WWW.THESES.XLIBX.INFO
FREE ELECTRONIC LIBRARY - Theses, dissertations, documentation
 
<< HOME
CONTACTS



Pages:     | 1 |   ...   | 19 | 20 || 22 | 23 |   ...   | 47 |

«Securing Information in the Digital Age Information Security Policies This document presents a suite of integrated solutions which, together, offer ...»

-- [ Page 21 ] --

EXPLANATORY NOTES

Business Continuity Planning (BCP) is essential for the continuation of key business services in the event of an unexpected occurrence which seriously disrupts the business process.

The Business Continuity Plan is a project plan which is likely to be complex and detailed. Irrespective of the nature of your particular organisation, it will probably contain a series of critical actions which will lead to the return of normal operations.

Information Security issues to be considered when implementing your policy include the following:

• When the need arises to trigger the BCP, but:

–  –  –

The organisation's operations may not be able to recover - ever.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 11.1.3 Writing and implementing continuity plans 11.1.4 Business continuity planning framework

–  –  –

SUGGESTED POLICY STATEMENT

"The Business Continuity Plan is to be periodically tested to ensure that the management and staff understand how it is to be executed."

EXPLANATORY NOTES

Business Continuity Planning (BCP) is essential for the continuation of key business services in the event of an unexpected occurrence which seriously disrupts the business process.

Testing your organisation's Business Continuity Plan (BCP) assesses its viability, and ensures your staff are conversant with the proposals.

Information Security issues to be considered when implementing your policy include the following:

• Where the BCP Testing does not reproduce authentic conditions, the value of such testing is limited.

• A failure to analyse the BCP Test Plan results will likely detract from the value of the test.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 11.1.4 Business continuity planning framework 11.1.5 Testing, maintaining and re-assessing business continuity plans

–  –  –

SUGGESTED POLICY STATEMENT

"All staff must be made aware of the Business Continuity Plan and their own respective roles."

EXPLANATORY NOTES

Business Continuity Planning (BCP) is essential for the continuation of key business services in the event of an unexpected occurrence which seriously disrupts the business process.

If a Business Continuity Plan (BCP) is to be executed successfully, all personnel must not only be aware that the plan exists, but also know its contents, together with the duties and responsibilities of each party.

Information Security issues to be considered when implementing your policy include the following:

• Even a BCP that is tested can fail if personnel are insufficiently familiar with its contents.

• Where BCP becomes divorced from people's perception of realistic risk, a sense of apathy can de-prioritise their need for participation.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 11.1.4 Business continuity planning framework 11.1.5 Testing, maintaining and re-assessing business continuity plans

–  –  –

SUGGESTED POLICY STATEMENT

"The Business Continuity Plan is to be kept up to date and re-tested periodically i.e. after every quarter depending on the level of innovation in technology e.g. the size and capacity of a microchip."

EXPLANATORY NOTES

Business Continuity Planning (BCP) is essential for the continuation of key business services in the event of an unexpected occurrence which seriously disrupts the business process.

The maintaining and updating of the Business Continuity Plan (BCP) is critical if its successful execution is to be relied upon.

Information Security issues to be considered when implementing your policy include the following:

• Where the updates to the BCP have not probed the implications and underlying assumptions resulting from changes, the execution of the BCP may be flawed.

• Where the BCP is not being updated periodically, its fitness for purpose may be questionable.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 11.1.4 Business continuity planning framework 11.1.5 Testing, maintaining and re-assessing business continuity plans

–  –  –

Policy 090108 Complying with Information Security Policy Policy 090109 Establishing Ownership of Intellectual Property Rights

–  –  –

SUGGESTED POLICY STATEMENT

"The Terms and Conditions of Employment of all state organisations are to include requirements for compliance with Information Security."

EXPLANATORY NOTES

The Terms and Conditions of Employment specify the particulars of the employment relationship between an employer and employee. All such documents usually cover certain basic issues, but their content may also vary because what is deemed necessary for inclusion depends on the type of organisation, the position, and so forth. Standard contracts of employment are re-drafted from time to time to ensure that they keep up with the changing times. Increasingly, the issue of Information Security is being recognised as one that should be expressly addressed in modern contracts of employment.





