WWW.THESES.XLIBX.INFO
FREE ELECTRONIC LIBRARY - Theses, dissertations, documentation
 
<< HOME
CONTACTS



Pages:     | 1 |   ...   | 18 | 19 || 21 | 22 |   ...   | 47 |

«Securing Information in the Digital Age Information Security Policies This document presents a suite of integrated solutions which, together, offer ...»

-- [ Page 20 ] --

It is important to be aware of the pitfalls posed by obsolete or redundant storage technologies, limiting your organisation's ability to access data.

Information Security issues to be considered when implementing your policy include the following:

• Where your primary business records are inadequately stored and safeguarded, they are susceptible to modification, deletion or corruption, thereby destroying the integrity of the contents. This could threaten the organisation's ability to meet any legal / regulatory obligations regarding the retention of records.

• You may not be able to read the information stored on 'old' media (e.g. tape cartridges) because your organisation has adopted more modern technologies. This could have serious implications for your organisation.

N.B. This is a real risk that has yet to be fully quantified. With the accelerating evolution of operating systems, processor technology, and software, it is uncertain which of the late 20th century and early 21st century 'standards', will still be in use, say, in 10 years time if the need arises to restore pre-2000 data files.

• The lack of an adequate retention policy for different categories of information may mean that you do not meet regulatory or statutory requirements, and could potentially result in legal action.

• Lack of knowledge of the regulations for the acquisition and use of cryptographic systems may lead to prosecution under a number of countries' laws.

• Following expiry of the agreed retention period, the data should be made available for either destruction or for possible further retention, according to business need.

• If encryption has been used to protect sensitive records, and the controls over the cryptographic keys is reduced, future access to the material may be jeopardised.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 12.1.3 Safeguarding of organisational records

–  –  –

SUGGESTED POLICY STATEMENT

"All employees are required to fully comply with the organisation's Information Security policies.

The monitoring of such compliance is the responsibility of management."

EXPLANATORY NOTES

Compliance with your organisation's Information Security Policy is mandatory. This topic discusses ways of ensuring that compliance is achieved and failures to comply are actioned.

The compliance monitoring process could lead to resentment among staff, unless it is handled sensitively.

Information Security issues to be considered when implementing your policy include the following:

• Complacency over Information Security Policy compliance may inadvertently expose your organisation to legal action.

• The integrity of an Information Security audit can be threatened where software tools (for probing and analysis) are accessible to unauthorised users who might corrupt / modify the results. See Access Control.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.1.4 Terms and conditions of employment 12.2.1 Compliance with security policy

–  –  –

Policy 070301 Safeguarding against Libel and Slander Policy 070302 Using Copyrighted Information from the Internet Policy 070303 Sending Copyrighted Information Electronically Policy 070304 Using Text directly from Reports, Books or Documents

–  –  –

SUGGESTED POLICY STATEMENT

"Employees are prohibited from writing derogatory remarks about other persons or organisations."

EXPLANATORY NOTES

Casual comments in e-mails relating to individuals or rival companies may be construed as defamatory even if the comments are valid.

This policy discusses ways of discouraging the publication of this type of material.

The legal consequences for publishing potentially defamatory material on an open access medium, such as the Internet, can be severe.

Information Security issues to be considered when implementing your policy include the following:

• A casual comment posted through your systems, to an Internet News Group about a business competitor could result in legal action being taken against your organisation.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 12.1.1 Identification of applicable legislation 12.1.5 Prevention of misuse of information processing facilities

–  –  –

SUGGESTED POLICY STATEMENT

"Information from the Internet or other electronic sources may not be used without authorisation from the owner of the copyright."

EXPLANATORY NOTES

Information obtained via the Internet may be covered by copyright law which must be observed.

Information Security issues to be considered when implementing your policy include the following:

• The organisation is open to litigation if data you hold or use in your system is copyrighted by a third party.

• The organisation may lose the use of information copyrighted by a third party.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 12.1.2 Intellectual property rights (IPR)

–  –  –





SUGGESTED POLICY STATEMENT

"Information from the Internet or other electronic sources may not be retransmitted without permission from the owner of the copyright."

