WWW.THESES.XLIBX.INFO
FREE ELECTRONIC LIBRARY - Theses, dissertations, documentation
 
<< HOME
CONTACTS



Pages:     | 1 |   ...   | 17 | 18 || 20 | 21 |   ...   | 47 |

«Securing Information in the Digital Age Information Security Policies This document presents a suite of integrated solutions which, together, offer ...»

-- [ Page 19 ] --

• Failing to update the virus definition files on a regular basis increases the risk of infection from a variant for which you do not have the necessary vaccine. This can cause great damage • A failure to run regular virus scans across all data files on your server(s) reduces the ability to detect and cure a virus before its 'footprint' is identified by a user trying to open the file in question.

• A lack of user awareness about the risks involved in opening unsolicited e-mails may result in a virus infection spreading throughout your organisation.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.3.1 Controls against malicious software

–  –  –

SUGGESTED POLICY STATEMENT

"The threat posed by the infiltration of a virus is high, as is the risk to the organisation’s systems and data files. Formal procedures for responding to a virus incident are to be developed, tested and implemented. Virus Incident response must be regularly reviewed and tested."

EXPLANATORY NOTES

Despite general awareness and technical safeguards, some viruses nevertheless enter and infect the organisation's systems.

Dealing with a virus in a professional and planned way reduces both its impact and its spread throughout the organisation and beyond.

Information Security issues to be considered when implementing your policy include the following:

• A failure to respond appropriately to a virus incident can rapidly result in multiple systems failures and continued infection.

• Following a restore from backup, and despite having successfully 'quarantined' and applied vaccine to a file known to be infected with a virus, the infected file may be restored in error, and possibly cause more damage.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.3.1 Reporting security incidents 8.1.3 Incident management procedures 8.3.1 (g)/(h) Controls against malicious software

–  –  –

SUGGESTED POLICY STATEMENT

"Anti Virus software must be chosen from a proven leading supplier." Or a combination of such as suggested by the IT procurement regulations

EXPLANATORY NOTES

The development of anti-virus software is a highly technical and specialised area. Consequently, you should select your product with care.

Information Security issues to be considered when implementing your policy include the following:

• Inappropriate selection of anti-virus software leaves your organisation with inadequate protection.

• Because anti-virus definitions (the vaccine) are always retrospective, the selection of a brand leader should be carefully considered, as speed is critical.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.3.1 Controls against malicious software

–  –  –

Sub-Chapter 01 Complying with Legal Obligations Sub-Chapter 02 Complying with Policies Sub-Chapter 03 Avoiding Litigation Sub-Chapter 04 Other Legal Issues

–  –  –

Policy 070101 Being Aware of Legal Obligations Policy 070102 Complying with the Data Protection Act or Equivalent Policy 070103 Complying with General Copyright Legislation Policy 070104 Complying with Database Copyright Legislation

–  –  –

SUGGESTED POLICY STATEMENT

"Persons responsible for Human Resources Management are to ensure that all employees are fully aware of their legal responsibilities with respect to their use of computer based information systems and data. Such responsibilities are to be included within key staff documentation such as Terms and Conditions of Employment and the Organisation Code of Conduct."

EXPLANATORY NOTES

Awareness of legal aspects of using computer based information systems is important so that users do not inadvertently contravene legal requirements. Familiarity with relevant legal requirements to your duties and functions should be a requirement of your organisation's Information Security Policy.

Information Security issues to be considered when implementing your policy include the following:

• An absence of published guidelines relating to the legal aspects of using information systems may result in staff failing to comply with the law - leading to prosecution.

• Changes in the law may result in your organisation unintentionally committing an offence.

• The Terms and Conditions of Employment may not have stipulated that the Organisation Code of Conduct must be observed. This could result in the inability to bring disciplinary action against staff found to be in contravention.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.1.4 Terms and conditions of employment 12.1.1 Identification of applicable legislation

–  –  –

SUGGESTED POLICY STATEMENT

"The organisation intends to fully comply with the requirements of the constitution and related data protection legislation in so far as it directly affects the organisation's activities."

EXPLANATORY NOTES

Data protection legislation normally covers all types of information which may be either in electronic form or held as manual records. The legislation normally relates to the protection of the rights of individual persons. In many countries it also covers medical records although increasingly this type of information is governed by separate legislation. Internationally, Data Protection has become an important issue.





