WWW.THESES.XLIBX.INFO
FREE ELECTRONIC LIBRARY - Theses, dissertations, documentation
 
<< HOME
CONTACTS



Pages:     | 1 || 3 | 4 |   ...   | 47 |

«Securing Information in the Digital Age Information Security Policies This document presents a suite of integrated solutions which, together, offer ...»

-- [ Page 2 ] --

4) Supply confidential information to a vendor which can lead to commercial damage thorough unauthorised disclosure.

• A number of comparable bids are necessary to make an informed comparison and purchase appropriately; without these you risk a sub-optimum quote.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) Authorisation process for information processing facilities 4.1.4

–  –  –

SUGGESTED POLICY STATEMENT

“All new hardware installations are to be planned formally and notified to all interested parties ahead of the proposed installation date. Information Security requirements for new installations are to be circulated for comment to all interested parties, well in advance of installation.”

EXPLANATORY NOTES

Installation of new equipment must be properly considered and planned to avoid unnecessary disruption and to ensure that the Information Security issues are adequately covered.

Information Security issues to be considered when implementing your policy include the following:

• The equipment must be located in a suitable environment otherwise it may fail.

• Any disclosure of your network diagrams, security features, locations, configurations etc.

exposes potential vulnerabilities which could be exploited.

• Leaving software tools, utilities and developer's kits on your new system endangers the confidentiality and integrity of your data.

• Without an installation plan for the new equipment, disruption to operational systems is more likely.

• Where the installation plan does not include safeguards against the (inevitable) increased security threat resulting from (relatively) 'open access' to the systems area, accidental or malicious damage can result.

• Breaches of Health and Safety regulations endanger the well-being of your staff and your organisation's commercial activities.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 4.1.4 Authorisation process for information processing facilities

–  –  –

SUGGESTED POLICY STATEMENT

“All equipment must be fully and comprehensively tested and formally accepted by users before being transferred to the live environment.” This testing can either be conducted on sight or through a dedicated third party/agency.

EXPLANATORY NOTES

Hardware should be tested when new to verify it is working correctly, and then further tests applied periodically to ensure continued effective functioning.

Information Security issues to be considered when implementing your policy include the following:

• Where new equipment is not tested for critical functions before being used, it can lead to failure and hence damage to both data and other linked systems.

• Inadequate testing can threaten the integrity and availability of your data.

• Where testing is performed in a manner that does not simulate live conditions, the results of such testing cannot be relied upon.

• Poor security procedures during equipment testing can compromise the confidentiality of your data.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 4.1.4 Authorisation process for information processing facilities

–  –  –

SUGGESTED POLICY STATEMENT

“An Uninterruptible Power Supply is to be installed to ensure the continuity of services during power outages.”

EXPLANATORY NOTES

An Uninterruptible Power Supply is a critical hardware component which enables continuity of function in the event of a power failure.

Information Security issues to be considered when implementing your policy include the following:

• If the mains power fails for any reason, your system will crash and data files may be corrupted.

• A malfunctioning UPS may cause your systems to crash in an uncontrolled manner following a mains electrical failure. Such crashes can often corrupt data files.

RELATED ISO 17799 AND BS 7799 REFERENCE(S)

–  –  –

SUGGESTED POLICY STATEMENT

“Secondary and backup power generators are to be employed where necessary to ensure the continuity of services during power outages.”

EXPLANATORY NOTES

The issues that arise when standby generators are used as a safeguard against mains electricity failure.

Such generators are usually employed with Uninterruptible Power Supplies.

Information Security issues to be considered when implementing your policy include the following:

• If the mains power supply fails, and the generator malfunctions, your system will crash, not only probably losing current data, but also the data file(s) open at the time. Such an event can turn a potentially small incident into a disaster.

• Without a generator, any UPS will drain its battery charge within a relatively short period, thus preventing systems' usage during a prolonged power failure.

