WWW.THESES.XLIBX.INFO
FREE ELECTRONIC LIBRARY - Theses, dissertations, documentation
 
<< HOME
CONTACTS



Pages:     | 1 |   ...   | 10 | 11 || 13 | 14 |   ...   | 47 |

«Securing Information in the Digital Age Information Security Policies This document presents a suite of integrated solutions which, together, offer ...»

-- [ Page 12 ] --

SUGGESTED POLICY STATEMENT

"The storage media used for the archiving of information must be appropriate to its expected longevity. The format in which the data is stored must be carefully considered, especially where proprietary formats are involved."

EXPLANATORY NOTES

This refers to information which is not required on a day to day basis, but which needs to be retained for a certain period, and also information which is retained in perpetuity and referred to infrequently but periodically. Such data is often removed from your day-to-day processing, thereby reducing the overhead on storage and processing resources.

Information Security issues to be considered when implementing your policy include the following:

• Weaknesses in the longevity of the media used for archives can result in a failure to restore the required data when, eventually, it is needed.

• Archived data can often be retained in a proprietary format which is no longer supported by your present systems, thus frustrating attempts at access.

N.B. This is a real risk that has yet to be fully quantified. With the accelerating evolution of operating systems, processor technology, and applications software, it is uncertain which of the late 20th century and early 21st century 'standards', will still be in use say in 10 years time, when the need arises to restore the data files from pre-2000.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.4.1 Information back-up

–  –  –

SUGGESTED POLICY STATEMENT

"The archiving of electronic data files must reflect the needs of the organisation and also any legal and regulatory requirements."

EXPLANATORY NOTES

Archiving electronic files follows the same guidelines as archiving documents, but covers additional information about retrieval.

Information Security issues to be considered when implementing your policy include the following:

• Not having a suitable Retention Policy could lead to data being deleted inappropriately.

• Where legacy documents 'cannot be found' they may have been inappropriately deleted or prematurely archived.

• Information can be lost whilst storing confidential items off site.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.4.1 Information back-up

–  –  –

SUGGESTED POLICY STATEMENT

"Management must ensure that safeguards are in place to protect the integrity of data files during the recovery and restoration of data files; especially where such files may replace more recent files."

EXPLANATORY NOTES

Saving of data on a backup tape or disc is a core process in the security of your information.

Information Security issues to be considered when implementing your policy include the following:

• Data could be accessed and restored by unauthorised parties using similar backup software.

• The required data, when restored, is not on the designated backup tape or disc resulting in confusion and potential loss.

• The required data, whilst located and restored, is found to be corrupt.

• Data may be lost or overwritten by the incorrect restoration from back up media.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.4.1 Information back-up

–  –  –

Policy 030701 Managing Hard Copy Printouts Policy 030702 Photocopying Confidential Information Policy 030703 Filing of Documents and Information Policy 030704 The Countersigning of Documents Policy 030705 Checking Document Correctness Policy 030706 Approving Documents Policy 030707 Verifying Signatures Policy 030708 Receiving Unsolicited Mail Policy 030709 Style and Presentation of Reports Policy 030710 Transporting Sensitive Documents Policy 030711 Shredding of Unwanted Hardcopy Policy 030712 Using Good Document Management Practice

–  –  –

SUGGESTED POLICY STATEMENT

"Hard copies of sensitive or classified material must be protected and handled according to the distribution and authorisation levels specified for those documents."

EXPLANATORY NOTES

Managing and controlling the hard-copy reports produced by your computer programs.

N.B. The guidance provided in this section is aimed primarily at paper-based reports, however similar guidelines also apply to other forms of non-electronic output, such as microfiche.

Information Security issues to be considered when implementing your policy include the following:

• Sensitive documented information material may be routed to office printers where confidentiality may be lost; or at the least, threatened.

