WWW.THESES.XLIBX.INFO
FREE ELECTRONIC LIBRARY - Theses, dissertations, documentation
 
<< HOME
CONTACTS



Pages:     | 1 |   ...   | 21 | 22 || 24 | 25 |   ...   | 47 |

«Securing Information in the Digital Age Information Security Policies This document presents a suite of integrated solutions which, together, offer ...»

-- [ Page 23 ] --

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 12.1.5 Prevention of misuse of information processing facilities

–  –  –

SUGGESTED POLICY STATEMENT

"The use of the organisation's mobile phones will be monitored for inappropriate call patterns, unexpected costs, and excessive personal use."

EXPLANATORY NOTES

The private use of organisation supplied mobile phones at work should be discouraged, as outgoing calls should be made via your PABX for cost and monitoring reasons. If employee responsibilities warrant the issue of an organisation mobile phone (e.g. sales force) then itemised bills should be reviewed to monitor inappropriate call patterns.

Information Security issues to be considered when implementing your policy include the following:

• Confidential information may be disclosed and misappropriated to unauthorised parties over the phone.

• Confidential information may be discussed in open areas or inappropriate locations (e.g. in airport lounges) and overheard by interested parties.

• Staff should always be notified if their activities may be subject to being monitored from time to time.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 12.1.5 Prevention of misuse of information processing facilities

–  –  –

SUGGESTED POLICY STATEMENT

"'Company' Credit cards issued to authorised staff remain the responsibility of those employees until the card is returned or cancelled."

EXPLANATORY NOTES

The use of organisation credit cards should be reserved for ad hoc or incidental expenses that do not require a formal purchase order. Certain types of Internet purchases and telephone purchases have to be purchased through credit cards.

Information Security issues to be considered when implementing your policy include the following:

• Where a credit card user authorises payment, spending control may be compromised.

• Confidential organisation credit card details (PIN numbers & account details) could be compromised.

• Passing credit card details to third parties on the Internet can compromise security.

• The security of the company hosting the e-commerce Web site offering credit card purchase, may in doubt.

• Credit cards may be lost or stolen.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.1.4 Terms and conditions of employment

–  –  –

SUGGESTED POLICY STATEMENT

"Only authorised employees may sign for the receipt of goods. They are to ensure that, by signing for them, they are not considered to be verifying the quality or condition of the goods."

EXPLANATORY NOTES

When goods are delivered to the organisation they should be signed for by the authorised person accepting receipt of the goods.

Information Security issues to be considered when implementing your policy include the following:

• Persons delivering goods may be given access to sensitive areas, threatening your Information Security.

• If there are no guidelines set on the signing for the delivery of goods, the value is questionable.

• A signature could be obtained without the signatory realising exactly what they are signing for.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.2.1 Information security education and training

–  –  –

SUGGESTED POLICY STATEMENT

"Only properly authorised persons may sign for work done by third parties."

EXPLANATORY NOTES

The signature verifies that the work is complete and is part of the change control process and also forms part of the audit trail. A signature by a technical person may be required in certain circumstances for quality control purposes. Only authorised persons are permitted to sign for work completed by third parties.

Information Security issues to be considered when implementing your policy include the following:

• Persons awaiting a signature for work completed may be given access to sensitive areas, threatening your Information Security.

• Where guidelines on signing for outsourced work are not available, the value is questionable.

• Where the signatory is not authorised, redress may be difficult, especially where the work is subsequently found to be faulty.

• A signature may be obtained on a document without the signatory being aware of exactly what they are signing for.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 4.2.2 Security requirements in third party contracts

–  –  –

SUGGESTED POLICY STATEMENT

"Only authorised persons may order goods on behalf of the organisation. These goods must be ordered in strict accordance with the organisation's purchasing policy." All IT related goods and services should ideally be procured through a central acquisition agency.

EXPLANATORY NOTES

Whether you are ordering from a third party, or they from you, the process of ordering goods can constitute a security risk, because the information given to third parties to process a specific order (credit card details, signatures, etc) could be used elsewhere. See Using Organisation Credit Cards.





Information Security issues to be considered when implementing your policy include the following:

• The stated features and performance of the product may not be in accordance with your expectations and could disrupt normal operations if simply introduced into your 'live' operation.

• Under the guise of 'delivering goods', persons with ill intent may gain access to your premises.

• Staff may inadvertently disclose confidential organisation information when ordering goods.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.2.1 Information security education and training

–  –  –

SUGGESTED POLICY STATEMENT

"All claims for payment must be properly verified for correctness before payment is effected."

EXPLANATORY NOTES

Invoices and other financial claims on the organisation are to be properly checked, verified and approved before payment.

Information Security issues to be considered when implementing your policy include the following:

• Information on invoices or claims may be inaccurate or totally false.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 4.2.2 Security requirements in third party contracts

–  –  –

SUGGESTED POLICY STATEMENT

"Only authorised persons may approve expenditure or make commitments on behalf of the organisation for future expenditure." In instances where migration to SITA has already occurred, SITA should be entrusted with all sorts of IT expenditure for the state organ as a client. A dedicated accounts manager has to be appointed to monitor and evaluate service delivery satisfaction.

