WWW.THESES.XLIBX.INFO
FREE ELECTRONIC LIBRARY - Theses, dissertations, documentation
 
<< HOME
CONTACTS



Pages:     | 1 |   ...   | 12 | 13 || 15 | 16 |   ...   | 47 |

«Securing Information in the Digital Age Information Security Policies This document presents a suite of integrated solutions which, together, offer ...»

-- [ Page 14 ] --
"Sensitive / confidential electronic data and information should be secured, whenever possible, with access control applied to the directory on the (computer) system concerned. The sole use of passwords to secure individual documents is less effective, and hence discouraged, as passwords may be either forgotten or become revealed (over time) to unauthorised persons." In this case Bio-metrics comes highly relevant to explore

EXPLANATORY NOTES

The simplest way to limit access by unauthorised people to your documentation is to apply a password.

You may however forget your password and then encounter problems accessing your data.

Information Security issues to be considered when implementing your policy include the following:

• Opening a document or spreadsheet may be impossible where the password has been forgotten or the owner is no longer available.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 9.1.1 Access control policy

–  –  –

SUGGESTED POLICY STATEMENT

"Information classified as Highly Confidential or Top Secret, may never be sent to a network printer without there being an authorised person to retrieve it and hence safeguard its confidentiality during and after printing."

EXPLANATORY NOTES

Classified documents should have their printing 'rules' included in the master document. All confidential documents should not be unnecessarily copied or have extra copies printed.

Information Security issues to be considered when implementing your policy include the following:

• Confidential data is accessed by unauthorised parties using unofficial/unapproved printed copies.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 7.3.1 Clear desk and clear screen policy

–  –  –

Policy 030902 Loading Personal Screen Savers Policy 030903 Using External Disposal Firms Policy 030904 Using Photocopier for Personal Use

–  –  –

SUGGESTED POLICY STATEMENT

"The decision whether dual control is required for data entry is to be made by the information system owner. Where so required, secure data handling procedures including dual input are to be strictly adhered to."

EXPLANATORY NOTES

Establishing and using a means of verifying and / or validating data by inputting it a second time to a system, and having the results compared to ensure consistency. Such features are often found where the validation of a financial entry is critical, e.g. a payment system.

Information Security issues to be considered when implementing your policy include the following:

• Fraudulent data, input to your system, can result in loss for the organisation.

• Dual control systems should be implemented whenever there is a high risk of loss through single level controls.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.1.4 Segregation of duties

–  –  –

SUGGESTED POLICY STATEMENT

"Employees are not permitted to load non-approved screen savers onto the organisation's PCs, laptops and workstations."

EXPLANATORY NOTES

Screen savers are small computer programs which reduce or eliminate 'screen burn' and often provide some visual entertainment or interest.

Information Security issues to be considered when implementing your policy include the following:

• Screen savers can include viruses and other malicious code resulting in local, and potentially, network wide damage.

• Highly graphical (sound and video) screen savers can impact on your systems' resources both by using a relatively large amount of disk storage space and by requiring a significant memory and processor power.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.3.1 Controls against malicious software

–  –  –

SUGGESTED POLICY STATEMENT

"Any third party used for external disposal of the organisation's obsolete equipment and material must be able to demonstrate compliance with this organisation’s Information Security Policies and also, where appropriate, provide a Service Level Agreement which documents the performance expected and the remedies available in case of non compliance." SITA is strategically positioned to take charge of this issue.

EXPLANATORY NOTES

This activity involves the employment of a firm to dispose of surplus materials and equipment. See also Disposing of Obsolete Equipment.

Information Security issues to be considered when implementing your policy include the following:

• Confidentiality of your information may be breached because the disposal firm does not specialise in handling confidential data securely.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 4.2.2 Security requirements from third party contracts 8.6.2 Disposal of media

–  –  –

SUGGESTED POLICY STATEMENT

"The use of photocopiers or duplicators for personal use is discouraged. In exceptions, specific permission may be given by the employee's immediate supervisor or manager."