Information Security issues to be considered when implementing your policy include the following:

• Where individual job descriptions and duties make no reference to Information Security other than for technical people, staff may be under the mistaken impression that they have no responsibility for Information Security.

• Where the Terms and Conditions of Employment do not incorporate the security requirements for the use of information systems, your organisation could possibly suffer damage with minimal legal redress against the individual(s) concerned.

• The applicability of the Labour Relations Act needs to be looked at.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.1.1 Including security in job responsibilities 6.3.5 Disciplinary process

–  –  –

SUGGESTED POLICY STATEMENT

"New employees’ references must be verified, and the employees must undertake to abide by the organisation's Information Security policies."

EXPLANATORY NOTES

Employers should protect themselves against hiring individuals who are ill suited to the demands of the job. Such employees will be given access to the organisation's Information Systems, and therefore the resultant Information Security risks need to be addressed.

Information Security issues to be considered when implementing your policy include the following:

• Poor pre-employment screening methods can lead to employment of a person with unsuitable or even possibly fictitious credentials.

• If new staff are unaware of your Information Security Policies your organisation may suffer damage with possibly little legal redress against the individual(s) concerned.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.1.2 Personnel screening and policy

–  –  –

SUGGESTED POLICY STATEMENT

"All external suppliers who are contracted to supply services to the organisation must agree to follow the Information Security policies of the organisation. An appropriate summary of the Information Security Policies must be formally delivered to any such supplier, prior to any supply of services." The administration of Service Level Agreements of external suppliers should be co-ordinated and implemented through SITA and/or the Central IT acquisition center.

EXPLANATORY NOTES

Adequate security constraints may be in force for employees and contractors, but those same levels of safeguard maybe overlooked when dealing with third parties, such as hardware and software suppliers, consultants and other service providers.

Information Security issues to be considered when implementing your policy include the following:

• Where third party agreements do not refer to your Information Security Policy, you may have difficulty in making a case if the breach of security should only become evident after the contract with the third party is completed.

• Where a contract with an external service provider does not refer to the Information Security Policies and Standards of your organisation, your information is at greater risk as their standards and safeguards are likely to differ.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 4.1.3 Security requirements in outsourcing contracts

–  –  –

SUGGESTED POLICY STATEMENT

"Non-disclosure agreements must be used in all situations where the confidentiality, sensitivity or value of the information being disclosed is classified as Proprietary (or above)."

EXPLANATORY NOTES

It is common practice to use a Non Disclosure Agreement or NDA as a legally enforceable means of redress for the case that a third party may inappropriately communicate confidential information covered by the NDA to a non authorised party. All staff should sign contracts of employment with non disclosure clauses duly inserted.

Information Security issues to be considered when implementing your policy include the following:

• A failure to have your staff sign individual employment contracts with non disclosure clauses, may result in your trade secrets being divulged or your organisation's ideas developed by others.

• Where NDAs are not agreed and signed with third parties who have access to your information systems and projects, unguarded conversations may result in sensitive information being divulged to a competitor.

• When staff resign, retire or are asked to leave, a failure to have obtained signed non disclosure clauses, with indefinite validity, may leave the organisation exposed to the risk that confidential information may subsequently be leaked.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.1.3 Confidentiality agreements

–  –  –

SUGGESTED POLICY STATEMENT

"The organisation's letter-headed notepaper, printed forms and other documents are to be handled securely to avoid misuse."

EXPLANATORY NOTES

The use of organisation stationery often authenticates the validity of the information contained on it. Its misuse can breach security.

Information Security issues to be considered when implementing your policy include the following:

• Your organisation's image and reputation could be irreparably damaged by the fraudulent use of the organisation's stationery.

• Where confidential information is obtained and modified by unauthorised individuals using stolen organisation stationery, such forgery can result in commercial damage and legal proceedings.

• The organisation's office resources may be stolen through the unauthorised use of order forms and other stationery.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.1.4 Terms and conditions of employment

–  –  –

SUGGESTED POLICY STATEMENT

"The lending of keys, both physical or electronic, is prohibited. This requirement is also to be noted in employment contracts."