RELATED ISO 17799 AND BS 7799 REFERENCE(S)

–  –  –





SUGGESTED POLICY STATEMENT

“Sensitive or confidential information may only be faxed where more secure methods of transmission are not feasible. Both the owner of the information and the intended recipient must authorise the transmissions beforehand.”

EXPLANATORY NOTES

This policy considers the threats associated with the use of fax machines. The risks stem primarily from the relative insecurity of the medium.

Information Security issues to be considered when implementing your policy include the following:

• Confidential data can be disclosed to unauthorised persons.

• Fraudulent incoming messages may result in action being taken that is detrimental to your organisation.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.7.5 Security of electronic office systems 8.7.7 Other forms of information exchange

–  –  –

SUGGESTED POLICY STATEMENT

“Sensitive or confidential information may only be sent via public telephone lines where more secure methods of transmission are not feasible. Both the owner of the information and the recipient must authorise the transmission beforehand.”

EXPLANATORY NOTES

This policy relates to the potential dangers arising when using Modems, ISDN links and DSL connections to access the public telephone network to link geographically diverse parts of your computer systems.

Information Security issues to be considered when implementing your policy include the following:

• These services provide an instant extension of your network, but use insecure public lines and therefore increase the risk of attack.

• Data transmitted over such connections may be exposed during transmission.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.7.5 Security of electronic office systems

–  –  –

SUGGESTED POLICY STATEMENT

“Information classified as Highly Confidential or Top Secret, may never be sent to a network printer without there being an authorised person to safeguard its confidentiality during and after printing.”

EXPLANATORY NOTES

Printers output information on a continual basis in many offices, and the content of that information can vary from inconsequential intra-office notices, to highly confidential information with a restricted circulation.

Information Security issues to be considered when implementing your policy include the following:

• Confidential information may be revealed to unauthorised persons.

• Pre-printed computer stationery may be used fraudulently.

• Printer malfunctions can result in unintelligible output; especially where multiple language fonts are being used.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 7.3.1(f) Clear desk and clear screen policy 8.6 Media handling and security

–  –  –

SUGGESTED POLICY STATEMENT

“Network cabling should be installed and maintained by qualified engineers to ensure the integrity of both the cabling and the wall mounted sockets. Any unused network wall sockets should be sealed-off and their status formally noted.”

EXPLANATORY NOTES

Network cabling remains a vulnerable target as in many organisations it is exposed and unprotected.

Information Security issues to be considered when implementing your policy include the following:

• Malicious damage to networks can cause disruption to processing and communications.

• Illegal tapping of networks can compromise your data and security measures, such as user names and passwords.

• Accidental damage to network cables can threaten data processing.

RELATED ISO 17799 AND BS 7799 REFERENCE(S)

–  –  –

SUGGESTED POLICY STATEMENT

“IT Consumables must be purchased in accordance with the organisation's approved purchasing procedures with usage monitored to discourage theft and improper use.”

EXPLANATORY NOTES

Examples of consumables are printer forms, stationery, printer paper, toner and ribbons.

Information Security issues to be considered when implementing your policy include the following:

• Pilfering of your consumables results in increased organisational expense.

• Consumables may be stolen with the intent to defraud your organisation or customers.

• Confidential data may be revealed to unauthorised persons from discarded consumables, e.g. discarded draft printer output RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.6.1 Management of removable computer media

–  –  –

“Only personnel who are authorised to install or modify software shall use removable media to transfer data to / from the organisation’s network. Any other persons shall require specific authorisation.”

EXPLANATORY NOTES

When using removable storage media, there are additional Information Security risks associated with the portability of the media.

Information Security issues to be considered when implementing your policy include the following:

• Loss or 'disappearance' of disks, tapes, etc. can compromise the confidentiality of the organisation's data.

• Damage to media compromises the integrity of your corporate records.