EXPLANATORY NOTES

If the organisation permits staff to use the photocopier for personal use then specific permission should be granted every time this is done.

Information Security issues to be considered when implementing your policy include the following:

• Permitting personal use provides greater opportunity to copy and remove sensitive material • Allowing personal use may encourage the pilfering of paper and other resources.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 12.1.5 Prevention of misuse of information processing facilities

–  –  –

SUGGESTED POLICY STATEMENT

"Only authorised personnel may speak to the media (newspapers, television, radio, magazines etc.) about matters relating to the organisation."

EXPLANATORY NOTES

As most people are not trained to deal with the media, and they may not be aware of the significance of data passed to the media, many companies use designated spokespersons to handle media enquires.

Small pieces of information, although insignificant in themselves, can be used to build a larger picture of more sensitive matters.

Information Security issues to be considered when implementing your policy include the following:

• Manipulation by journalists may result in unintentional disclosure of organisation information.

• Unauthorised disclosure of sensitive organisation data may result in confidential information becoming public knowledge.

• Information may be passed to the media unwittingly.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.1.3 Confidentiality agreements

–  –  –

SUGGESTED POLICY STATEMENT

"Information regarding the organisation's customers or other people dealing with the organisation is to be kept confidential at all times. The information should only released by authorised and trained persons."

EXPLANATORY NOTES

Dealing with customers is a highly skilled activity requiring interpersonal skills which strikes a balance between organisation needs and customer demands. Some organisations have a customer services department who are trained to handle customer queries or complaints. Employees should be alert to potential security risks when releasing information to customers.

Information Security issues to be considered when implementing your policy include the following:

• Confidential organisation data may be incorrectly released to unauthorised third parties.

• Information may be requested by unauthorised persons.

• Customers may request confidential data to be released.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.1.3 Confidentiality agreements 12.1.4 Data protection and privacy of personal information

–  –  –

SUGGESTED POLICY STATEMENT

"The techniques of dual control and segregation of duties are to be employed to enhance the control over procedures wherever both the risk from, and consequential impact of, a related Information Security incident would likely result in financial or other material damage to the organisation."

EXPLANATORY NOTES

There is no way to completely prevent fraud in an organisation. However, segregation of duties is a primary internal control which prevents, or decreases the risk of errors, or irregularities, and identifies problems. This is achieved when an individual does not have control over all phases of a transaction.

Likewise dual control is a simple means of ensuring that colleagues perform critical activities as a team.

Information Security issues to be considered when implementing your policy include the following:

• Information and resources may be accessed with the intent to defraud.

• In centralised computer environments, system administration and user activities should be separated otherwise sensitive data may be compromised.

• Fraudulent activities may be hidden, unless potential areas of fraud are identified and their duties segregated. The opportunity for fraud or errors is high where activities are not under dual control.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.1.4 Segregation of duties

–  –  –

SUGGESTED POLICY STATEMENT

"This organisation expects all employees to operate a clear desk policy."

EXPLANATORY NOTES

With open plan offices now common you may accidentally expose confidential material. Information can be read from papers on your desk, especially when you away from your desk. A Clear Desk Policy is an effective safeguard.

Information Security issues to be considered when implementing your policy include the following:

• Material could be removed from your desk or work area and copied or stolen.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 7.3.1 Clear desk and clear screen policy

–  –  –

SUGGESTED POLICY STATEMENT

"E-mail addresses and faxes are to be checked carefully prior to dispatch, especially where the information is considered to be confidential; and where the disclosure of the e-mail addresses or other contact information, to the recipients is a possibility."

EXPLANATORY NOTES

The risk of inadvertently passing information to unauthorised parties increases the higher the level of automation of your communication processes.

Information Security issues to be considered when implementing your policy include the following:

• You may send organisation data or information to unauthorised parties in error.

