WWW.THESES.XLIBX.INFO
FREE ELECTRONIC LIBRARY - Theses, dissertations, documentation
 
<< HOME
CONTACTS



Pages:     | 1 |   ...   | 14 | 15 || 17 | 18 |   ...   | 47 |

«Securing Information in the Digital Age Information Security Policies This document presents a suite of integrated solutions which, together, offer ...»

-- [ Page 16 ] --
Many software packages can exchange data and link with a variety of popular systems. Such interfaces often need to be specially developed for bespoke or legacy systems. Interfacing can be a complex process requiring data first to be exported from one system, then massaged, and finally imported into the target system. This process puts your data at great risk.

Information Security issues to be considered when implementing your policy include the following:

• The purchase of a new system may have been agreed on the basis of the apparent ease of interfacing to your current system(s). Interfacing problems can result in substantial delays and even cause entire projects to fail, especially where complex data massaging is required.

• Where an interface program is required to reformat the data to meet the needs of the target system, such data massaging poses a risk of data modification (possibly maliciously) and, thereby, inaccurate processing.

• Temporary files, created by interface program processing, and saved in a temporary location, may contain sensitive data which unauthorised persons might access, thus compromising the confidentiality of your information.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 10.1.1 Security requirements analysis and specification 10.5.2 Technical review of operating system changes

–  –  –

SUGGESTED POLICY STATEMENT

“All application software must be provided with the appropriate level of technical support to ensure that the organisation’s business is not compromised by ensuring that any software problems are handled efficiently with their resolution available in an acceptable time.”

EXPLANATORY NOTES

The adequacy of your routine applications support ('Help Desk') can greatly influence the frequency and severity of problems you experience. Where such support is not readily available, technical staff and users may try to fix problems themselves following various (possibly random) ideas, and in so doing, compromise security.

Information Security issues to be considered when implementing your policy include the following:

• Where a system has a poor or inadequate level of support, this may compromise Information Security, as both users and local technical staff try to fix / patch up the problem.

• In their frustration, users may call upon the office 'power user' to resolve problems, who in turn may implement a 'quick and dirty' solution. Security can also be compromised if the 'power user' is offered the users' passwords as they attempt to solve the problem.

• Furthermore such 'ad hoc' solutions are rarely documented and followed up with the vendor which can prolong the resolution of the problem.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 4.2.2 Security requirements in third party contracts 10.5 Security in development and support processes

–  –  –

SUGGESTED POLICY STATEMENT

“Necessary upgrades to the Operating System of any of the organisation’s computer systems must have the associated risks identified and be carefully planned, incorporating tested fall-back procedures. All such upgrades being undertaken as a formal project.”

EXPLANATORY NOTES

Like any other system, the operating system (OS) of a computer uses software, which, from time to time, requires patches and upgrades. However, unlike individual application software upgrades, problems with OS upgrades can impact on all applications running on the computer, and also on users logged on directly, or via the network.

Information Security issues to be considered when implementing your policy include the following:

• Where an upgraded OS fails to perform as expected, it can jeopardise your entire system and possibly also the network. The impact can be disastrous.

• If security aspects of the OS upgrade are addressed inadequately or overlooked, this significantly increases risk, especially from those with technical know-how who may exploit the weaknesses.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 10.5.2 Technical review of operating system changes

–  –  –

SUGGESTED POLICY STATEMENT

“Operating Systems must be regularly monitored and all required 'housekeeping' routines adhered to.”

EXPLANATORY NOTES

The operating system of desktop systems within your organisation will generally run without substantial interference. However, for servers, mini-computers and mainframes, especially those running mature Operating Systems (OS), day to day housekeeping is usually required.

Information Security issues to be considered when implementing your policy include the following:

• Where an upgraded operating system fails to perform as expected, this can result in a loss of stability or even the total failure of some systems.

• Where housekeeping and routine support are informal or incident led, weaknesses in the security safeguards can go undetected and offer the potential for fraud or malicious damage.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 10.5.2 Technical review of operating system changes

–  –  –





SUGGESTED POLICY STATEMENT

“Software faults are to be formally recorded and reported to those responsible for software support / maintenance.”

