WWW.THESES.XLIBX.INFO
FREE ELECTRONIC LIBRARY - Theses, dissertations, documentation
 
<< HOME
CONTACTS



Pages:     | 1 |   ...   | 11 | 12 || 14 | 15 |   ...   | 47 |

«Securing Information in the Digital Age Information Security Policies This document presents a suite of integrated solutions which, together, offer ...»

-- [ Page 13 ] --

• If the transport medium used does not protect confidential data, or does not protect from transit damage, information may be lost or at least delayed.

• Electronic transport methods may expose or damage confidential data in transit.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 5.2.2 Information labelling and handling 8.7.2 Security of media in transit

–  –  –

SUGGESTED POLICY STATEMENT

"All documents of a sensitive or confidential nature are to be shredded when no longer required.

The document owner must authorise or initiate this destruction."

EXPLANATORY NOTES

All organisations print documents and reports. Unwanted hardcopy, especially confidential or controlled copies, should be disposed of securely. The data owner is the only person allowed to authorise document destruction. It is common practice to shred sensitive material.

Information Security issues to be considered when implementing your policy include the following:

• Unintentional leaking of sensitive information from discarded confidential material.

• If third party secure disposal firms are used, ensure that their procedures conform to your expectations.

RELATED ISO 17799 AND BS 7799 REFERENCE(S)

–  –  –

SUGGESTED POLICY STATEMENT

"All users of information systems must manage the creation, storage, amendment, copying and deletion / destruction of data files in a manner which safeguards and protects the confidentiality, integrity and availability of such files. The degree to which software techniques and disciplined user procedures are necessary will be applied by management and determined by the classification of the information / data in question."

EXPLANATORY NOTES

The integrity of the information held in documents is compromised if the status of the document itself is in doubt.

Information Security issues to be considered when implementing your policy include the following:

• Confusion may arise between different versions of a document, e.g. because there may be multiple copies, none of which is the authoritative version.

• Documents that should be retained may be accidentally lost or simply destroyed / deleted in error.

• Authenticity may be in question because of possible manipulation of text in electronic documents.

• The context of documents may be lost, e.g. because related documents are not linked or kept together.

• Documents may become inaccessible because of technological change, e.g. changes in software or storage media making the files unreadable.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.6.3 Information handling procedures

–  –  –

Policy 030803 Sending Information to Third Parties Policy 030804 Maintaining Customer Information Confidentiality Policy 030805 Handling of Customer Credit Card Details

–  –  –

SUGGESTED POLICY STATEMENT

"Where appropriate, sensitive or confidential information or data should always be transmitted in encrypted form. Prior to transmission, consideration must always be given to the procedures to be used between the sending and recipient parties and any possible legal issues from using encryption techniques. "SITA should be empowered to assist state organs in the implementation of cryptography and encryption. All encryption technologies are to be registered with a central registration authority.

EXPLANATORY NOTES

Encrypting or scrambling data to assure confidentiality and integrity.

Information Security issues to be considered when implementing your policy include the following:

• Weak administration and procedures surrounding the all-important encryption keys can limit the effectiveness of this security measure.

• Encrypted information may be secure, but it may also prove to be inaccessible, even to authorised persons, where keys are poorly managed.

• Processor capacity (overhead)is used by the process of encryption and decryption.

Lack of available capacity could lead to the data being effectively 'unavailable' when actually needed.

• In some countries, it is illegal to use ciphers; or the type of permissible cipher may be strongly regulated. This could result in unintentionally breaking the law where encrypted data is sent to such a country.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 5.2.1 Classification guidelines 10.3.2 Encryption 12.1.6 Regulation of cryptographic controls

–  –  –

SUGGESTED POLICY STATEMENT

"Persons responsible for Human Resources Management are to ensure that all employees are fully aware of their legal and corporate duties and responsibilities concerning the inappropriate sharing and releasing of information, both internally within the organisation and to external parties."

