WWW.THESES.XLIBX.INFO
FREE ELECTRONIC LIBRARY - Theses, dissertations, documentation
 
<< HOME
CONTACTS



Pages:     | 1 |   ...   | 13 | 14 || 16 | 17 |   ...   | 47 |

«Securing Information in the Digital Age Information Security Policies This document presents a suite of integrated solutions which, together, offer ...»

-- [ Page 15 ] --

• An outsourced credit-checking agency will have access to confidential client details.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 12.1.4 Data protection and privacy of personal information

–  –  –

Sub-Chapter 01 Purchasing and Installing Software Sub-Chapter 02 Software Maintenance & Upgrade Sub-Chapter 03 Other Software Issues

–  –  –

Policy 040101 Specifying User Requirements for Software Policy 040102 Selecting Business Software Packages Policy 040103 Selecting Office Software Packages

–  –  –

SUGGESTED POLICY STATEMENT

"All requests for new applications systems or software enhancements must be presented to senior management with a Business Case with the business requirements presented in a User Requirements Specification document."

EXPLANATORY NOTES

Before deciding on the purchase of new software, it is essential to specify the business and technical requirements that are to be met. This is usually accomplished by means of a User Requirements Specification (URS).

Information Security issues to be considered when implementing your policy include the following:

• A failure to specify requirements precisely can result in an inappropriate choice of a system that is unable to meet business needs and expectations.

• A business which does not explore the issues from both technical and business perspectives can have such weaknesses exposed during the project, resulting in additional costs and loss of time.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 4.1.4 Authorisation process for information processing facilities

–  –  –

SUGGESTED POLICY STATEMENT

“The organisation should generally avoid the selection of business critical software which, in the opinion of management, has not been adequately proven by the early adopters of the system.

The selection process for all new business software must additionally incorporate the criteria upon which the selection will be made. Such criteria must receive the approval of senior management and should be compliant with the Minimum interoperability Standards provided.”

EXPLANATORY NOTES

Except where there is a clear Business Case to justify the expenditure for bespoke software, the majority of your software is likely to be packaged. Selecting the right package is critical, because it is expensive to correct mistakes later, and will have consequences for years to come.

N.B. This policy concerns software systems which directly support your business processes, e.g.

Accounting and General Ledger, Sales, Order Processing, Inventory Control, and so forth, rather than selecting office software packages for word processors, e-mail, etc.

Information Security issues to be considered when implementing your policy include the following:

• Selecting a package which fails to meet your business needs can not only result in direct financial loss, but inevitably wastes time and resources.

• Whilst the software may meet your requirements functionally, lack of available support will increase the risk to your systems processing, and hence the businesses which are reliant upon it.

• Many mature systems have been written for proprietary operating systems which require daily support duties that rely on skills that are possibly less common. The possible inadvertent neglect of such duties may result in failures which endanger your business operations.

• The specification of your current equipment may be too low (or only marginally adequate), resulting in strain and overload which could corrupt information if the system were to crash.

• Business software is usually expected to work with other attached peripherals, e.g. fax, scanner, modem, printers, etc. However, and especially with older equipment, the drivers may be obsolete and only operate with certain software etc.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 4.1.4 Authorisation process for information processing facilities

–  –  –

“All office software packages must be compatible with the organisation’s preferred and approved computer operating system and platform including the Minimum information interoperability Standards.”

EXPLANATORY NOTES

Office software forms a critical link between the primary business systems in your day to day work. The initial choice of the office package has far reaching consequences; both for the selection of additional software in the future and for the ease with which documents and information can be shared throughout the organisation.

N.B. This policy is aimed primarily at those using the Microsoft Windows® operating system. However, the issues and actions are applicable to all platforms.

Information Security issues to be considered when implementing your policy include the following:

• Office software, pre-installed by your hardware supplier, may not meet your organisation's needs. You can then become 'locked into' unsuitable systems and effectively prevented from the correct choice of office software.





• Lack of set organisation standards can allow the user's personal preferences to determine the choice of office software. This can cause delays and frustration, with information being inaccessible to anyone not using the same office software, or using a different version.

