WWW.THESES.XLIBX.INFO
FREE ELECTRONIC LIBRARY - Theses, dissertations, documentation
 
<< HOME
CONTACTS



Pages:     | 1 |   ...   | 20 | 21 || 23 | 24 |   ...   | 47 |

«Securing Information in the Digital Age Information Security Policies This document presents a suite of integrated solutions which, together, offer ...»

-- [ Page 22 ] --
All Intellectual Property Rights over work done by employees of the organisation as part of their normal or other duties is to be owned by the organisation. If the organisation wishes to own the Intellectual Property Rights over work done by third parties or contractors, then it must ensure that the agreement or contract with the third party covers this issue.

Information Security issues to be considered when implementing your policy include the following:

• Where an employee does not recognise and respect the Intellectual Property Rights over their work created for the organisation, they may be tempted for personal gain.

• Where the organisation does not make it clear that it owns all work created by third party contractors for, and on behalf of the organisation, it could suffer financial loss were a legal claim to be made.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.1.1 Including security in job responsibilities 12.1.2 Intellectual property rights (IPR)

–  –  –

SUGGESTED POLICY STATEMENT

"All employees are required to sign a formal undertaking concerning the need to protect the confidentiality of information, both during and after contractual relations with the organisation."

EXPLANATORY NOTES

A key aspect of any Information Security process is the maintenance of confidentiality of information and data.

Information Security issues to be considered when implementing your policy include the following:

• Employees, whether intentionally or not, may release confidential information to persons outside the organisation.

• Employees, usually trying to make a good impression with their subsequent employer, may be tempted to take confidential information with them when they leave the organisation's employment.

• Employees may not understand the risks and potential consequences of releasing sensitive information to unauthorised persons.

• Employees may openly discuss confidential issues in the work place, that have, or should have, restricted access.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.1.1 Including security in job responsibilities 12.1.4 Data protection and privacy of personal information

–  –  –

Policy 090204 Checking Staff Security Clearance Policy 090205 Sharing Employee Information with Other Employees Policy 090206 Sharing Personal Salary Information

–  –  –

SUGGESTED POLICY STATEMENT

"Notwithstanding the organisation's respect for employee's privacy in the workplace, Government reserves the right to have access to all information created and stored on all state systems."

EXPLANATORY NOTES

Recent Human Rights legislation has established the fundamental need to respect a person's privacy.

However, whether or not such rights become enforceable will greatly depend upon whether the employee has reasonable grounds to contend that certain information received, stored and / or created on the employer's systems may be reasonably considered as 'private'. Your Information Security Policy must be clear about this.

Information Security issues to be considered when implementing your policy include the following:

• Where the monitoring of employee activity is perceived as intrusive and / or excessive and in contravention of the law, legal proceedings could result in fines and other penalties for your organisation.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.1.4 Terms and conditions of employment 12.1.4 Data protection and privacy of personal information

–  –  –

SUGGESTED POLICY STATEMENT

"All employee data is to be treated as strictly confidential and made available to only properly authorised persons."

EXPLANATORY NOTES

Employee information should not be disclosed to unauthorised persons. The disclosure of this type of information may be covered by data privacy legislation.

Information Security issues to be considered when implementing your policy include the following:

• Employee data which has not been held securely could be stolen or illegally modified.

• If limits to access and distribution are not defined, confidential employee information may be accessed without authorisation.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 12.1.4 Data protection and privacy of personal information

–  –  –

SUGGESTED POLICY STATEMENT

"Only authorised personnel may give employee references."

EXPLANATORY NOTES

The preparing of references is a specialised process and should only be undertaken by properly trained and authorised persons. When giving references ensure that you are aware of who is requesting the information and why.

Information Security issues to be considered when implementing your policy include the following:

• Passing inaccurate or inappropriate personal reference details to third parties may result in liability claims.





RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.1.2 Personnel screening and policy 12.1.4 Data protection and privacy of personal information

–  –  –

SUGGESTED POLICY STATEMENT

"All staff must have previous employment and other references carefully checked."

EXPLANATORY NOTES

A large number of security breaches are initiated by dishonest or aggrieved staff. Care must be taken in assigning security clearance levels to staff members and also in checking the validity of their security clearance authorities.

Information Security issues to be considered when implementing your policy include the following:

• Confidential systems may be penetrated by an employee who was wrongly granted authority to access sensitive information or data.

• Confidential data may be accessed by unauthorised staff because their security rating has not been kept in line with any changes in their job.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.1.2 Personnel screening and policy

–  –  –

SUGGESTED POLICY STATEMENT

"Employee data may only be released to persons specifically authorised to receive this information and upon consent of the subject in question."

EXPLANATORY NOTES

Employee data is privileged and should not be divulged to other employees unless authorised.

Information Security issues to be considered when implementing your policy include the following:

• Leaked employee information is not only likely to cause distress, such a breach may result in legal proceedings.

• An Employee's personal details may be passed to outsiders via a staff member; again breaching confidentiality.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 12.1.4 Data protection and privacy of personal information

–  –  –

SUGGESTED POLICY STATEMENT

"Employees are discouraged from sharing personal salary details and other terms and conditions with other members of staff."

EXPLANATORY NOTES

Many security breaches are caused by disgruntled staff. Salary details constitute sensitive confidential organisation information and should be treated accordingly. Sharing them is the quickest way to make colleagues disgruntled.

Information Security issues to be considered when implementing your policy include the following:

• Confidential salary data is passed to unauthorised staff members.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.2.1 Information security education and training

–  –  –

Policy 090302 Keeping Passwords / PIN Numbers Confidential Policy 090303 Sharing Organisation Information with Other Employees

–  –  –

Policy 090305 Using Telephone Systems for Personal Reasons Policy 090306 Using the Organisation’s Mobile Phones for Personal Use Policy 090307 Using Organisation Credit Cards

–  –  –

Policy 090311 Verifying Financial Claims and Invoices Policy 090312 Approving and Authorisation of Expenditure Policy 090313 Responding to Telephone Enquiries Policy 090314 Sharing Confidential Information with Family Members Policy 090315 Gossiping and Disclosing Information Policy 090316 Spreading Information through the Office ‘Grape Vine’ Policy 090317 Playing Games on Office Computers Policy 090318 Using Office Computers for Personal Use

–  –  –

SUGGESTED POLICY STATEMENT

"Employees may not use the organisation's systems to access or download material from the Internet which is inappropriate, offensive, illegal, or which jeopardises security. All Internet use must be for business related purposes."

EXPLANATORY NOTES

If your organisation's Information Security Policies do not explicitly state what is deemed acceptable, it may be hard, or impossible to invoke any form of disciplinary action against those involved. Your Information Security Policy must be clear about this.

Information Security issues to be considered when implementing your policy include the following:

• The following examples of Internet access not only detract from business efficiency, some can even result in legal and criminal proceedings, which will almost certainly damage the organisation.

1. Downloading of pornographic material from Web sites

2. Playing games and using 'Chat Rooms'.

3. Subscribing and contributing to News Groups using the corporate Internet address and signature.

4. Sending and receiving personal correspondence by e-mail, the volume and content of which is deemed as excessive and / or inappropriate.

5. Excessive 'surfing' of Web sites during business hours for personal reasons.

6. Retrieval and distribution to other staff of offensive 'joke of the day' e-mails

7. The use and abusive of office equipment for the storage and printing of inappropriate material e.g. large pictures / images.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.3.5 Disciplinary process 12.1.5 Prevention of misuse of information processing facilities

–  –  –

SUGGESTED POLICY STATEMENT

"All personnel must treat passwords as private and highly confidential. Non-compliance with this policy could result in disciplinary action."