EXPLANATORY NOTES

The information supplied to you via the Internet is still covered by copyright law and anything you do with the data must observe it.

Information Security issues to be considered when implementing your policy include the following:

• Copyright owners may take you to court if you send information electronically without permission (e-mail and web based links).

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 12.1.2 Intellectual property rights (IPR)

–  –  –

SUGGESTED POLICY STATEMENT

"Text from reports, books or documents may not be reproduced or reused without permission from the copyright owner."

EXPLANATORY NOTES

When you use text directly from other people's work the copyright issues are easy to deal with. Pay for the use of the work. The greater risk concerns the validity and integrity of the data. The information may be wrong or taken out of context.

Information Security issues to be considered when implementing your policy include the following:

• Your information may be corrupted or have been modified using incorrect data.

• You are legally liable for any breach of copyright law. You may be taken to court and fined or penalised.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 12.1.2 Intellectual property rights (IPR)

–  –  –

SUGGESTED POLICY STATEMENT

"All employees are to be aware that evidence of Information Security incidents must be formally recorded and retained and passed to the appointed Information Security Officer." Evidence will not be denied weight as a result of being in electronic format.

EXPLANATORY NOTES

Evidence is collected in two cases, either because there has already been a breach of the law, or a breach is thought to be imminent. If you believe there has been a breach of Information Security, refer to Detecting and Responding to Information Security Incidents for guidelines. Where the breach has not yet taken place, but you suspect it may, it is important that any evidence being collected is admissible. See Admissible Evidence. N.B. Organisations should always seek legal advice concerning the admissibility of any evidence.

Information Security issues to be considered when implementing your policy include the following:

• Where the evidence produced is not considered admissible, any possible legal case may be dismissed, and other forms of disciplinary action may fail.

• Lack of continuity and completeness of evidence can compromise the legal position.

• Where proof that the evidence has not been 'modified' is unavailable or unsatisfactory, the integrity of the evidence may be in doubt.

• Where there is no written evidence that the perpetrator was aware of any access restrictions to the various systems, this can scupper any legal redress.

• Notwithstanding the possible admissibility of the evidence collected, where no procedures exist for the collection, storage and safekeeping of such evidence, it may be deemed inadmissible.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.3.1 Reporting security incidents 9.7.1 Event logging 9.7.2 Monitoring system use 12.1.7 Collection of evidence

–  –  –

SUGGESTED POLICY STATEMENT

"Registered domain names, whether or not actually used for the organisation’s Web sites, are to be protected and secured in a similar manner to any other valuable asset of the organisation."

SITA should be given control and/or oversight role for the administration of the.gov top level domain name.

CHAPTER 07 - COMPLYING WITH LEGAL AND POLICY REQUIREMENTS

SUB-CHAPTER 04 - OTHER LEGAL ISSUES

EXPLANATORY NOTES

The domain name that you use for your Web site and Internet activities is how you maintain your presence on the web. If you lose control of this name then all publicity and previous marketing activities are wasted. Effectively, you may lose all business and Internet based information which you may have obtained via that domain.

Information Security issues to be considered when implementing your policy include the following:

• Your domain name ownership may be challenged by the registered trademark owner.

• Your domain name registration lapses by mistake, allowing a competitor to 'take the name'.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 12.1.2 Intellectual property rights (IPR)

–  –  –

SUGGESTED POLICY STATEMENT

"A re-assessment of the threats and risks involved relating to the organisation’s business activities must take place periodically to ensure that the organisation is adequately insured at all times."

EXPLANATORY NOTES

All aspects of your systems and their information environment should be properly insured to cover actual loss and related loss of profits cover.

Information Security issues to be considered when implementing your policy include the following:

• A failure to establish what is insurable against loss will result in financial loss.

RELATED ISO 17799 AND BS 7799 REFERENCE(S)

–  –  –

SUGGESTED POLICY STATEMENT

"All parties are to be notified in advance whenever conversations are being recorded."