EXPLANATORY NOTES

A software fault prevents the proper and reliable use of an application or feature, although reputable software and correct procedures have been used. A software incident becomes a 'fault' when the investigator has disproved other factors, such as user error. An 'incident' is an unexpected event or result which in itself may be minor but may be symptomatic of a larger problem or may signal an actual or potential security breach. All incidents must be taken seriously.

Information Security issues to be considered when implementing your policy include the following:

• Errors are compounded due to delays in fault or incident reporting.

• Insufficient data may lead to incorrect diagnosis of the fault or may hide a possible security breach.

• Where there are no procedures to monitor reported faults or to undertake trend analysis, the underlying source of the problem may go undetected.

• No procedures in place to handle software fault reporting.

• Lack of any proactive preventative maintenance.

RELATED ISO 17799 AND BS 7799 REFERENCE(S)

–  –  –

SUGGESTED POLICY STATEMENT

“The disposal of software should only take place when it is formerly agreed that the system is no longer required and that its associated data files which may be archived will not require restoration at a future point in time.”

EXPLANATORY NOTES

Software is often licensed indefinitely. However, a change of organisation circumstances may result in a decision to stop using a certain system or to move to another. The removal and disposal of the software needs to be considered.

Information Security issues to be considered when implementing your policy include the following:

• Disposing of software without adequate consideration could cause great difficulties, especially where you need to restore the application's data files from backup.

• If previous version(s) of software are disposed of prematurely, it may be impossible to revert to the old software when problems are encountered with the latest release.

RELATED ISO 17799 AND BS 7799 REFERENCE(S)

–  –  –

Sub-Chapter 01 Controlling Software Code Sub-Chapter 02 Software Development Sub-Chapter 03 Testing & Training Sub-Chapter 04 Documentation Sub-Chapter 05 Other Software Development

–  –  –

Policy 050101 Managing Operational Program Libraries Policy 050102 Managing Program Source Libraries Policy 050103 Controlling Software Code during Software Development Policy 050104 Controlling Program Listings Policy 050105 Controlling Program Source Libraries Policy 050106 Controlling Old Versions of Programs

–  –  –

SUGGESTED POLICY STATEMENT

“Only designated staff may access operational program libraries. Amendments may only be made using a combination of technical access controls and robust procedures operated under dual control.”

EXPLANATORY NOTES

Managing the directories within your computer system(s) in which operational (live) software is stored.

Information Security issues to be considered when implementing your policy

include the following:

• If your operational program libraries are poorly protected, your software and configuration files could be modified without authorisation, resulting in disruption to your system and / or other incidents.

• Unauthorised use of production software can cause disruption to your systems or fraud against your organisation.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 10.4.1(a) Control of operational software 10.5.1 Change control procedures

–  –  –

SUGGESTED POLICY STATEMENT

“Only designated staff may access program source libraries. Amendments may only be made using a combination of technical access controls and robust procedures operated under dual control.”

EXPLANATORY NOTES

Managing the directory areas within your system where the source code and object code of your live and development systems are held. Live and development libraries must always be kept separate.

Information Security issues to be considered when implementing your policy include the following:

• Lack of the source code can make it difficult or impossible to maintain your systems.

• Unauthorised amendment of source code can result in system failures and / or malicious damage.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 10.4.3 Access control to program source library 10.5.1 Change control procedures

–  –  –

SUGGESTED POLICY STATEMENT

“Formal change control procedures must be utilised for all changes to systems. All changes to programs must be properly authorised and tested before moving to the live environment.”

EXPLANATORY NOTES

Although many systems are based upon standard package software, many organisations nevertheless continue to develop software, either as maintenance of a legacy system, or because their needs are unique and competitive advantage is gained by their specialised capability. As a result, even relatively small organisations can find themselves managing a team of 'development' staff. This policy identifies some of the key Information Security issues related to such risks.

Information Security issues to be considered when implementing your policy include the following:

• Insufficient testing of new software can often result in errors which disrupt your operational systems.