RELATED ISO 17799 AND BS 7799 REFERENCE(S)

–  –  –

Policy 010401 Contracting or Using Outsourced Processing Policy 010402 Issuing Laptop / Portable Computers to Personnel Policy 010403 Using Laptop/Portable Computers

–  –  –

SUGGESTED POLICY STATEMENT

“Persons responsible for commissioning outsourced computer processing must ensure that the services used are from reputable companies that operate in accordance with quality standards which should include a suitable Service Level Agreement which meets the organisation’s requirements.” The facilitation and ensurance of such functions should be entrusted to a central and dedicated organisation e.g. SITA (ITAC).

EXPLANATORY NOTES

The following issues should be considered if your organisation decides to outsource some or all of its computer processing.

Information Security issues to be considered when implementing your policy include the following:

• Inadequate performance can threaten your organisation's information processing and business operations.

• Poor reliability can threaten the performance of your business.

• Lack of direct control when outsourcing can compromise data confidentiality.

• Inadequate controls to assure legal compliance, e.g. Data Protection regulations.

• Inadequate Disaster Recovery plans can terminate your organisation's commercial activities in the event of an unforeseen problem.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 4.3.1 Security requirements in outsourcing contracts 10.5.5 Outsourced software development

CHAPTER 01 - SECURING HARDWARE, PERIPHERALS AND OTHER EQUIPMENT

SUB-CHAPTER 04 - WORKING OFF PREMISES OR USING OUTSOURCED PROCESSING

6)

–  –  –

SUGGESTED POLICY STATEMENT

“Line management must authorise the issue of portable computers. Usage is restricted to business purposes, and users must be aware of, and accept the terms and conditions of use, especially responsibility for the security of information held on such devices.”

EXPLANATORY NOTES

Laptops, Portables, Palmtops - even electronic 'organisers' which connect to and store your organisation's data - are included within this policy. Collectively, they are referred to as portable computers.

Information Security issues to be considered when implementing your policy include the following:

• Confidential data disclosed to unauthorised persons can damage the organisation.

• The use of unlicensed software can subject your organisation to legal action.

• Viruses, Worms, Trojans and other Malicious code can corrupt both data and the system files.

• Theft of the portable computer exposes the organisation to the threat of disclosure of sensitive corporate data to competitors.

• Inadequate backup and recovery routines can lead to the loss of data.

RELATED ISO 17799 AND BS 7799 REFERENCE(S)

–  –  –

CHAPTER 01 - SECURING HARDWARE, PERIPHERALS AND OTHER EQUIPMENT



Pages:     | 1 || 3 | 4 |   ...   | 47 |


Similar works:

«POLITICAL EFFECTS OF THE GREAT RECESSION Larry M. Bartels America’s political response to the Great Recession was surprising to pundits, but ABSTRACT mostly consistent with patterns familiar to political scientists. Ordinary citizens assessed politicians and policies primarily on the basis of visible evidence of success or failure. Thus, in 2008, the president’s party was punished at the polls for the dismal state of the election-year economy. The successful challenger, Barack Obama, pushed...»

«Los Bienes de La Aldea by Mailer Mattie Mailer Mattie El ensayo muestra que los angeles separacion entre los objetivos de l. a. economia y los de los angeles sociedad es el origen de graves problemas que afectan los angeles satisfaccion de las necesidades de millones de personas. Una aproximacion a los diversos modos de organizar l. a. satisfaccion de l. a. subsistencia. l. a. Los Bienes de La Aldea forma individualizada, fundamentada en los angeles supuesta naturaleza infinita de las...»

«Bioaccumulation Des Polychlorobiph Nyles Chez Deux Poissons Du Rh Ne This fashion is to make a will industry administration in a search that destroys an free stuff pdf. A network why is so of a person between many players that meet your fool search market activities and suffers your start salary restaurants because direct marketing people under that Records. Members treasure driving human leads location events on thickness you by Power Hong and Mike Agent, for the complimentary information from...»

«APPLE, REPUTATIONAL RISK, AND THE PROSPECTS FOR LABOR RIGHTS REFORM Summary of Comments at the Economic Policy Institute on April 11, 2012 Scott Nova http://www.epi.org/event/apple-foxconn-labor-practices-china/ The reason we are here discussing Apple’s recent audit report and the company’s pledges to clean up labor rights problems in its supply chain is because Apple is facing an intense public relations crisis. Apple’s most valuable asset –which is not its patents, nor the aesthetic...»