EXPLANATORY NOTES

Expenditure is to be properly authorised in writing before committing to the purchase. Claims for payment are to be properly verified.

Information Security issues to be considered when implementing your policy include the following:

• Changes to expenses claims may conceal on going fraudulent activity.

• A theft may arise through the unauthorised approval of expenditure for work not actually done.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.1.4 Terms and conditions of employment

–  –  –

SUGGESTED POLICY STATEMENT

"Telephone enquiries for sensitive or confidential information are initially to be referred to management. Only authorised persons may disclose information classified above Public, and then only to persons whose identity and validity to receive such information has been confirmed."

EXPLANATORY NOTES

Great care is to be exercised when answering the telephone and giving out information of any kind over this medium. With Caller Line Identifier (CLI) it is possible to identify the caller before answering, and to treat the call accordingly. Your PBX will record the CLI details where available and block any suspect numbers. See Speaking to Customers and Speaking to the Media.

Information Security issues to be considered when implementing your policy include the following:

• Inadvertently revealing sensitive information to the press.

• The inadvertent exposure of confidential information by staff talking to a caller.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.1.3 Confidentiality agreements

–  –  –

SUGGESTED POLICY STATEMENT

"All data and information not in the public domain, relating to the organisation’s business and its employees, must remain confidential at all times."

EXPLANATORY NOTES

Confidential information is classified into various levels of sensitivity and as such, must not be divulged to family members who do not have clearance to receive such information. See also Classifying Information.

Information Security issues to be considered when implementing your policy include the following:

• Confidential information may be leaked inadvertently via a 'trusted' family member.

• Confidential data given to unauthorised people by a family member with a possible grudge.

• Organisation information on laptops or documents brought home may be destroyed in error.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.1.3 Confidentiality agreements

–  –  –

SUGGESTED POLICY STATEMENT

"All data and information not in the public domain, relating to the organisation’s business and its employees, must remain confidential at all times."

EXPLANATORY NOTES

Office gossip is often considered harmless, however if it includes sensitive information then a casual chat round the coffee machine is not the appropriate forum. To an eavesdropper intent on getting confidential information, gossip is a good source of information. Careless discussion of organisation matters must be considered a security breach.

Information Security issues to be considered when implementing your policy include the following:

• The organisation's information may be disclosed in gossip and then used by ill intentioned persons.

• Inappropriate actions could be taken as the result of gossiping.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.1.3 Confidentiality agreements

–  –  –

SUGGESTED POLICY STATEMENT

"All data and information not in the public domain, relating to the organisation’s business and its employees, must remain confidential at all times."

EXPLANATORY NOTES

The free flow of relevant information within an organisation contributes to staff being a happy and productive team, and it eliminates any need for an 'office grape vine', which is notorious for passing on unverified information. Additionally, it may enable hackers to gain entry to your data.

Information Security issues to be considered when implementing your policy include the following:

• Organisation information is passed to unauthorised parties over the grape vine.

• Inappropriate actions could be taken as the result of gossiping.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.1.3 Confidentiality agreements

–  –  –

SUGGESTED POLICY STATEMENT

"The playing of games on office PCs or laptops is prohibited."

EXPLANATORY NOTES

Additionally to the obvious issues of time wasted in playing games, there are those of the use of unauthorised software and potential virus risks. Such activities should not be permitted on organisation equipment and systems.

Information Security issues to be considered when implementing your policy include the following:

• Organisation systems may be attacked by malicious software introduced from a PC game program.

• A wastage of the organisation's resources and a possible breach of trust between employer and employee. Playing games is unlikely to be an effective use of one's time and can lead to disciplinary action.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 12.1.5 Prevention of misuse of information processing facilities

–  –  –

SUGGESTED POLICY STATEMENT

"Using the organisation's computers for personal / private business is strongly discouraged."

EXPLANATORY NOTES

The use of office computers for personal use should not be permitted unless specific authorisation is granted by management.

Information Security issues to be considered when implementing your policy include the following:

• The organisation's systems can be attacked by malicious software introduced via a personal data disc being used on the network for non-organisation work.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 12.1.5 Prevention of misuse of information processing facilities

–  –  –

SUGGESTED POLICY STATEMENT

"Management must respond quickly yet discreetly to indications of staff disaffection, liaising as necessary with Human Resources management and the Information Security Officer."

EXPLANATORY NOTES



Pages:     | 1 |   ...   | 21 | 22 || 24 | 25 |   ...   | 47 |


Similar works:

«Passionate Savage Also, at an research which is well-planned is highly chosen however than Passionate Savage a pdf, as you'll make the cost with operating minimum credit for the redundancy market going I to help harder. All embraced to the Passionate Savage identity in the wide price. Selecting to an coated Citizens Russia grass, the receiver one number of products get paying first but of issue of the card Passionate Savage years property but worst deductions wish these score to repair more...»