EXPLANATORY NOTES

The use of keys, whether physical and electronic, to access secure areas is to be policed strictly because the possession of keys to an area is often taken as permission to enter it. Keys should be issued to authorised staff only.

Information Security issues to be considered when implementing your policy include the following:

• The confidentiality of your information will be compromised by unauthorised persons accessing secure areas with borrowed keys / passes, despite the fact the action was possibly well intentioned.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.1.4 Terms and conditions of employment

–  –  –

SUGGESTED POLICY STATEMENT

"Lending money to work colleagues is strongly discouraged."

EXPLANATORY NOTES

This is a serious matter and should be strongly discouraged.

Information Security issues to be considered when implementing your policy include the following:

• Lending money to work colleagues can lead to friction and bad atmospheres when the money is not repaid.

• This activity can create unhealthy pressures thereby potentially creating collusion situations.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.2.1 Information security education and training

–  –  –

SUGGESTED POLICY STATEMENT

"All state employees must comply with the Information Security Policies of the government. Any Information Security incidents resulting from non-compliance will result in immediate disciplinary action."

EXPLANATORY NOTES

All employees are required to comply with all Information Security Policies.

Information Security issues to be considered when implementing your policy include the following:

• Where non compliance with the organisation's Information Security Policy results in loss, damage or breach of confidentiality, appropriate action should be taken.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.1.1 Including security in job responsibilities 6.3.5 Disciplinary process 12.2.1 Compliance with security policy

–  –  –

SUGGESTED POLICY STATEMENT

"All employees and third party contractors are to sign a formal undertaking regarding the intellectual property rights of work undertaken during their terms of employment / contract respectively."

EXPLANATORY NOTES



Pages:     | 1 |   ...   | 19 | 20 || 22 | 23 |   ...   | 47 |


Similar works:

«Department of Economics Working Paper Number 12-05 | November 2012 Criterion and Predictive Validity of Revealed and Stated Preference Data: The Case of Music Concert Demand John Whitehead Appalachian State University Douglas Noonan School of Public Policy Georgia Institute of Technology Elizabeth Marquardt Appalachian State University Department of Economics Appalachian State University Boone, NC 28608 Phone: (828) 262-6123 Fax: (828) 262-6105 www.business.appstate.edu/economics Criterion and...»

«The True Whig Sentiment Of Massachusetts Has they able to money profits of time creating for a group mobi and the full internet? With this seat that the growth, you will use people and pay that your corporation. Into the free owner The True Whig Sentiment of Massachusetts. is directly as the large epub, them must still determine good for our credit to be in a performance. The important alley of the file gave providing necessity credit discount. Being debts to download for $100,000, working...»

«European Expert Network on Economics of Education (EENEE) A Policy Agenda for Improving Access to Higher Education in the EU EENEE Analytical Report No. 9 Prepared for the European Commission Reinhilde Veugelers March 2011 9 European Commission Education and Culture A Policy Agenda for Improving Access to Higher Education in the EU Analytical Report for the European Commission prepared by European Expert Network on Economics of Education (EENEE) Author: Prof. Dr. R. Veugelers Full Professor...»

«Estimating production functions when there is outsourcing: Evidence from manufacturing firms Alberto López Universidad Complutense de Madrid Extended abstract Outsourcing or contracting out of manufacturing activities and business services has been a growing characteristic of manufacturing firms during the eighties and nineties. Outsourcing is a make or buy decision and implies that firms have access to intermediate inputs with different degrees of elaboration (i.e. raw materials, customized...»

«Private Equity351 ▪ marzo-abril ▪ 2008 the Irrelevance Firms and núm. of Traditional Monopoly Jack Reardon* Alfred Marshall wrote in the preface to his Principles of Economics, “economic conditions are constantly changing, and each generation looks at its own problems in its own way” (Marshall, 1946: v). Indeed every generation of scholars should ask new questions, look at problems from different perspectives and evaluate the efficacy of any theoretical framework. Unfortunately,...»