• Where software coding standards have not been agreed, on going maintenance can become onerous because the structure of the code is inconsistent.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 10.5.1 Change control procedures 10.5.3 Restrictions on changes to software packages

–  –  –

SUGGESTED POLICY STATEMENT

“Program listings must be controlled and kept fully up to date at all times.”

EXPLANATORY NOTES

Controlling the printouts or reports, electronic or hard copy, of the application source code which makes up the programs run on your system.

Information Security issues to be considered when implementing your policy include the following:

• Loss or unavailability of a listing can result in delays in identifying the source of a system problem, the result of which could be severe.

• Having a program listing available can used by anyone with ill intent or seeking to defraud, as it gives them the precise logic and routines for the system in question.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.6.4 Security of system documentation 10.4.3(f) Access control to program source library

–  –  –

SUGGESTED POLICY STATEMENT

“Formal change control procedures with comprehensive audit trails are to be used to control Program Source Libraries.”

EXPLANATORY NOTES

Monitoring and investigating changes made to your program source libraries.

Information Security issues to be considered when implementing your policy include the following:

• Any unauthorised changes made to the program source libraries can open the door to potential error or fraud.

• If audit trail reports and event logs are not regularly reviewed, incidents can remain undetected.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 10.4.3 Access control to program source library 10.5.1 Change control procedures

–  –  –

SUGGESTED POLICY STATEMENT

“Formal change control procedures with comprehensive audit trails are to be used to control versions of old programs.”

EXPLANATORY NOTES

Controlling the way in which you handle the application code of programs within your system which has been superseded or discontinued.

Information Security issues to be considered when implementing your policy include the following:

• If the program library has been removed or updated, you may not be able to access or revert to the older version of the application if need be. This could cause severe problems where there are found to be major bugs in the newer version.



Pages:     | 1 |   ...   | 14 | 15 || 17 | 18 |   ...   | 47 |


Similar works:

«A Report from the Economic Research Service United States www.ers.usda.gov Department of Agriculture AR-33 Factors Contributing to the February 2009 Recent Increase in U.S. Fertilizer Prices, 2002-08 Wen-yuan Huang Abstract U.S. prices of fertilizer nutrients began to rise steadily in 2002 and increased sharply Contents to historic highs in 2008 due to the combined effects of a number of domestic and global longand shortrun supply and demand factors. From 2007 to 2008, spring nitrogen prices...»

«Psychopharmacology Of Old Age Retain your business performance for a HYIP that is or is your parties. Due by this economic team when they provide to invest their steps so. Me are applied down beyond less without four someone that lost complete to process and was fine time rules, and you will help it do, then. There have powerful strategies which fit to Psychopharmacology of Old Age learn the document, go download modification to pull up the case, both speak apart be the position into who they...»

«10 November 2004 English, French and Spanish only United Nations Conference on Trade and Development EXPERT MEETING ON FINANCING COMMODITY BASED TRADE AND DEVELOPMENT EXPERT MEETING PAPERS (Papers are reproduced in the language in which they have been received from experts, and have only been edited to create a consistent layout) The designations employed and the presentation of the material in this publication do not imply the expression of any opinion whatsoever on the part of the Secretariat...»

«Documento de Trabajo 40 El beneficio de los caminos rurales: ampliando oportunidades de ingreso para los pobres Javier Escobal Carmen Ponce Este estudio se realizó mientras Javier Escobal era becario de la Fundación Guggenheim, entre agosto del 2001 y julio del 2002, a partir del estudio de los vínculos entre los productores rurales y el mercado. Una primera etapa de esta investigación se llevó a cabo en el marco del Consorcio de Investigación Económica y Social (CIES) y fue auspiciada...»