• Your e-mail distribution may disclose your entire customer and / or corporate mailing list details to each of the recipients.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.7.5 Security of electronic office systems

–  –  –

SUGGESTED POLICY STATEMENT

"The government values the integrity and correctness of all its business and related information and requires management to develop and adopt the appropriate procedures in this regard."

EXPLANATORY NOTES

The integrity of information is fundamental to any organisation, and every effort must be made to implement the relevant safeguards.

Information Security issues to be considered when implementing your policy include the following:

• Where controls and checks are not in place, the integrity of the organisation's data may not be reliable, which in turn can lead to the integrity of the entire organisation being compromised.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 10.2.4 Output data validation

–  –  –

SUGGESTED POLICY STATEMENT

"Employees travelling on business are responsible for the security of information in their custody."

EXPLANATORY NOTES

Staff may be required to travel both locally and overseas as part of their work duties. Special care should be taken if using hotel facilities or commercial business centres.

Information Security issues to be considered when implementing your policy include the following:

• Documents stolen or misused whilst travelling.

• Where no personal security risk assessment is undertaken prior to travel, this can leave you unprepared for the real dangers which you may face at your destination.

• Inadequate classification of documents created whilst travelling can lead to inadvertent disclosure to unauthorised persons.

• Inadequate classification of documents created whilst travelling can lead to inadvertent disclosure to unauthorised persons.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 9.8.1 Mobile computing

–  –  –

SUGGESTED POLICY STATEMENT

"Credit may only be advanced to customers once credit limits have been properly approved, in accordance with the organisation's usual financial credit control procedures." This particularly applies for Welfare grants unemployment insurance etc.

EXPLANATORY NOTES

Customer's credit limits to be checked before confirming any order placed on credit. When checking a customer's credit limit you are accessing sensitive information and therefore must observe rights to privacy.

Information Security issues to be considered when implementing your policy include the following:

• Fraudulent credit applications result in loss or theft of goods.

• Unauthorised third parties may access customer details whilst credit checking a customer.



Pages:     | 1 |   ...   | 12 | 13 || 15 | 16 |   ...   | 47 |


Similar works:

«Template de-identified Finance Policy & Procedures Manual for an Aboriginal Community Controlled Health Organisation (ACCHO) NACCHO Finance Policies & Procedures 0 This is one example of a de-identified, template Finance Policy & Procedures Manual. It attempts to consolidate comprehensive and current best practice. Not all the sections may apply to your ACCHO. NACCHO has made this example template available to Member ACCHOs as a resource which each ACCHO can consider and adapt to their...»

«Chapter 1 Deviant Globalization Nils Gilman, Jesse Goldhammer, and Steven Weber The black market was a way of getting around government controls. It was a way of enabling the free market to work. It was a way of opening up, enabling people.1 —Milton Friedman T his chapter introduces the concept of deviant globalization.2 The unpleasant underside of transnational integration, deviant globalization describes crossborder economic networks that produce, move, and consume things as various as...»

«Science and Environmental Policy-Making: Bias-Proofing the Assessment Process Ross McKitrick∗ Department of Economics, University of Guelph, Guelph, ON, Canada N1G 2W1 (e-mail: rmckitri@uoguelph.ca). Scientific assessment panels are playing increasingly influential roles in national and international policy formation. Although they typically appeal to the standard of journal peer review as their quality control criterion, there seems to be confusion about what peer review actually does. It...»

«Advanced Studies in International Economic Policy Research Kiel Institute for the World Economy Düsternbrooker Weg 120 D-24105 Kiel/Germany Working Paper No. 456 Access to Finance and Exporting Behavior in Transition Countries by Alex Bernard, Augusto Stabilito and Julien Donghoon Yoo April 2010 Kiel Advanced Studies Working Papers are preliminary papers, and responsibility for contents and distribution rests with the authors. Critical comments and suggestions for improvement are welcome....»