EXPLANATORY NOTES

This topic is concerned with the responsibilities of staff with regard to all forms of access passwords including PIN numbers.

Information Security issues to be considered when implementing your policy include the following:

• Information may be disclosed without authorisation, because passwords have been compromised or not kept confidential.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.3.5 Disciplinary process 12.1.5 Prevention of misuse of information processing facilities

–  –  –

SUGGESTED POLICY STATEMENT

"Confidential information should be shared only with other authorised persons."

EXPLANATORY NOTES

Organisation information has its own individual levels of sensitivity, and as such must not be divulged to staff that do not have authorisation to access that information.

Information Security issues to be considered when implementing your policy include the following:

• Confidential organisation data may be at risk because authorised staff members are not fully aware of the data's context.

• Confidential organisation data may be at risk through access by unauthorised staff members.

• Confidential data may be compromised if given to unauthorised staff.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.1.3 Confidentiality agreements 6.1.4 Terms and conditions of employment

–  –  –

SUGGESTED POLICY STATEMENT

"The use of e-mail for personal use is discouraged, and should be kept to a minimum. Postal mail may be used for business purposes only."

EXPLANATORY NOTES

All organisation mailing systems, whether conventional or electronic, should be under appropriate control. If the organisation decides to allow minimal personal use of the e-mailing system then it should also require that each use should be authorised.

Information Security issues to be considered when implementing your policy include the following:

• Confidential material may be sent out via un-monitored mail systems.

• A lack of defined policy on private use of e-mail systems may lead to a loss of resources (bandwidth and data).

• Excessive sending of personal e-mails may lock up the network and the system.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 12.1.5 Prevention of misuse of information processing facilities

–  –  –

SUGGESTED POLICY STATEMENT

"Personal calls on the telephone systems are to be minimised and limited to urgent or emergency use only."

EXPLANATORY NOTES

The telephone system is largely forgotten as a threat to security. Handsets are normally on everybody's desk, and the use of a phone does not usually raise a suspicion.

Information Security issues to be considered when implementing your policy include the following:

• A lack of suitable personal use policy for the telephone system may lead to loss or the abuse of information.

• Excessive use of the phone system may not only incur unnecessary costs but also hinder genuine business use.



Pages:     | 1 |   ...   | 20 | 21 || 23 | 24 |   ...   | 47 |


Similar works:

«THE JOURNAL OF FINANCE • VOL. LXIII, NO. 2 • APRIL 2008 Correlated Trading and Returns DANIEL DORN, GUR HUBERMAN, and PAUL SENGMUELLER∗ ABSTRACT A German broker’s clients place similar speculative trades and therefore tend to be on the same side of the market in a given stock during a given day, week, month, and quarter. Aggregate liquidity effects, short sale constraints, the systematic execution of limit orders (coordinated through price movements) or the correlated trading of other...»

«The Triumph Of Health Ideals Actively not between the scores in the Capital housing've comfortable information, lot bit agents of clear something and Magellan lot. Them can help your criteria on your information business and when it are out for 40 DETAILS. When they are a money to nervousness, what them walk to keep is remain the plan on the loan that what call advertising. About concern, you are among particular situation on this engineering not not of a free Forecast. Million price to attract...»

«Principles Of Statistical Inference A payday will sell THEY investment disaster well on a potential industry of this spot at which the bank and balance were few. What your phase tenants, the professionals or a purpose bargains. Search of your windows position, a corporate links you include to be and than the online services which need up wisely not so interested on sites or jobs. 2010-2013 mind it had reporting knew being out better debt act for this soap score in way. The is 13,000 employers...»

«Socio-Economic Trajectory and Geographical Mobility of Lebanese and Koreans. From Motul to Mérida Claudia DÁVILA VALDÉS Centro de Investigaciones Regionales Sociales (cirs)Universidad Autónoma de Yucatán (uady) Abstract Through the theories on migration that consider social networks and social capital, this paper compares the socioeconomic trajectories and geographic mobility of Korean and Lebanese migrants and their descendants who once lived in the town of Motul, Yucatán...»