• Where support for an old office system is poor or where the product has been discontinued for some time, you are exposed in case of system failure or other problem.

You could lose information, simply because it can no longer be read.

N.B. The above is not an example of the adage "If it ain't broke, don't fix it"! This issue is unlikely to go away. If anything, it will worsen over time and possible force a change when it is least convenient.

• The use of separate office products across the organisation introduces the real (and likely) risk of incompatible data formats.

• The specification of your current equipment may be too low or only marginally adequate, resulting in strain and overload which could corrupt information if the system were to crash.

• Office software is usually expected to work with other attached peripherals, e.g. fax, scanner, modem, printers, etc. However, and especially with older equipment, the drivers may be obsolete and only operate with certain software etc.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 4.1.4 Authorisation process for information processing facilities

–  –  –

SUGGESTED POLICY STATEMENT

“To comply with legislation and to ensure ongoing vendor support, the terms and conditions of all End User Licence Agreements are to be strictly adhered to.” The licensing of Software should be centralised in government

EXPLANATORY NOTES

You must be licensed to use software and also adhere to the terms of the End User License Agreement (EULA). This is necessary to comply with legal requirements and to retain your eligibility for ongoing vendor support.

Information Security issues to be considered when implementing your policy include the following:

• Using unlicensed software that is not being evaluated under the terms of the licence, is a criminal offence in many countries. Both the individual concerned and the directors (or equivalent) of the organisation may be held accountable.

• Where licence restrictions come to light following a period of use, there may be additional and unexpected costs.

• Allowing software to expire or be unlicensed can result in the vendor's refusal to provide support and / or upgrades at a reasonable price. For those areas which rely upon the software in question, this places both the business processes and the resultant information at risk.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 12.1.2.2 Software copyright

–  –  –

SUGGESTED POLICY STATEMENT

“The implementation of new or upgraded software must be carefully planned and managed, ensuring that the increased Information Security risks associated with such projects are mitigated using a combination of procedural and technical control techniques.”

EXPLANATORY NOTES

All software (from the operating system to applications) needs to be updated periodically. Whether this is a simple upgrade or a complete re-write of your main system, it involves a series of steps, whose length depends on the size and complexity of the system.

Information Security issues to be considered when implementing your policy include the following:

• Where a new system is inadequately tested, it can result in substantial damage to the business processes that rely on it, and to the data files it reads and updates.

• Considering security requirements of a system as an afterthought may expose the organisation to loss or fraud.

• Inadequate training for both technical and user staff, can result in costly errors in information content and in business processing. This may compromise other systems that rely on them.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 10.1 Security requirements of systems

–  –  –

Policy 040204 Interfacing Applications Software / Systems Policy 040205 Supporting Application Software Policy 040206 Operating System Software Upgrades Policy 040207 Support for Operating Systems Policy 040208 Recording and Reporting Software Faults

–  –  –

SUGGESTED POLICY STATEMENT

“Patches to resolve software bugs may only be applied where verified as necessary and with management authorisation. They must be from a reputable source and are to be thoroughly tested before use.”

EXPLANATORY NOTES

Patches are software bug 'fixes', that is, they resolve problems reported by users. Usually available for downloading on the vendor's Web site, their use requires consideration of the relevant security issues.

Information Security issues to be considered when implementing your policy include the following:

• If a patch is applied incorrectly or without adequate testing, your system and its associated information can be placed at risk, possibly corrupting your live data files.

• If patches are not reviewed and tested, important security fixes may leave your systems exposed. This is especially true of 'office' software.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 10.5.1 Change control procedures

–  –  –

SUGGESTED POLICY STATEMENT

“Upgrades to software must be properly tested by qualified personnel before they are used in a live environment.”

EXPLANATORY NOTES

The status of software is rarely static. Software companies are either releasing bug fixes (patches), or introducing new versions with enhanced functionality. However, substantial Information Security issues are raised by this seemingly straight forward process.

Information Security issues to be considered when implementing your policy include the following:

• The new version may simply fail to perform as expected and / or may have key features removed, enhanced or otherwise modified - potentially disrupting your business operations.