• Secure filing systems are to be used for sensitive documents and reports in order to avoid access by unauthorised persons.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.6.3 Information handling procedures

–  –  –

SUGGESTED POLICY STATEMENT

"All employees to be aware of the risk of breaching confidentiality associated with the photocopying (duplication) of sensitive documents. Authorisation from the document owner should be obtained where documents are classified as Highly Confidential or above."





EXPLANATORY NOTES

Photocopy machines are located in almost every office in the world. Often located in public areas they are simple to use and almost everyone has occasion to do so as a legitimate part of their job. This makes spotting fraudulent use all the more difficult.

Information Security issues to be considered when implementing your policy include the following:

• Unauthorised copies can be made releasing confidential information.

• Authorised copies may be mislaid, disclosing confidential information to unauthorised parties.

• Unauthorised persons can nevertheless sometimes gain access to sensitive material and use copying facilities for personal or other reasons.

• Unauthorised people may see and remove copies during the copy / binding process.

• Unauthorised people may see the contents of the document during copying.

• Confidentiality can be breached by original sheets being left in machine.

• Sheets of partially copied material can become jammed in the machine which can disclose sensitive information to unauthorised persons e.g. the person removing the blockage.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.6.3 Information handling procedures

–  –  –

SUGGESTED POLICY STATEMENT

"All information used for, or by the organisation, must be filed appropriately and according to its classification."

EXPLANATORY NOTES

Secure filing and storage of sensitive material is essential to guard against loss and unauthorised access.

Information Security issues to be considered when implementing your policy include the following:

• Important information may be lost or stolen because files have been misplaced or lost.

• Informal document filing procedures could result in theft of information.

• In the event of fire, flood or other disaster, documents may be destroyed.

• Where sensitive information is not handled appropriately, it could be seen by unauthorised persons.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.6.3 Information handling procedures

–  –  –

SUGGESTED POLICY STATEMENT

"Documents should be countersigned (either manually or electronically) to confirm their validity and integrity; especially those which commit or oblige the organisation in its business activities."

EXPLANATORY NOTES

A sign off process is intended to ensure that the transaction or document has been properly checked and authorised. Normally, the person applying the second signatory or initial will take prime responsibility.

Information Security issues to be considered when implementing your policy include the following:

• If transactions are not verified for correctness, there is a high risk of loss through mistake or theft.

• Organisation resources may be stolen or misappropriated if there is no accountability for information correctness.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.6.3 Information handling procedures

–  –  –

SUGGESTED POLICY STATEMENT

"Documents should be checked to confirm their validity and integrity; especially those which commit or oblige the organisation in its business activities."

EXPLANATORY NOTES

Sound decision making relies on having the correct information available. With most security breaches being the result of internal errors checking documents for correctness becomes a high priority.

Information Security issues to be considered when implementing your policy include the following:

• If documents are not reviewed for correctness this may result in incorrect decisions being made and possibly cause financial loss.

• Unverified information may be unreliable.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.6.3 Information handling procedures

–  –  –

SUGGESTED POLICY STATEMENT

"All written communications sent out by the organisation to third parties are to be approved by authorised persons."

EXPLANATORY NOTES

The authorisation of documents is fundamental to their acceptance and credibility.

Information Security issues to be considered when implementing your policy include the following:

• Unauthorised documents could be acted upon resulting in financial loss.

• Documents are to be authorised strictly in accordance with the organisation's authorised signatory policy and procedures.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.6.3 Information handling procedures

–  –  –

SUGGESTED POLICY STATEMENT

"All signatures authorising access to systems or release of information must be properly authenticated."

EXPLANATORY NOTES

It is critical to establish the signatory's authenticity and level of authority. This topic deals with physical signatures. Digital /electronic signatures are covered elsewhere.

Information Security issues to be considered when implementing your policy include the following:

• Data or information may be stolen by using an unauthenticated signature.

• Where the signatory is not authorised to approve a particular transaction or activity, financial loss may result.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.6.3 Information handling procedures

–  –  –

SUGGESTED POLICY STATEMENT

"Unsolicited mail should not receive serious attention until and unless the sender’s identity and authenticity of the mail have been verified."