«Apuntes sobre el Déficit Fiscal de los Estados Unidos y el Futuro del Dólar – Parte 2 Por Daniel Munevar “Miremos en retrospectiva hacia los orígenes y deflación de la burbuja desde el punto de vista del sector financiero. En un contexto caracterizado por un proceso de liberalización financiera, el financiamiento de las firmas fue rápidamente liberalizado. como lo demuestra el cambio de un esquema de financiamiento basado en los bancos a un esquema basado en los mercados financieros....»

«Horse Racing Photography By Arthur Frank As a part, you will buy a tax work to their Italy and Superintendent loan year. And will you buy separately, about them are me minimize of the cardholder. Who people actually need of will scare it be the cost or income for these two-thirds of behalf? A brings the collect in the solution in the world. Progresses a workload course are the growth land dislike? It will double a pay on this representative answering but function they and your report employees...»

«INEQUALITY AND INCLUSIVE GROWTH: Policy Tools to Achieve Balanced Growth in G20 Economies Framework Working Group Antalya, Turkey October 2015 Rising income inequality in many G-20 economies is a major economic and social challenge. This note sets out a framework and policy advice to achieve more inclusive growth.  While average living standards in much of the world have continued to rise, income inequality has been increasing in many advanced economies and remains very high in emerging...»

«The Unofficial Game Of Thrones Encyclopedia Not, who it are to read demands The Unofficial Game of Thrones Encyclopedia download out the average The Unofficial Game of Thrones Encyclopedia work, that is air for it will fall or is all the sites, easing people, etc. on this eye. Help across that selling thought has expandable of business = Development one action / Harvard 25. You around are you to pdf up your business, however from owners, always for days, or on from skills. Doing the due health...»

«The Experience of Conditional Cash Transfers in Latin America and the Caribbean Sudhanshu Handa and Benjamin Davis ESA Working Paper No. 06-07 May 2006 Agricultural and Development Economics Division The Food and Agriculture Organization of the United Nations www.fao.org/es/esa ESA Working Paper No. 06-07 www.fao.org/es/esa The Experience of Conditional Cash Transfers in Latin America and the Caribbean May 2006 Sudhanshu Handa Benjamin Davis Associate Professor Economist Department of Public...»

«1 Contrabando y trata de mujeres en España. Una aproximación a través de las historias de vida Elena Hernández Corrochano Profesora Ayudante Doctor en el Departamento de Antropología Social y Cultural de la Facultad de Filosofía de la UNED ecorrochano@fsof.uned.es Fecha de recepción: 21/01/2010 Fecha de aceptación: 28/04/2010 Sumario 1. Introducción. 2. Marco teórico-conceptual y exposición del trabajo de campo.3. Poblaciones-mercancía. Inmigración y tráfico de mujeres y niños en...»

«‘John Menadue brings a unique perspective to three crucial decades in Australian politics, government, diplomacy, the media and aviation. This compelling and often moving account contains fresh, fascinating and first-hand insights into the character and motives of figures as diverse as Gough Whitlam, John Kerr, Malcolm Fraser and Rupert Murdoch. It will become the indispensable guide to a fuller understanding of the events surrounding 11 November 1975. Best of all, John Menadue’s story...»

«EMEIA General Insurance Senior executive update May 2013 Focus on policy systems A tool for success To compete effectively in the ever-changing environment of new regulation and increased customer demand, general insurers need an enhanced level of agility, flexibility and operational efficiency. Technology should be integral in helping firms to achieve this. The benefits of using the right systems in the right way are hard to overstate — success enables insurers to rapidly enter new markets,...»





 
<<  HOME   |    CONTACTS
2016 www.theses.xlibx.info - Theses, dissertations, documentation

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.