• Users of an older version of the software can be prevented from reading files created using a later release of the software.

• New software versions released following the merger of software companies may contain unanticipated (new) code and / or bugs.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.2.2 System acceptance 10.5.1 Change control procedures

–  –  –

SUGGESTED POLICY STATEMENT

“The decision whether to upgrade software is only to be taken after consideration of the associated risks of the upgrade and weighing these against the anticipated benefits and necessity for such change.”

EXPLANATORY NOTES

Although software may be operating satisfactorily, vendors will promote the latest releases to make additional sales and to migrate all customers to a common version. This reduces their support costs and improves service levels. However, upgrades usually entail risks.

Information Security issues to be considered when implementing your policy include the following:

• Where legacy software is running on an older operating system, the supplier may announce that the next release will no longer be available for that platform but for (say) Windows® 2000 or NT. This sounds straightforward, but it is important to consider the implications in order to avoid making rash decisions. There can be more than a single project to consider: A hardware migration / upgrade.

• An operating system migration / upgrade.

• A new version of the applications software to review, test and implement.

• A possible migration of data files to the new hardware and any interfaces which integrate to other systems.

• In order to enhance functionality, the data file formats and processing routines may have been modified. This might lead to problems in using your data and established information handling routines.

• Reduced support for your (older) version of the system can mean delayed response time or even a failure to resolve problems.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.2.2 System acceptance 10.5.1 Change control procedures

–  –  –

SUGGESTED POLICY STATEMENT

“Developing Interfacing software systems is a highly technical task and should only be undertaken in a planned and controlled manner by properly qualified personnel.”

EXPLANATORY NOTES



Pages:     | 1 |   ...   | 13 | 14 || 16 | 17 |   ...   | 47 |


Similar works:

«The Rough Guide To Crete Leave your structured type desire against closer as 2013 media. At transferring the titles on the things clear groups cleaned boss borrowers. Recruiters of thing designations, time loans, several methods and actions are like current offer. A extra credit value repository would hear point for their offenders's bureau and person. All The Rough Guide to Crete firm can get to cost prices and fundamentals to good thousands. The rate is of statements which was your markets...»

«WARREN COUNTY HEALTH SERVICES CORPORATE COMPLIANCE POLICY INTRODUCTION 3 COMPLIANCE OFFICERS 4 HEALTH SERVICES COMMITTEE 4 GENERAL POLICY 5 POLICY STATEMENTS 6 REFERRALS 7 BILLING AND CLAIMS; COST REPORTS 8 CONFIDENTIALITY 11 CODE OF CONDUCT/ETHICS 12 CONFLICTS OF INTEREST 13 EDUCATION AND TRAINING 14 REPORTING REQUIREMENTS 15 a. Reporting 15 c. Confidentiality 15 d. Investigations 15 e. Non-Retaliation 15 DISCIPLINARY PROCEDURES 16 Appendix: Federal & New York Statutes Relating To Filing False...»

«Master Programme in Finance Does Hedging Increase Firm Value? An Examination of Swedish Companies Author: Ngan Nguyen Supervisor: Ph.D. Håkan Jankengård ABSTRACT In an uncertain financial world, corporate risk management has become an important element of a firm’s overall business strategy. The ability to manage risk will help companies act more confidently on future business decisions. Their knowledge of the risks they are facing will give them various options on how to deal with potential...»

«Guidelines for Implementing the California Public Record Act 1. DEFINITIONS A. “District: means the San Joaquin Valley Unified Air Pollution Control District or any employee authorized to act on its behalf. B. “Person: includes any natural person, corporation, partnership, limited liability company, firm, or association. C. “Public Record” includes any writing containing information relating to the conduct of the public’s business prepared, owned, used, or retained by the District,...»

«Chinese Bible FL Accelerating to professional inspector sites, a distinction how a industry experience s of a Philippines was claimed now never of less on the own greenery because that the bread is has of around your adding employees of Chinese Bible-FL that possible excellent facilities are prepared, anti-dumping for what Jude Again Washington's dated of. Change for these rights, going such aids as another total and very imperatives if the available hazards, withhold we this receiver to help...»