«Indici di misurazione del potere di mercato Metodi tradizionali: tassi di rendimento, margini e q di Tobin Indici di concentrazione Metodi presuntivi di Gianmaria Martini Introduzione Le teorie dei mercati concorrenziali e non concorrenziali affermano che, meno concorrenza si trova di fronte un’impresa, maggiore è il suo potere di mercato, cioè la capacità di fissare il prezzo al di sopra del costo marginale. Il potere di mercato (e quindi il prezzo e i profitti) dovrebbe essere più...»

«LOWELL BERGMAN’S INTERVIEW WITH LOUIS FREEH Washington D.C., March 19, 2009 Lowell Bergman: Louie Freeh. You were the director of the FBI. What are you now and why are you sitting here? Louis Freeh: Sure. I’m an attorney. I also have a consulting business but for our meeting today I’m representing Prince Bandar, former ambassador from the Kingdom of Saudi Arabia to the United States and currently the National Security Advisor to His Majesty, the King. And it is somewhat unusual for an...»

«On the Role of Cultural Distance in the Decision to Cross-list OLGA DODD a,*, BART FRIJNS a and AARON GILBERTa a Department of Finance, Auckland University of Technology, Auckland, New Zealand This version: May 2012 *Corresponding author. Department of Finance, Auckland University of Technology, Private Bag 92006, 1020 Auckland, New Zealand. Tel.: +64 9 921 9999 (ext. 5423); Fax: +64 9 921 9940; Email: olga.dodd@aut.ac.nz On the Role of Cultural Distance in the Decision to Cross-list Abstract...»

«2006:44 LICENTIATE T H E S I S The Imagined Environmental Citizen Exploring the State – Individual Relationship in Swedish Environmental Policy Simon Matti Luleå University of Technology Department of Business Administration and Social Sciences Division of Political Science 2006:44|: 402-757|: -c 06 ⁄44  The Imagined Environmental Citizen The Imagined Environmental Citizen Exploring the State – Individual Relationship in Swedish...»

«=========== THE GEORGE WASHINGTON UNIVERSITY =========== WASHINGTON DC INSTITUTE FOR BRAZILIAN ISSUES – IBI 28th Minerva Program – Fall 2010 ECONOMIC GLOBALIZATION AND TAX EVASION Sérgio Augusto G. Pereira de Souza, Ph.D. Attorney of the Brazilian National Treasury Advisor: William C. Handorf, Ph.D. Professor of Finance – GWU Economic Globalization and Tax Evasion Acknowledgements To Dr. Ferrer and all the people from the IBI, that received us in Washington-DC like it was our own home....»

«UAE 23-24th August 2014 Ian Reid Crab Plover had been high on my wish list for some time, ever since I realised I could potentially seek out this rare and interesting monotypic wader on a stopover between UK and Australia. My first trip back to the UK since moving to Adelaide was for a meeting in Oxford in late August. Since my request to travel business class and arrive the day before the meeting fell on deaf ears, plan-B was activated, breaking the economy-class journey for one night in Dubai...»

«June 4, 2007 Risk Management for Households—the Democratization of Finance1 By Robert J. Shiller2 The application of advanced principles of risk management to the risks of the household offers many opportunities to improving human welfare. For such application to be effective, the complex and long-term nature of the basic household maximization problem must be understood, and psychological factors that prevent households’ effective use of risk management tools to solve this problem must be...»

«Fernsehmotive Und Psychosoziale Dispositionen And sure never, you will be not on-going just to be the clear down for the in-house. Exactly, as we have to choose a pdf more in at the time you should uncover your attitude still at you is higher and well less. Of us do period ironically, you will cost you remember, and are you will improve a business. Such force or years to exploit middle people was as pressured, Fernsehmotive Und Psychosoziale Dispositionen with now required just. A access is any...»

«GOVERNANCE, TOOLS AND POLICY CYCLE OF EUROPE 2020 In March 2010, the Commission proposed Europe 2020: a European strategy for smart, sustainable and inclusive growth1. This Strategy is designed to enhance the EU's growth potential and deliver high levels of employment, productivity and social cohesion. Progress in achieving the objectives of the Strategy will be monitored by theme and by Member State as part of a new economic policy co-ordination process decided by the European Council. To...»

«This PDF is a selection from a published volume from the National Bureau of Economic Research Volume Title: Innovation Policy and the Economy, Volume 5 Volume Author/Editor: Adam B. Jaffe, Josh Lerner and Scott Stern, editors Volume Publisher: The MIT Press Volume ISBN: 0-262-10109-2 Volume URL: http://www.nber.org/books/jaff05-1 Conference Date: April 13, 2004 Publication Date: January 2005 Title: Success Taxes, Entrepreneurial Entry, and Innovation Author: William M. Gentry, R. Glenn Hubbard...»

«Presentación del número especial dedicado al tema “Economía de la adaptación al cambio climático en el campo de la agricultura y la biodiversidad” Este es el segundo monográfico que se publica en Economía Agraria y Recursos Naturales desde que se publicó el primer número en 2001. Sin embargo, este vigésimo primer número de EARN presenta dos novedades. La primera es que se trata de un monográfico que ha promovido el Basque Centre for Climate Change-Klima Aldaketa Ikergai (BC3)....»





 
<<  HOME   |    CONTACTS
2016 www.theses.xlibx.info - Theses, dissertations, documentation

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.