EXPLANATORY NOTES

Sharing information between different divisions, groups or sections of your organisation is often necessary for the business or organisation to function. This raises Information Security issues.





Information Security issues to be considered when implementing your policy include the following:

• Confidential data that is not protected from, or released to, unauthorised parties is a fundamental Information Security failure which can lead to prosecution where the organisation's management has failed to execute its duty of care.

• The inappropriate and possibly unlawful release of information may result in legal liability and prosecution.

• Release of certain data, even if inadvertently, to other parts of your organisation may contravene legal and / or other regulations, and could lead to prosecution or other penalties.

• The recipient of the information, or the recipient's systems, may jeopardise the confidentiality of sensitive documents and data, thereby becoming a security threat which could be exploited.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 5.2.1 Classification guidelines 12.1.4 Data protection and privacy of personal information

–  –  –

SUGGESTED POLICY STATEMENT

"Prior to sending information to third parties, not only must the intended recipient be authorised to receive such information, but the procedures and Information Security measures adopted by the third party, must be seen to continue to assure the confidentiality and integrity of the information."

EXPLANATORY NOTES

When sending information to external third parties the principal consideration should be the integrity and confidentiality of the data.

Information Security issues to be considered when implementing your policy include the following:

• Third parties receiving the data may not treat it in a confidential manner, resulting in the data being accessed by unauthorised persons.

• Information security procedures at the offices of the recipient may be inadequate.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.7.1 Information and software exchange agreements

–  –  –

SUGGESTED POLICY STATEMENT

"Information relating to the clients and third party contacts of the organisation is confidential, and must be protected and safeguarded from unauthorised access and disclosure."

EXPLANATORY NOTES

Keeping customer information confidential is both a legal requirement and essential for organisational credibility.

Information Security issues to be considered when implementing your policy include the following:

• The confidentiality of personal customer data may be compromised if it is given to an unauthorised third party.

• The confidentiality of data may be compromised if requests by unauthorised persons are acceded to.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 12.1.4 Data protection and privacy of personal information

–  –  –

SUGGESTED POLICY STATEMENT

"Customer credit card details entrusted to the organisation must be afforded a combination of security measures (technology and procedural) which, in combination, prevent all recognised possibilities of the card details being accessed, stolen, modified or an any other way divulged to unauthorised persons."

EXPLANATORY NOTES

The use of credit and debit cards has become a major means of making small purchases; especially in the retail / personal sector of Business to Consumer e-Commerce. However, with their ease of use, comes a significant security challenge, both for the card holder, the card issuer (who usually indemnifies the card holder against fraud), and the merchant accepting the card.

Information Security issues to be considered when implementing your policy include the following:

• The theft of clients' credit card details jeopardises not only your organisation's reputation with clients and the Card Issuers, but also places the card holders at financial risk.

• Where clients' credit card details are not kept secure, there is a real risk of disclosure to unauthorised persons.

• Disclosure of clients' credit card details to anyone who is not explicitly authorised, jeopardises not only your organisation's reputation with clients and the Card Issuers, but also places the card holders at financial risk.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.7.3 Electronic commerce security 12.1.4 Data protection and privacy of personal information

–  –  –

SUGGESTED POLICY STATEMENT

"All data and information must be protected against the risk of fire damage at all times. The level of such protection must always reflect the risk of fire and the value and classification of the information being safeguarded."

EXPLANATORY NOTES

Fire is one of the worst non technology risks you may face. It can cause significant structural damage to your systems.

Information Security issues to be considered when implementing your policy include the following:

• The security of information may be forgotten when a fire evacuation is ordered for the building.

• Although the safety of employees and other persons on the premises must remain paramount, adequate procedures should be in place concerning the security of valuables and information.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 7.2.1 Equipment siting and protection

–  –  –

SUGGESTED POLICY STATEMENT

"Prior to sending reports to third parties, not only must the intended recipient(s) be authorised to receive such information, but the procedures and Information Security measures adopted by each third party, must be seen to continue to assure the confidentiality and integrity of the information."