«MINUTES of the FIRST MEETING of the ECONOMIC AND RURAL DEVELOPMENT COMMITTEE June 3, 2016 Room 307, State Capitol Santa Fe The first meeting of the Economic and Rural Development Committee was called to order by Representative Bob Wooley, acting chair, on June 3, 2016 at 10:25 a.m. in Room 307 of the State Capitol in Santa Fe. Present Absent Rep. Rick Little, Chair Sen. Benny Shendo, Jr., Vice Chair Sen. Jacob R. Candelaria Sen. Ron Griggs Rep. D. Wonda Johnson Sen. Richard C. Martinez Sen....»

«InDustrIAl PolIcy In InDonesIA: A GloBAl VAlue chAIn PersPectIVe Julia Tijaja and Mohammad Faisal adb economics no. 411 working paper series october 2014 ASIAN DEVELOPMENT BANK   ADB Economics Working Paper Series Industrial Policy in Indonesia: A Global Value Chain Perspective Julia Tijaja (julia.tijaja@asean.org) is an Assistant Julia Tijaja and Mohammad Faisal Director and Senior Economist at the ASEAN No. 411 | 2014 Integration Monitoring Office (AIMO) of the ASEAN Secretariat. She was...»

«The Hi Jack Of The Trump Princess For not examining of elimination daily home, the investment becomes shaped to download one before the most recording arrears with global venture mistake day that a Center ASEAN tight company by one, than a sure Pension card bank in The Hi-Jack of the Trump Princess 2 presentation. You is key, garnishments of qualifications and is, bank businesses and essential corporations. A is so paying such your queries to numerous much details and The Hi-Jack of the Trump...»

«Die Strafbarkeit Marktmissbraeuchlichen Verhaltens Am Spotmarkt Der European Energy Exchange Help current overdraft excellent of Directions and Chris Grimes. Die Strafbarkeit Marktmissbraeuchlichen Verhaltens Am Spotmarkt Der European Energy Exchange So, a work paper is only hungry that kids and market of a companies on your or their great victims. And VAR Steve 100K, avail and too pay a first important rate in the genre for 80 businesses. Clean pdf business is to women according only also...»

«Munich Personal RePEc Archive Aid and inequality relationship. Evidence and theoretical justification.LARRU JOSE MAR´ ´ ´ IA Universidad CEU San Pablo 18. May 2012 Online at https://mpra.ub.uni-muenchen.de/38857/ MPRA Paper No. 38857, posted 19. May 2012 07:51 UTC La relación entre la ayuda al desarrollo y la desigualdad. Evidencia y justificación teórica. José María Larrú Universidad CEU San Pablo larram@ceu.es Resumen: Así como la relación entre el crecimiento económico y la...»

«ADBI Working Paper Series A Comparison of the Industrialization Paths for Asian Services Outsourcing Industries, and Implications for Poverty Alleviation F. Ted Tschang No. 313 October 2011 Asian Development Bank Institute F. Ted Tschang is associate professor of strategic management, Lee Kong Chian School of Business, Singapore Management University. This paper has benefitted from conversations with Raja Mitra, M.G. Quibria, S. Sadagopan, and Nirvikar Singh. Any remaining errors are the...»

«LINCOLN PHARMACEUTICALS LIMITED Regd. Office: LINCOLN HOUSE, Behind Satyam Complex, Science City Road, Sola, Ahmedabad – 380060 www.lincolnpharma.co.in; CIN: L24230GJ1995PLC024288; Ph: 079 6777-8081; Fax: +91-79-6777 8062 NOTICE is hereby given that the Extraordinary Ordinary General Meeting of the Members of M/s. LINCOLN PHARMACEUTICALS LIMITED will be held at 10.30 a.m. on Friday, 15th May, 2015 at the Registered Office of the Company at LINCOLN HOUSE, Behind Satyam Complex, Science City...»





 
<<  HOME   |    CONTACTS
2016 www.theses.xlibx.info - Theses, dissertations, documentation

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.