EXPLANATORY NOTES

Unsolicited mail may simply be misaddressed, and therefore returning it to sender may be all that is required. However, you should be aware that unsolicited physical and electronic mails may be used to probe your security systems and to gain unauthorised information.

Information Security issues to be considered when implementing your policy include the following:

• You may unintentionally disclose additional sensitive information when returning mail to the original sender.

• Information is disclosed in response to letters or memos which look official.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.6.3 Information handling procedures

–  –  –

SUGGESTED POLICY STATEMENT

"An agreed ‘corporate’ document style should be used which promotes consistency, integrity and promotes the agreed ‘image’ of the organisation."

EXPLANATORY NOTES

The risks to organisation information are made greater when you do not maintain organisation document standards. These standards for documentation presentation and report structures should give the author a framework to write reports and the audience a way to quickly absorb the correct message or information.

Information Security issues to be considered when implementing your policy include the following:

• Where non standard presentation styles are used, this may result in confused messages and possibly conflicting statements.

• Style standards and templates are to be developed and implemented in order to ensure standardisation across the organisation.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.6.3 Information handling procedures

–  –  –

SUGGESTED POLICY STATEMENT

"The designated owners of documents which contain sensitive information are responsible for ensuring that the measures taken to protect their confidentiality, integrity and availability, during and after transportation / transmission, are adequate and appropriate."

EXPLANATORY NOTES

When selecting the most suitable delivery option for your documents it is important to pay strict attention to the information classification level and to any security risk to the information, such as mishandling and misuse, and also to the potential for theft inherent in each delivery option, delivery media and delivery location.

Information Security issues to be considered when implementing your policy include the following:

• If the transport medium is inappropriate for the sensitivity / value of the information being transported, it could facilitate the theft of the contents whilst in transit.



Pages:     | 1 |   ...   | 10 | 11 || 13 | 14 |   ...   | 47 |


Similar works:

«FY14 Annual Report John R. Belk Tim Belk President and COO Chairman and CEO To Belk Stockholders: Fiscal 2014 was a challenging year for Belk. We faced a tough sales environment and shorter holiday selling season, while also implementing several large strategic initiatives. Profits were down after a four-year winning streak. We are pleased, however, that the team that has produced strong results over the past several years did again achieve success in many areas: ‰ We celebrated 125 years of...»

«ISSN 2410-3918 Academic Journal of Business, Administration, Law and Social Sciences Vol 1 No 1 Acces online at www.iipccl.org IIPCCL Publishing, Tirana-Albania March 2015 What factors in the policy-making process determine the priority given to a policy issue? MA. Erisa Xhixho University of Tirana Abstract Agenda setting is the process by which problems and alternative solutions gain or lose public attention (Birkland T. (2007), p.63; Werner J. and Wegrich K. (2007), p.46.). The main factor...»

«RESEARCH REPORT SERIES (Survey Methodology #2011-01) Cognitive Testing of Spanish Language Translation of Selected Questions in the American Housing Survey (AHS) George R Carter III1 Alisú Schoua-Glusberg2 M. Mandy Sha3 Georgina McAvinchey3 Leticia Reed3 Sonia Rodriguez3 Housing and Household Economic Statistics Division (at date of publication) Research Support Services RTI International Center for Survey Measurement Research and Methodology Directorate U.S. Census Bureau Washington, D.C....»

«Handbook for Designated Professional Body Firms (DPB Firms) and Licensed Authorised Professional Firms (Licensed APFs) DPB Handbook 1 April 2013 CONTENTS Part 1 Introduction 1 Part 2 DPB FirmsRegulated Activities 4 Part 3 DPB FirmsConduct of Business Code 13 Part 4 Rules governing Licensed Authorised Professional Firms 25 Part 5 Complaints and Disciplinary Process 37 Part 6 Licence Terms and Conditions 44 Part 7 Interpretation and Definitions 55 Annex 2.1 Non Regulated Activities 69 Annex 2.2...»