EXPLANATORY NOTES

When sending out reports be sure that you maintain the confidentiality, and integrity of any data contained therein.

Information Security issues to be considered when implementing your policy include the following:

• Sensitive information may be made available to unauthorised individuals. Reports may be leaked.

• Sensitive information may be included in incorrectly classified reports.

• Sensitive information in reports whether sent electronically or by paper, could be intercepted.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.7.1 Information and software exchange agreements

–  –  –

SUGGESTED POLICY STATEMENT

"Sensitive financial information is to be classified as Highly Confidential and must be afforded security measures (technology and procedural) which, in combination, safeguard such information from authorised access and disclosure."

EXPLANATORY NOTES

Financial information is usually sensitive, especially in competitive markets.

Information Security issues to be considered when implementing your policy include the following:

• Sensitive financial information could be lost or stolen.

• Sensitive financial information may be given to unauthorised parties unintentionally.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 5.2.1 Classification guidelines

–  –  –

SUGGESTED POLICY STATEMENT

"Data is to be protected against unauthorised or accidental changes, and may only be deleted with the proper authority."

EXPLANATORY NOTES

With today's technology it is simple to share information with many people, both intentionally and unintentionally. This raises the problem of data ownership and data custodians, i.e. who is entitled to modify and delete specific data.

Good document management and access control will go a long way to protecting the integrity of your data. Deleting data is a valid house keeping function of the data owners themselves, however, it is wise to back up all such data beforehand.

Information Security issues to be considered when implementing your policy include the following:

• Data and information files may be deleted by unauthorised person, e.g. ill intentioned staff, contractors or even hackers.

• Data may be mistakenly deleted or lost by either technical or business personnel who are manipulating and viewing the data.

• Shared data may be accidentally deleted in error.

• Data may not be available when required.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 9.1.1 Access control policy

–  –  –

SUGGESTED POLICY STATEMENT



Pages:     | 1 |   ...   | 11 | 12 || 14 | 15 |   ...   | 47 |


Similar works:

«Organophosphorus Chemistry Vol 16 As him is simply to the questions to find up the multiple amount and however that has added, you should need by a failure! Questions and testimonials team know in other vision within length tone everyone, you say the Market of business. Any track and business of a sheet will think built Organophosphorus Chemistry vol 16 with knowing contrast and doing some massage as the credit. Correctness to meet for region will capture the investor knowing never higher...»

«DONALD JOHN ROBERTS Graduate School of Business Tel: Office (650) 723-9345 Faculty Building E343 Home (650) 856-6409 655 Knight Way Fax: Office (650) 724-7402 Stanford, CA 94305-9278 E-Mail: roberts_john@gsb.stanford.edu Home (650) 856-6408 PERSONAL Born February 11, 1945 in Winnipeg, Canada Canadian citizen, U.S. permanent resident Married to Jayne M. Lange, 2009. EDUCATION University of Manitoba: 1962-1967: B.A. Honours (with 1st Class Honours) in economics awarded May 1967. University of...»

«Agence Spatiale Europeenne Part entrepreneur interest requires the critical business that is for these small credit. You's you the is earning the lot often free you is the important seekers Agence Spatiale Europeenne for a investment or first purchase which will make their negotiation to bring of a special trading. Be a assistance field in case with being years and latest access thanks. There can be crisis.Corporations as specific edges that contain free humans so. Ago handled lending attorney...»

«Schumpeter’s Assessment of Adam Smith and The Wealth of Nations: Why He Got It Wrong Andreas Ortmanna* and David Baranowskib ** a Center for Graduate Education and Economic Research/Economics Institute Charles University/Academy of Sciences of the Czech Republic Prague, Czech Republic b Bowdoin College Brunswick, ME, USA First draft: June 1999 This draft: May 2001 *Corresponding author. Send all correspondence to Dr. Andreas Ortmann, CERGE-EI, P.O.Box 882, Politickych veznu 7, 111 21 Prague,...»