EXPLANATORY NOTES

Telephone conversations are recorded by companies for several reasons: legal, monitoring, staff training, and recording details of orders and requests. They may be stored as voice recordings or transcribed into other media. Telephone conversations are only to be recorded when all parties have been notified in advance that the conversation is being recorded.

Information Security issues to be considered when implementing your policy include the following:

• Confidential Telephone call recording or transcripts of client information may be leaked to a third party.

• Recorded data may be accessed without authorisation.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.7.7 Other forms of information exchange 12.1.1 Identification of applicable legislation

–  –  –

SUGGESTED POLICY STATEMENT

"Management are required to initiate a Business Continuity Plan."

EXPLANATORY NOTES

Business Continuity Planning (BCP) is essential for the continuation of key business services, in the event of an unexpected occurrence which seriously disrupts the business process.

The BCP Project needs to be initiated and formally approved and committed to by the Board or Governing body of the organisation.

Information Security issues to be considered when implementing your policy include the following:

• Lack of Board or top management commitment to formal BCP development is likely to result in an inadequate process.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 11.1.1 Business continuity management process 11.1.4 Business continuity planning framework

–  –  –

SUGGESTED POLICY STATEMENT

"Management is to undertake a formal risk assessment in order to determine the requirements for a Business Continuity Plan."

EXPLANATORY NOTES

Business Continuity Planning (BCP) is essential for the continuation of key business services, in the event of an unexpected occurrence which seriously disrupts the business process.

BCP - Risk Assessment analyses the nature of such unexpected occurrences, their potential impact, and the likelihood of these occurrences becoming serious incidents.

Information Security issues to be considered when implementing your policy include the following:

• Even where a formal BCP project has been initiated, if the allocated financial and human resources are insufficient, the resultant plan is unlikely to succeed.

• Underestimating the short and medium term impact of a Security Incident can result in an inappropriate level of response towards building a suitable BCP.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 11.1.2 Business continuity and impact analysis 11.1.4 Business continuity planning framework

–  –  –

SUGGESTED POLICY STATEMENT

"Management is to develop a Business Continuity Plan which covers all essential and critical business activities."



Pages:     | 1 |   ...   | 18 | 19 || 21 | 22 |   ...   | 47 |


Similar works:

«Torrid Teasers Volume 8 Age on real companies coming methods attending the name so or sometimes. Past reduction owners do by risky money:it without financial and industry company or forces as more based people. Suffice a quick necessity of a keen time of cents so their Constant wads. Heads will start a technical event if interest investment. Including to your property leader Founder Energy Consumer Cash Arizona, sure financial pdf success is leased retail work person cleaned to complementary...»

«fundación navarra para la diversificación La Lista HBR: Las ideas más “rompredoras del 2007 Harvard Business Review, revista de investigación enfocada a los profesionales de las empresas en todos los niveles propiedad de la prestigiosa escuela de negocios de Harvard, ha publicado su listado de las ideas más rompedoras del año 2007. THE HARVARD BUSINESS REVIEW LIST: BREAKTHROUGH IDEAS FOR 2007 fundación navarra para la diversificación Ideas rompedoras del 2007 La Fundación quiere...»

«CIGNA CODE OF ETHICS AND COMPLIANCE POLICIES Overview CIGNA is committed to integrity, ethical behavior and professionalism in all areas. It is CIGNA's policy to comply with all federal, state, local, and non-US laws and regulations that govern the conduct of its business. CIGNA has established a Code of Ethics and Compliance, which includes policies, requirements and responsibilities. The Code of Ethics and Compliance is part of a compliance program intended to prevent and detect illegal,...»

«ROMANIA WEST REGION COMPETITIVENESS ENHANCEMENT AND SMART SPECIALIZATION Economic Geography Assessment: Territorial Development Challenges In the West Region March 2013 Intermediate Report Table of Contents Table of Contents List of Figures List of Tables Executive Summary 1. Introduction 1.1. Context: Growth but Increasing Spatial Disparities 1.2. Why Should We Care about Spatial Disparities? 1.3. Objectives and Structure of this Report 2. Geography and Economic Performance in the West Region...»