«Offshoring of American Jobs What Response from U.S. Economic Policy? Jagdish Bhagwati and Alan S. Blinder The Alvin Hansen Symposium on Public Policy Harvard University edited and with an introduction by Benjamin M. Friedman The MIT Press Cambridge, Massachusetts London, England © 2009 Massachusetts Institute of Technology All rights reserved. No part of this book may be reproduced in any form by any electronic or mechanical means (including photocopying, recording, or information storage and...»

«Journal of Economics Bibliography www.kspjournals.org Volume 2 June 2015 Issue 2 The Internationalization of Mexican Fisheries Companies and the Rise of Theire Exports to the Italian Market José G. VARGAS-HERNANDEZ a† & Teresa Irina S. E. MASCI Abstract. Opening up trade under the guidelines of trade agreements is presented as an area of opportunity for Mexico to diversify markets.Reality demonstrates that U.S. and Mexico hold a large concentration of commercial transactions. In the case of...»

«ANEXO 1 CRONOLOGÍA 1978-2000 Síntesis del año Política • Se inscriben 13 partidos para las elecciones a la Asamblea Constituyente (febrero).• Cambios en el Comando del Ejército Peruano (febrero).• Cambios en la composición del gabinete ministerial (mayo). Se incorporan dos ministros civiles; uno de ellos es Javier Silva Ruete en la cartera de Economía. Asamblea Constituyente • Elecciones para la Asamblea Constituyente (junio). • Instalación de la Asamblea Constituyente...»

«Why most patents are invalid – Extent, reasons, and potential remedies of patent invalidity This version: December 16, 2015 Joachim Henkela, b, Hans Zischkaa a TUM School of Management, Technische Universität München Arcisstr. 21, 80333 Munich, Germany. henkel@wi.tum.de, zischka@wi.tum.de. +49 89 289 25741 b Center for Economic Policy Research (CEPR), London, United Kingdom Abstract: The legal stability of granted patents is uncertain, a fact that entails inefficiencies for the patentee as...»

«Financial Industrial Investment The of this, people are the high firing as money that our best mortgage. Right of an manager via positive pdf, the mind intended good response for time agent upon one but were monthly utensils also. The retail time bank requires like new levels which are the prescription but success to be that steel to make besides caller or with phone. Therefore reduced nations and work recommendations inbound by working personal mall industry Financial Industrial Investment to...»

«The Economic Journal, 117 (October), 1357–1379. Ó The Author(s). Journal compilation Ó Royal Economic Society 2007. Published by Blackwell Publishing, 9600 Garsington Road, Oxford OX4 2DQ, UK and 350 Main Street, Malden, MA 02148, USA. CULTURE, CONFLICT AND COOPERATION: IRISH DAIRYING BEFORE THE GREAT WAR* Kevin H. O’Rourke A recent literature argues that Ôhierarchical religionsÕ such as Catholicism hamper the formation of trust, thus reducing the propensity to cooperate and damaging...»

«A CRITIQUE OF DEFINITIONS OF THE CULTURAL AND CREATIVE INDUSTRIES IN PUBLIC POLICY Susan Galloway and Stewart Dunlop Galloway Francis S.Galloway@arts.gla.ac.uk Susan &Article Ltd March and (print)/1477-2833 (online) 0000002006 Journal of Cultural Policy Original 1028-6632 Francis International 10.1080/10286630701201657 GCUL_A_220087.sgm Taylor The article critiques official notions of creative industries with reference to definitions of both culture and creativity. The knowledge economy-based...»

«Manufacturing the Future? Advanced manufacturing in Greater Manchester 1 SUMMARY & RECOMMENDATIONS 1.1 The British economy urgently needs to grow its economy and create more private sector jobs. In the wake of the most severe recession in a generation – with continued slow growth, high inflation and weak consumer demand – British industry needs to become more competitive globally, to take advantage of growth and trading opportunities in other parts of the world. 1.2 In this light, the...»





 
<<  HOME   |    CONTACTS
2016 www.theses.xlibx.info - Theses, dissertations, documentation

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.