»





 
<<  HOME   |    CONTACTS
2016 www.theses.xlibx.info - Theses, dissertations, documentation

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.