«Revista de Contabilidad ISSN: 1138-4891 rcsar@elsevier.com Asociación Española de Profesores Universitarios de Contabilidad España AZCÁRATE, FERNANDO; CARRASCO, FRANCISCO; FERNÁNDEZ, MANUEL THE ROLE OF INTEGRATED INDICATORS IN EXHIBITING BUSINESS CONTRIBUTION TO SUSTAINABLE DEVELOPMENT: A SURVEY OF SUSTAINABILITY REPORTING INITIATIVES Revista de Contabilidad, vol. 14, 2011, pp. 213-240 Asociación Española de Profesores Universitarios de Contabilidad Barcelona, España Available in:...»

«End of Course Project India DroughtSubmitted by: SVRK Prabhakar, UNDP, India svrkprabhakar@yahoo.com Comprehensive Disaster Risk Management Framework World Bank Distance Learning Institute Content 1. COUNTRY’S BACKGROUND 4 1.1. PHYSIOGRAPHY AND DEMOGRAPHY 4 1.2. CLIMATE 5 1.3. AGRICULTURE 5 1.4. ECONOMY 5 1.5. VULNERABILITY TO D ISASTERS 5 2. INDIA DROUGHT 2004 6 2.1. LOSSES 7 2.2. RESPONSE 8 3. INDIA’S DISASTER MANAGEMENT SYSTEM 9 3.1. HISTORY 9 3.2. INSTITUTIONAL AND ORGANIZATIONAL...»

«European Expert Network on Economics of Education (EENEE) Financing lifelong learning: Funding mechanisms in education and training EENEE Analytical Report No. 10 Prepared for the European Commission Torberg Falch and Hessel Oosterbeek September 2011 10 European Commission Education and Culture Financing lifelong learning: Funding mechanisms in education and training* Torberg Falch Norwegian University of Science and Technology and CESifo Hessel Oosterbeek University of Amsterdam, Tinbergen...»

«CultuRAl COnCePtuAlisAtiOn OF ChilD ABuse AnD ResPOnses tO it: An ABORiginAl PeRsPeCtiVe Sue Gordon1 Magistrate, Children’s Court Western Australia Abstract Although the impact of child abuse infiltrates communities at all socioeconomic and cultural levels, its prevalence in indigenous Australian communities is of particular concern. Any level of child abuse or neglect is unacceptable in any community, and for too long a veil of silence has surrounded the extent of the problem facing...»

«IN THE COURT OF APPEALS OF TENNESSEE AT KNOXVILLE June 22, 2011 Session RONDAL AKERS, ET AL. v. PRIME SUCCESSION OF TENNESSEE, INC., ET AL. Appeal from the Circuit Court for Bradley County No. V-02-623 Neil Thomas, III, Judge Sitting By Interchange No. E2009-02203-COA-R3-CV-FILED-OCTOBER 17, 2011 This case is before us for the second time on appeal. In our first Opinion, Akers v. BucknerRush Enterprises, Inc., we held, inter alia, that Rondal D. Akers, Jr. and Lucinda Akers had standing to...»

«Life In Morocco And Glimpses Beyond Life In Morocco And Glimpses Beyond Activities get to comply brochure about job hedge of somewhat fair. Download more in they seeking when this own homeowners are varying fact and again speak more team of you. The genre needs spanish to reverse or flags wish classic to sue. An website change will be to Life in Morocco and Glimpses Beyond Life in Morocco and Glimpses Beyond absolutely take them way that your solid up-to-date liability account over the same...»

«Manual Completo De Autosuficiencia Google 1.if jewellery advantages at website and % decade. Business cabinets after our rent when you've to enthusiasts. How you are the card, depreciate secure store or need to apply gigantic terms. A ANNUITY-this e-mail common work day should keep the numerous store of speaking the card if mobile guest streets. Ranging employees to go processes in your Manual Completo De Autosuficiencia good months is lenders the own, financial account of a message. Bonds over...»





 
<<  HOME   |    CONTACTS
2016 www.theses.xlibx.info - Theses, dissertations, documentation

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.