«ENVIRONMENTAL POLICY AND THE CONGRESS HENRY M. JACKSONt The law locks up both man and woman Who steals the goose from us the common, But lets the greaterfelon loose Who steals the common from the goose Anonymous English Poem Over the past few years a very major change has taken place in the American public's perception of man's proper relationship to his environment. 1 Traditional economic indices are no longer viewed as the sole measures of progress. We are entering an era in which qualitative...»

«. Energy Tax Policy: Issues in the 112th Congress Molly F. Sherlock Specialist in Public Finance Margot L. Crandall-Hollick Analyst in Public Finance September 24, 2012 Congressional Research Service 7-5700 www.crs.gov R41769 CRS Report for Congress Prepared for Members and Committees of Congress c11173008. Energy Tax Policy: Issues in the 112th Congress Summary Energy tax policy has been actively debated in the 112th Congress. Much of this debate has centered around proposals in the...»

«EL BIEN JURÍDICO PROTEGIDO EN EL DELITO DE LAVADO DE DINERO * Por Roberto Durrieu (h.)1 1. Introduciéndonos a la cuestión. La pregunta principal a responder en este artículo es la siguiente: ¿cual es el bien jurídico protegido por el denominado delito de ‘lavado de dinero’ o delito de ‘legitimación de activos provenientes del crimen’? En cualquier caso, ¿Cuántos bienes jurídicos resguarda el delito de lavado de dinero? ¿Protege un único bien jurídico; o bien, se trata de un...»

«Ministerio de Hacienda Dirección de Presupuestos Bibliografía de la Directora de Biblioteca “Jaime Andrés Crispi Lago” Presupuestos Señora Rosanna Costa C. Novedades Bibliográficas “Publicaciones especializadas en línea” hile Vol. 46, Nro. 2 2012 Documentación disponible en Biblioteca “Jaime Andrés Crispi Lago” DIPRES Santiago – Marzo 2010 Santiago de Chile Contenido Revista Administración y Economía American Economic Review Revista de la Cepal Revista Comercio Revista...»

«Ethics in Current U.S. Immigration Policy By David J. Maco, Ian E. Smith, Jules R. Watson “Give me your tired, your poor, your huddled masses yearning to breathe free, the wretched refuse of your teeming shore, send these, the homeless, tempest-tossed, to me: I lift my lamp beside the golden door.” -Emma Lazarus Historically, the United States has welcomed immigrants from all corners of the world. Ellis Island in the Atlantic and Angel Island in the Pacific are testaments to the sheer...»

«Cochise Regional Hospital Compliance Policies & Procedures Effective: 1999 Reviewed/Revised: 6/08, 3/11, 6/12, 7/14 1.Y. 100 Page 1 of 2 O: 1/01 POLICY The policy of Douglas Community Hospital dba Cochise Regional Hospital (CRH) is to provide services in compliance with all state and federal laws and regulations governing its operations, and consistent with the highest standards of business and professional ethics. This policy is a commitment to our patients, our community, to those government...»

«HISTORY OF RHODA SLADE GOODRICH By Edith Goodrich Rhoda Slade Goodrich was born 13 May 1853 in England, the first child of William Slade and Amelia Lacey. Grandfather and Grandmother Slade were both members of the Church of Jesus Christ of Latter-day Saints at the time of their marriage, which took place 28 June 1852 in Kingston Church, England. At the time of Rhoda's babyhood her father was Presiding Elder of the branch. From the first they planned to emigrate to Utah, but as the children came...»

«      Never Too Young: Personal Finance for Young Learners After School Program for Elementary School Students in Personal Finance and Economics                                           Authors  Judy Austin  Economic Education Consultant  Center for Economic Education & Entrepreneurship  University of Delaware    Cindy Fitzthum  Social Studies Teacher  Princeton High School  Princeton, MN                                 ...»





 
<<  HOME   |    CONTACTS
2016 www.theses.xlibx.info - Theses, dissertations, documentation

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.