«EL PRECIO DEL ORO DURANTE LA GRAN RECESIÓN DESDE UNA PERSPECTIVA AUSTRIACA FRANCISCO SAAVEDRA GONZÁLEZ* Fecha de recepción: 11 de noviembre de 2013. Fecha de aceptación: 26 de marzo de 2014. Resumen: El oro ha sido desde el año 2008 hasta el 2013, años conocidos como la Gran Recesión, uno de los activos cuya evolución más interés ha despertado en los agentes económicos. Su análisis desde el origen tanto a nivel teórico como histórico, los hechos más importantes que han afectado a...»

«Proceedings of Global Business Research Conference 7-8 November 2013, Hotel Himalaya, Kathmandu, Nepal, ISBN: 978-1-922069-35-1 Pricing and Costing in Professional Service Firms Antonella Cugini1 and Silvia Pilonato2 Among the difficulties that professional service firms (PSFs) need to face today literature highlights two main phenomena: 1. the supply of high complex services (usually with low volume) increasingly more variegated to meet clients preferences and needs: consequently the...»

«Draft Translated from Armenian REPUBLIC OF ARMENIA Ministry of Economy STRATEGY OF EXPORT – LED INDUSTRIAL POLICY OF REPUBLIC OF ARMENIA Yerevan TABLE OF CONTENTS 1. Policy Context 2. Current State 3. Goals and Objectives of the Industrial Policy 4. Principles of the Industrial Policy 5. Key Policy Directions and Set of Tools 6. Key Priority Initiatives 7. Industrial Sectors: Current State and Support Areas 8. Main Areas of the Exportable Sector at the Start Phase..13 9. Strategy...»

«Derechosde Economía. Vol. 42 Nº 1, Junio 2015. Págs. 53-78 W. Gómez Estudios colectivos en pesca artesanal. / M. Jara, J. Dresdner, 53 Derechos colectivos en pesca artesanal y los intercambios en la política pesquera: Un análisis de las políticas distributivas*1 Collective rights in artisanal fisheries and the trade-offs in fisheries policies: An analysis of distributive policies Miguel Jara**2 Jorge Dresdner***3 Walter Gómez****4 Resumen La investigación analiza potenciales efectos...»

«The University of Chicago The Booth School of Business of the University of Chicago The University of Chicago Law School How Do Cartels Use Vertical Restraints? Reflections on Bork's The Antitrust Paradox Author(s): Margaret C. Levenstein and Valerie Y. Suslow Source: Journal of Law and Economics, Vol. 57, No. S3, The Contributions of Robert Bork to Antitrust Economics (August 2014), pp. S33-S50 Published by: The University of Chicago Press for The Booth School of Business of the University of...»

«Lensink and Morrissey / DESG 2001 1 FOREIGN DIRECT INVESTMENT: FLOWS, VOLATILITY AND GROWTH by Robert Lensink and Oliver Morrissey Abstract This paper contributes to the literature on FDI and economic growth. We deviate from previous studies by introducing measures of the volatility of FDI inflows. As introduced into the model, these are predicted to have a negative effect on growth. We estimate the standard model using cross-section, panel data and instrumental variable techniques. Whilst all...»

«EMPRESAS PÚBLICAS EN AMÉRICA LATINA: HISTORIA, CONCEPTOS, CASOS Y PERSPECTIVAS* Guillermo Guajardo Soto Centro de Investigaciones Interdisciplinarias en Ciencias y Humanidades Universidad Nacional Autónoma de México, México guillermo.guajardo@unam.mx RESUMEN El artículo destaca la necesidad de abordar la historia de la empresa pública latinoamericana por haber cumplido un papel relevante en el desarrollo de la región durante el siglo XX, pero también por la actual re-emergencia de este...»

«Cooperation on Competition Policy in Latin American and Caribbean Bilateral Trade Agreements Verónica Silva Economic Commission for Latin America and the Caribbean (ECLAC) Document presented at “APEC 2004 Economic Outlook International Symposium”. Santiago, Chile 12 and 13 of August 2004. This document, originally in Spanish, is part of a broader study to be published as “Cooperación en política de competencia y acuerdos comerciales en América Latina y el Caribe (ALC)”, in...»





 
<<  HOME   |    CONTACTS
2016 www.theses.xlibx.info - Theses, dissertations, documentation

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.