«Mine And Mineral Occurrences Of Afghanistan Not of all the trips, possible link oil works a impression through our mainly real research. The bureau time so is programs by a share's serious developments while techniques, the gator report, investments Mine and Mineral Occurrences of Afghanistan and fixtures cleaned, marketing pdf phenomena, social credit, web things, and payments meaning system but call. Us involved them without they saw culling by any burnout to keep between the upcoming fact....»

«Tackling disinvestment in health care services Tom Daniels, Iestyn Williams and Suzanne Robinson Journal of Health Organisation and Management Introduction Rising levels of demand due to ageing populations and increases in long term conditions (White 2007), increased levels of expectation amongst patients and inflationary pressure caused by the rising cost of new technologies are amongst the explanations for the funding shortfalls in government funded health systems across the world (Newhouse...»

«HÖGANÄS CONFLICT MINERALS COMPLIANCE POLICY Edition No 1 Issued by General Counsel of Höganäs Group Adopted by CEO, December 23, 2013 TABLE OF CONTENTS 1. POLICY AND PURPOSE 2. HÖGANÄS’ EXPEXTATIONS OF SUPPLIERS 3. CERTIFICATION REQUIREMENTS 4. ADDITIONAL INFORMATION 5. RESPONSIBILITY, MANAGEMENT AND SUPERVISION 1(8) 1. POLICY AND PURPOSE Höganäs Group strives to be a responsible member of society. This is achieved through the adherence to applicable laws and regulations, strong...»

«National Employment Law Project POLICY BRIEF July 2014 An Order of Fair Pay: How a “Wage Order” Eliminating New York’s Sub-Minimum Wage for Tipped Workers Will Deliver Fair Pay for Workers, Women, and the State’s Economy Introduction Low wages, high poverty, and unstable paychecks are a common way of life for thousands of tipped workers throughout New York. A major factor fueling the economic insecurity faced by New York’s estimated 229,000 tipped workers is the state’s outdated and...»

«Daena: International Journal of Good Conscience. 9(3)205-211. Diciembre 2014. ISSN 1870-557X Corporate Social Responsibility, Human Rights and Discrimination Responsabilidad Social de las Empresas, Derechos Humanos y Discriminación Abreu, Jose Luis & Batmanghlich, Cameron Abstract. The concept of corporate social responsibility (CSR) is generally understood to mean that corporations have a degree of responsibility not only for the economic consequences of their activities, but also for the...»

«Master Programme in Finance Does Hedging Increase Firm Value? An Examination of Swedish Companies Author: Ngan Nguyen Supervisor: Ph.D. Håkan Jankengård ABSTRACT In an uncertain financial world, corporate risk management has become an important element of a firm’s overall business strategy. The ability to manage risk will help companies act more confidently on future business decisions. Their knowledge of the risks they are facing will give them various options on how to deal with potential...»

«YEARS OF LIVING DANGEROUSLY JESSICA ALBA Correspondent Jessica Alba is an actress, activist, New York Times bestselling author, and entrepreneur. Although known throughout the world for her acting career, it is her role as a mom of two girls that inspired the launch of The Honest Company in January 2012. With an all-natural, non-toxic product line that offers diapers, personal care and childcare products, nutritional supplements and household cleaners, The Honest Company (Honest.com) is a...»

«April 22, 2010 Agile BI Out Of The Box by Boris Evelson for Business Process Professionals Making Leaders Successful Every Day For Business Process Professionals April 22, 2010 Agile BI Out Of The Box reduce Development Time And Effort With metadata-Generated BI Applications by Boris Evelson with rob Karel, James G. Kobielus, Henry Peyret, Dave West, and ralph vitti ExEcuT I v E S u m mA ry Complexity represents one of the toughest challenges facing traditional business intelligence (BI)...»





 
<<  HOME   |    CONTACTS
2016 www.theses.xlibx.info - Theses, dissertations, documentation

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.