This policy covers its relevance to staff and third parties.

Information Security issues to be considered when implementing your policy include the following:

• If your staff are unaware of the principles of data protection, they may break the law without realising it.

• You are normally required to respond to legitimate enquiries from persons about whom you hold information. Failure to do so can result in legal action.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 12.1.4 Data protection and privacy of personal information

–  –  –

SUGGESTED POLICY STATEMENT

"Persons responsible for Human Resources Management are to prepare guidelines to ensure that all employees are aware of the key aspects of Copyright, Designs and Patents Act legislation (or its equivalent), in so far as these requirements impact on their duties."

EXPLANATORY NOTES

The protection of copyright is a global issue; viz. the Copyright. Infringement of copyright is a criminal matter. The simple act of copying copyrighted material constitutes a breach of the law. Even without selling such copies you risk imprisonment and fines. There are no mitigating circumstances.

Information Security issues to be considered when implementing your policy include the following:

• Lack of familiarity with copyright laws may result in inadvertent breaches of it (e.g.

making a spare copy of a computer manual), which potentially leads to legal action.

• A failure to adhere to the legal requirements relating to Software Licencing can result in legal action against the organisation and its Directors.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 12.1.2 Intellectual property rights (IPR)

–  –  –

SUGGESTED POLICY STATEMENT

"Persons responsible for Human Resources Management are to prepare guidelines to ensure that all employees are aware of the key aspects of Copyright and Rights in Databases Regulations legislation (or its equivalent), in so far as these requirements impact on their duties."

EXPLANATORY NOTES

In many countries there is legislation covering the protection of information copyrights held in databases.

This policy gives a brief outline of copyright, owner rights and user rights, both for online and paper based databases.

A contractual agreement setting out what can and cannot be done to a database is a way of minimising the risk of legal action by users or owners of databases.

Information Security issues to be considered when implementing your policy include the following:

• A database owned by your organisation that is not protected by contractual agreements may expose your organisation to possible ownership disputes.

• Lack of knowledge of database rights regulations could mean that a database which your organisation has compiled from various sources, infringes several copyrights.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 12.1.2 Intellectual property rights (IPR)

–  –  –

SUGGESTED POLICY STATEMENT

"Persons responsible for Human Resources Management are to prepare guidelines to ensure that all employees are aware of the key aspects of Software Copyright and Licensing legislation, in so far as these requirements impact on their duties."

EXPLANATORY NOTES

All industrialised countries have specific legislation governing intellectual property rights and software licencing. This policy looks at copyright and software licensing issues from a legal perspective.

Copying and distributing software is illegal, unless permission is expressly granted by the owner of the software.

Information Security issues to be considered when implementing your policy include the following:

• Unless your organisation has a licence from the owner of the software to copy and distribute computer software, copying is illegal.

• Software may be copied and distributed across your computer network in contravention of the licensing agreement. This illegal activity threatens your organisation's integrity and may result in legal action.

• Use of unlicensed software by contractors or consultants on your premises could result in legal action being taken against your organisation.

• If required, you must be able to produce the licences for inspection, or potentially risk a fine and possible public embarrassment.

N.B. To enforce the position, some organisations have voluntarily 'opened their doors' to inspectors from the Federation Against Software Theft (FAST) to confirm both their software legality and their procedures for preventing infringement of the law.

• Where a legitimate licence has been purchased, lack of internal controls can result in the maximum number of permitted users being exceeded. A single excess copy places your organisation at risk from prosecution under copyright laws.

• You should always obtain legal advice on the local requirements and legislation governing intellectual property rights and software licencing.

• Resale of old or redundant computer equipment can result in an infringement of the copyright law, as software licence agreements may not be transferable.

• If 'shareware' software, downloaded from public networks (e.g. the Internet), is used beyond its evaluation period (as stated within the EULA) infringement of the terms of the licence is likely.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 12.1.2 Intellectual property rights (IPR)

–  –  –

SUGGESTED POLICY STATEMENT

"Persons responsible for Human Resources Management are to prepare guidelines to ensure that all employees are aware of the key aspects of Computer Misuse legislation (or its equivalent), in so far as these requirements impact on their duties."

EXPLANATORY NOTES

Computer misuse policy should take into consideration the following:

1) Unauthorised access to computer systems which covers anything from harmless exploration, to hacking for access to specific data.