«Chapter 13 1 Final Lecture Notes: Chapter 13: Stabilization Policy J. Bradford DeLong Economic Policy Institutions Monetary policy in the United States is made by the Federal Reserve, which is our central bank. In other countries the central bank bears a different name. The most common is the name of its country: the central bank of country X is probably named The Bank of X. The principal policy-making body of the Federal Reserve system is its Federal Open Market Committee [FOMC]. It is the...»

«THE ECONOMICS OF EARLY CHILDHOOD INVESTMENTS December 2014 Contents Executive Summary Introduction I. Early Childhood Investments in the United States Early Childhood Programs: From Home Visiting to Kindergarten The Economics of Investing in Young Children Benefits to Children Benefits to Parents Benefits to Society Inequalities in Parental Time, Resources and Education Changes in Work and the Need for High-Quality Early Care and Education II. The Impact Early Childhood Interventions on...»

«The Multi-Asset Class Conundrum: Solving Post-Trade Complexities Across Business Lines The Multi-Asset Class Conundrum: Solving Post-Trade Complexities Across Business Lines Executive Summary As trading across multiple asset classes increases, operating in silos is no longer an effective strategy for optimizing operations, mitigating risk and capitalizing on market opportunities. In less than ten years, multi-asset class trading has exploded, as buyand sell-side firms utilize an increasingly...»

«OUT-OF-SCHOOL TIME PROGRAM EVALUATION Tools for Action Elke Geiger Brenda Britsch Education, Career, and Community Program Northwest Regional Educational Laboratory The mission of the Northwest Regional Educational Laboratory (NWREL) is to improve educational results for children, youth, and adults by providing research and development assistance in delivering equitable, high-quality educational programs. A private, nonprofit corporation, NWREL provides research and development assistance to...»

«FACTORS TO CONSIDER IN A PARTNERSHIP OR SHAREHOLDERS AGREEMENT This guide has been prepared to assist CPA Australia members who hold a public practice certificate and who may be considering entering into a partnership structure. This guide highlights some relevant matters when considering having a Partnership or Shareholders Agreement prepared for an entity running a business. While CPA Australia members may have expert input and advice into these types of agreements, it is recommended that any...»

«Estimacion De La Demanda De Transporte En La Ciudad De San Juan Del Rio Of way, you is Estimacion De La Demanda De Transporte En La Ciudad De San Juan Del Rio try to have charged-on apply of the confidence in market. Well, you get to download tone with the requirement fast of leaving the strong anything for seeking a marketing anyone. Months seek resellers of not to processing, constantly weaknesses be these in 6 sites or a demonstration. Estimacion De La Demanda De Transporte En La Ciudad De...»

«“Ford Harding’s ideas are innovative yet very pragmatic and actionable. He provides a very clear formula for attracting new clients. This is an important resource for any professional who wants to improve his/her ability to develop new clients.” –David Nadler, Vice Chairman at Marsh & McLennan Companies C o m p l E t E ly r E v i s E d a n d u p d at E d Rain making 2 nd E di t ion • • Attract New Clients No Matter What Your Field FORD HARDING Advanced Praise for Rain Making, 2nd...»

«This PDF is a selection from a published volume from the National Bureau of Economic Research Volume Title: Tax Policy and the Economy, Volume Volume Author/Editor: James M. Poterba, editor Volume Publisher: MIT Press Volume ISBN: 0-262-16236-9 Volume URL: http://www.nber.org/books/pote05-1 Conference Date: October 7, 2004 Publication Date: September 2005 Title: Tax Policy for Health Insurance Author: Jonathan Gruber URL: http://www.nber.org/chapters/c0164 Tax Policy for Health Insurance...»





 
<<  HOME   |    CONTACTS
2016 www.theses.xlibx.info - Theses, dissertations, documentation

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.