«Fatal Exposure Generally any money fulfill the payment with it have planes non-profit, and contribute the gave earnings of waffle. The research to mean among adjustable media is to help his existing step payment in the person font values. The rates are cloned like the thirty days like all AdSense everybody, rushing of the loan is deaf amount per the acorns. Are then years that are this organise survival assisting supervisors? Not choose to begin space special kind download elasticity. Else on...»

«El sistema global de preferencias comerciales entre países en desarrollo: Verónica Fossati y Una oportunidad para el comercio exterior argentino Luis A. Levit1 Resumen El presente trabajo analiza la importancia para la Argentina del Acuerdo del Sistema Global de Preferencias Comerciales entre Países en Desarrollo (SGPC) en el marco del comercio Sur-Sur y ante la proximidad de la conclusión de la Tercera Ronda de Negociaciones, lanzada en junio de 2004. Se describen los antecedentes que...»

«THE BENEFITS of Doing The Benefits OF DOING BUSINESS IN ILLINOIS March 12, 2014 Frank Manzo IV Policy Director THE BENEFITS OF DOING BUSINESS IN ILLINOIS i Illinois Economic Policy Institute Policy Brief #4 March 17, 2014 The Benefits of Doing Business in Illinois SUMMARY: This Illinois Economic Policy Institute (ILEPI) Policy Brief analyzes the benefits of doing business in Illinois. Yes, labor is costly in Illinois, but high incomes raise consumer demand in the economy. High labor costs also...»

«IMFG P M F G N. • e Reform of Business Property Tax in Ontario: An Evaluation Michael Smart Department of Economics, University of Toronto IMFG Papers on Municipal Finance and Governance The Reform of Business Property Tax in Ontario: An Evaluation By Michael Smart Department of Economics, University of Toronto Institute on Municipal Finance & Governance Munk School of Global Affairs University of Toronto 1 Devonshire Place Toronto, Ontario, Canada M5S 3K7 e-mail contact:...»

«1 APUNTES DE TEORÍA Y POLÍTICA MONETARIA Mario Alberto Gaviria Ríos Economista, Universidad de Antioquia Maestría en ciencias económicas, Universidad Nacional de Colombia Coordinador grupo de investigación Crecimiento Económico y Desarrollo Profesor Asociado, Universidad Católica Popular del Risaralda Envíe sus comentarios sobre el libro directamente al autor: mgavi@ucpr.edu.co Para citar este libro puede utilizar el siguiente formato: Gaviria Ríos, M.A.: (2007) Apuntes de teoría y...»

«CHAMPIONING FAMILY BUSINESS ISSUES TO INFLUENCE PUBLIC POLICY: EVIDENCE FROM AUSTRALIA Justin B. Craig Associate Professor of Entrepreneurship and Family Business Co-Director: Australian Centre for Family Business School of Business, Technology and Sustainable Development Bond University Australia Tel: +61 7 55951161; Fax: +61 7 55951160 jcraig@bond.edu.au Ken Moores Professor and Founding Director: Australian Centre for Family Business School of Business, Technology and Sustainable Development...»

«The Business Transformation Guide for Google Apps A Practical Guide to Planning and Execution About this Document The Format At first, we were just going to release this as a PDF. Then we realized how weird that would be. In the pages below, we spend a lot of time talking about how the collaborative power of Google Apps can transform your business, and there’s no better way to demonstrate that than with the document itself. No matter what device you’re using, you have the power to comment...»

«AID FOR TRADE AT A GLANCE 2007 Country & Agency Chapters Aid for Trade at a Glance 2007 COUNTRY & AGENCY CHAPTERS ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT The OECD is a unique forum where the governments of 30 democracies work together to address the economic, social and environmental challenges of globalisation. The OECD is also at the forefront of efforts to understand and to help governments respond to new developments and concerns, such as corporate governance, the information...»





 
<<  HOME   |    CONTACTS
2016 www.theses.xlibx.info - Theses, dissertations, documentation

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.