2) Unauthorised access to computer systems with the intent of using the information accessed for a further offence, e.g. extortion.

3) Offences are those of unauthorised access to computer systems with the intent of modifying the contents of the computer.

Information Security issues to be considered when implementing your policy include the following:

• Persons who store, copy or distribute illegal or offensive material may be committing an offence.

• Authority to access the organisation's systems may be assumed, because unauthorised access is not expressly prohibited.

• System software messages, displayed prior to authenticated logon, can be construed as an invitation to use the computer system, and potentially encourage unauthorised access.

• Pre-login information screen messages which describe the services or options available to users once they have logged in, can increase the risk of further attempts to access your information systems.

• System capacity and performance can deteriorate when unauthorised programs are run, possibly resulting in delays to critical business processing.

• Staff using the organisation's computer systems to process private data (e.g. mailing lists, creating a Web site, etc.) may not only be wasting time and resources, but additionally be committing offences.

• Where the terms and conditions of third party access to your organisations' systems are not covered by the associated contractual agreements between the respective organisations, your organisation is exposed to possible prosecution in the event of computer misuse.

• Legal advice should always be obtained when considering organisational policy on computer misuse.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 12.1.5 Prevention of misuse of information processing facilities

–  –  –

SUGGESTED POLICY STATEMENT

"The organisation will maintain a suitable archiving and record retention procedure."

EXPLANATORY NOTES

Retention of records and storage media is often a legal requirement. This topic looks at the issue of access to archived data being difficult or impossible, and thereby restricting your organisation's ability to meet its legal obligations.



Pages:     | 1 |   ...   | 17 | 18 || 20 | 21 |   ...   | 47 |


Similar works:

«JCMS 2004 Volume 42. Number 3. pp. 523–51 Conditionality and Compliance in the EU’s Eastward Enlargement: Regional Policy and the Reform of Sub-national Government* JAMES HUGHES London School of Economics and Political Science GWENDOLYN SASSE London School of Economics and Political Science CLAIRE GORDON London School of Economics and Political Science Abstract Studies of EU conditionality assume one basic premise: that it exists and works because there is a power asymmetry which enables...»

«AGENDA SLU Business Manager Meeting March 10, 2016 Center for Global Citizenship 9:00a.m.-10:30a.m.1) Announcements – Janet Strader  Sign in Sheets & Introduction of new employees  Solicit questions regarding FY17 budget  Future Business Manager Meetings  Solicit input to enhance/expand meeting topics  jstrade1@slu.edu or 7-2891  June 9, 2016 LRC, Pitlyk Auditorium A 2) Office of Admission/Enrollment Update – Jean Gilman 3) Business Services-eProcurement Update – Anne...»

«The Normalization of Economic Life: Representations of the Economy in Golden-Age Buenos Aires, 1890 –1913 Ricardo D. Salvatore This essay examines the cultural impact of the market transition in Buenos Aires during the so-called golden age (ca. 1890 –1913), when Argentina experienced a process of export-led growth, centered on agriculture and livestock. The international mobility of labor and capital resources, in a context of an expanding frontier, facilitated rapid and important gains in...»

«CONTABILIDAD Y DESARROLLO ECONÓMICO. EL PAPEL DE LOS MODELOS CONTABLES DE PREDICCIÓN. ESPECIAL REFERENCIA A LAS NIC’S CONTABILIDAD Y DESARROLLO ECONÓMICO. EL PAPEL DE LOS MODELOS CONTABLES DE PREDICCIÓN. ESPECIAL REFERENCIA A LAS NIC’S1 Ponencia presentada en el Simposio Análisis y propuestas creativas ante los retos del nuevo entorno empresarial. Universidad ICESI y Revista Estudios Gerenciales. Cali, Colombia, Octubre de 2009 Jorge Tua Pereda Catedrático de Economía Financiera y...»

«ECONOMIC GROWTH AND TAX POLICY Scheduled for a Public Hearing Before the SENATE COMMITTEE ON FINANCE on February 24, 2015 Prepared by the Staff of the JOINT COMMITTEE ON TAXATION   February 20, 2015 JCX-47-15 CONTENTS Page INTRODUCTION AND SUMMARY I.  ECONOMIC GROWTH A.  Overview B.  Labor Supply C.  Capital Investment D.  Technological Progress E.  Human Capital II.  BACKGROUND DATA i INTRODUCTION AND SUMMARY The Senate Committee on Finance has scheduled a public hearing on February...»

«CURRICULUM VITAE MARTIN CARNOY Professor of Education Stanford University School of Education Stanford, California 94305 Tel: (650) 725-1254 EDUCATION B.S. California Institute of Technology, Electrical Engineering, June, 1960. M.A. University of Chicago, Department of Economics, 1961. Ph.D. University of Chicago, Department of Economics, 1964. Thesis: The Cost and Return to Schooling in Mexico (unpublished) Thesis Advisors: Professors T.W. Schultz, H. Gregg Lewis, and Arnold Harberger....»

«ROUTLEDGE LIBRARY EDITIONS: ACCOUNTING Volume 37 INTERNATIONAL GROUP ACCOUNTING This page intentionally left blank INTERNATIONAL GROUP ACCOUNTING Issues in European Harmonization Edited by S. J. GRAY, A. G. COENENBERG AND P. D. GORDON ROUTLEDGE Routledge Taylor & Francis Group LO N D O N AN D NEW YORK First published in 1988 Second edition published in 1993 This edition first published in 2014 by Routledge 2 Park Square, Milton Park, Abingdon, Oxon, OX14 4RN and by Routledge 711 Third Avenue,...»

«TEMA 2 – LA FUNCIÓN EMPRESARIAL 2 TEMA 3 – CARACTERÍSTICAS DE LA FUNCIÓN EMPRESARIAL 7 TEMA 4 – PROBLEMAS EPISTEMOLÓGICOS DE LAS CIENCIAS DE LA ACCIÓN HUMANA 21 TEMA 5 – THE CRITIQUE OF POSITIVISM 26 TEMA 6 – LA ECONOMÍA Y LA REBELIÓN CONTRA LA RAZÓN 37 TEMA 7 UN PRIMER ANÁLISIS DE LA CATEGORÍA DE ACCIÓN 39 TEMA 10 – LA ACCIÓN EN EL MUNDO 42 TEMA 11 – LA SOCIEDAD HUMANA 53 TEMA 13 EL INTERCAMBIO EN LA SOCIEDAD 60 TEMA 14 – EVALUACIÓN SIN CÁLCULO 65 TEMA 18 – EL...»

«The Horizon Book Of The Age Of Napoleon Free Form examples are purchased perks with paying the wake if the investment on high. Calling the advertising potentially The Horizon book of the age of Napoleon is so more with gaining in advancements much The Horizon book of the age of Napoleon as possible finances and you have to take strong home-based collateral day for debt, download of training and during question to easily minimize the success a schedule has closing up. A is one of that back large...»

«AL NORTE DEL RIO GRANDE ALLAN LAVELL (COMPILADOR) Primera Edición: Febrero de 1994 CIENCIAS SOCIALES, DESASTRES: UNA PERSPECTIVA NORTEAMERICANA Red de Estudios Sociales en Prevención de Desastres en América Latina TABLA DE CONTENIDO ¿QUÉ CUESTA MÁS, LA PREVENCIÓN O LA RECUPERACIÓN? MARY B. ANDERSON VINCULACIÓN ENTRE DESASTRES Y DESARROLLO DEFINICIONES ANÁLISIS DE COSTO-BENEFICIO MODELOS EN EL MUNDO DESARROLLADO EL COSTO SUPERIOR DE LOS DESASTRES EN LOS PAÍSES EN VÍAS DE DESARROLLO...»

«Polish Heritage Of Joseph Conrad The debt is the chair, products/services but the knowledgeable he/she offered amongst financial worldwide marketers, a business though accounting transactions offered than the dominant incoming matter of this detailed logo or installing again and however, and the factor into pdf experts disputed to this less Polish Heritage of Joseph Conrad process if the new training and additional and bad. Implement support skilled achievements and be clients to repeat move to...»

«Federal Reserve Bank of New York Staff Reports Has the Credit Default Swap Market Lowered the Cost of Corporate Debt? Adam B. Ashcraft João A. C. Santos Staff Report no. 290 July 2007 This paper presents preliminary findings and is being distributed to economists and other interested readers solely to stimulate discussion and elicit comments. The views expressed in the paper are those of the authors and are not necessarily reflective of views at the Federal Reserve Bank of New York or the...»





 
<<  HOME   |    CONTACTS
2016 www.theses.xlibx.info - Theses, dissertations, documentation

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.