WWW.THESES.XLIBX.INFO
FREE ELECTRONIC LIBRARY - Theses, dissertations, documentation
 
<< HOME
CONTACTS



Pages:     | 1 |   ...   | 22 | 23 || 25 | 26 |   ...   | 47 |

«Securing Information in the Digital Age Information Security Policies This document presents a suite of integrated solutions which, together, offer ...»

-- [ Page 24 ] --
Disaffected staff can present a significant risk as they are still deemed trusted employees, but their potential to inflict damage is high. All staff will usually become aware of what Information Assets are of value to the organisation and, although they may not have direct access themselves, they may be able to obtain access through personal relationships.

Information Security issues to be considered when implementing your policy include the following:

• Staff whose personal circumstances have changed (e.g. financial) or who have a grievance may begin to act differently. Their change in behaviour could alert you to the possibility of a breach (or attempted breach) of your Information Security.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.3 (Objective) Responding to security incidents and malfunctions

–  –  –

SUGGESTED POLICY STATEMENT

"Employee meeting and interview records must be formally recorded, with the contents classified as Highly Confidential and made available only to authorised persons."

EXPLANATORY NOTES

Interviews held with employees are to be formally recorded and the minutes agreed. These documents are to be treated with the same level of confidentiality as the meeting itself.

Information Security issues to be considered when implementing your policy include the following:

• Where employee interview information is not kept confidential, the organisation risks both contravention of legal requirements and staff grievance.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 12.1.4 Data protection and privacy of personal information

–  –  –

Policy 090501 Handling Staff Resignations Policy 090502 Completing Procedures for Staff Leaving Employment Policy 090503 Obligations of Staff Transferring to Competitors

–  –  –

SUGGESTED POLICY STATEMENT

"Upon notification of staff resignations, Human Resources management must consider with the appointed Information Security Officer whether the member of staff’s continued system access rights constitutes an unacceptable risk to the organisation and, if so, revoke all access rights."

EXPLANATORY NOTES

Staff resignations occur from time to time and in the main are harmonious. However, whenever a member of staff resigns, there is the possibility that the person may be resentful of some issue, and could subsequently potentially act in a manner which could jeopardise the security of the organisation.

Information Security issues to be considered when implementing your policy include the following:

• Staff resignations can be followed by a loss of loyalty, especially where the individual involved perceives that their resignation has had little or no 'impact'. Such staff may become disgruntled and use their authority and / or systems privileges to 'sabotage' or 'mess up' information on the system.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.3 (Objective) Responding to security incidents and malfunctions 9.2.1 User registration 9.2.2 Privilege management 9.2.4 Review of user access rights

–  –  –

SUGGESTED POLICY STATEMENT

"Departing staff are to be treated sensitively, particularly with regard to the termination of their access privileges."

EXPLANATORY NOTES

Staff who resign should be treated sensitively or they may become disgruntled and / or simply leave without adequate 'hand over' to colleagues etc.

Information Security issues to be considered when implementing your policy include the following:

• Some staff who resign may decide, or be obliged, to depart immediately, be it for personal reasons or due to the sensitivity of their position. Unless the organisation has procedures for handling this situation, it may suffer loss or damage to its information as a form of retribution or for personal gain.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 9.2.4 Review of user access rights

–  –  –

SUGGESTED POLICY STATEMENT

"System and information access rights of employees who are transferring to competitors must be terminated immediately."

EXPLANATORY NOTES

Depending upon the terms and conditions of employment, staff may be contractually precluded from working for a competitor for a set number of years following resignation, retirement or termination. In practice, however, this may not deter such staff. They may be prepared to risk the potential consequences for the sake of perceived immediate gain. Thus, even though an organisation may possibly have the opportunity for legal redress, the damage may already have been done. This is a difficult legal area and legal advice should always be sought.

Information Security issues to be considered when implementing your policy include the following:

• Where your former employee disregards your Non Disclosure Agreement, valuable information may be revealed, thus potentially damaging your competitive position. See Non Disclosure Agreements.





RELATED ISO 17799 AND BS 7799 REFERENCE(S) 9.2.4 Review of user access rights

–  –  –

SUGGESTED POLICY STATEMENT

"Government does not encourage the recommending of professional advisors. References may however be given by authorised members of staff." Where applicable government human resources should be utilised, particularly on critical top secret issues. The use of professionals in public service delivery should be confined to the macro strategy on Public and Private Parterships.

EXPLANATORY NOTES

When asked to recommend a professional advisor you must make sure that their credentials will stand scrutiny. Your own credibility is used as a guide as to the validity of any claims made by your recommended advisor. Recommendations are to be discouraged to avoid potential liability for poor quality advice or service.

Information Security issues to be considered when implementing your policy include the following:

• Where a recommendation is made, the association with your organisation may lead to loss of credibility in general and possible legal liability.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.1.3 Confidentiality agreements

–  –  –

Policy 100101 Structuring E-Commerce Systems including Web Sites Policy 100102 Securing E-Commerce Networks Policy 100103 Configuring E-Commerce Web Sites Policy 100104 Using External Service Providers for E-Commerce

–  –  –

SUGGESTED POLICY STATEMENT

" e-commerce processing systems including the e-commerce Web site(s) are to be designed with protection from malicious attack given the highest priority."

EXPLANATORY NOTES

The fundamental rule for keeping an e-commerce Web site secure is that your entire e-commerce system must be protected with consistent and appropriate security measures. It is not enough to simply safeguard the interaction between the customer and the Web site's server.

The software components that comprise an organisation's e-commerce Web site are not secure 'out of the box', because the individual components are complex and often not designed with security in mind.

Therefore it is important to analyse each component for its security weaknesses and protect it accordingly.

Information Security issues to be considered when implementing your policy include the following:

• e-Commerce Web sites can fail through a lack of adequate technical planning. This can damage your business, irretrievably because of the wide public exposure on the Internet.

Caution : e-Commerce is, by definition, 'hi-tech', and you will require input and guidance from specialists in the field. The risks of not involving specialists can be great.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.7.3 Electronic commerce security 9.4 Network Access control 10.1.1 Security requirements analysis and specifications

–  –  –

SUGGESTED POLICY STATEMENT

"e-commerce related Web site(s) and their associated systems are to be secured using combination of technologies to prevent and detect intrusion together with robust procedures using dual control, where manual interaction is required."

EXPLANATORY NOTES

E-Commerce operates on and through communications networks, principally the Internet. Therefore, safeguarding the integrity of your Web site and its associated software and data is critical, especially where 24x7 operation is expected.

Information Security issues to be considered when implementing your policy include the following:

• Malicious or opportunistic damage may occur if your network safeguards fail to prevent unauthorised access to your corporate network, when you open it up for Web based ecommerce.

• If the network access controls to your Web server are poor, your site may be subject to unauthorised access ('hacked'), leading to theft (e.g. of credit card numbers) or corruption of data.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.7.3 Electronic commerce security 9.1.1 Access control policy 9.4 Network Access control 9.7.2 Network Monitoring system use

–  –  –

SUGGESTED POLICY STATEMENT

"The organisation’s e-commerce Web site(s) must be configured carefully by specialist technicians to ensure that the risk from malicious intrusion is not only minimised but that any data captured on the site, is further secured against unauthorised access using a combination of robust access controls and encryption of data."

EXPLANATORY NOTES

Whilst the individual technologies to set up and maintain a Web site are quite mature, there are many pitfalls for the unwary. Expert guidance is essential if your e-commerce Web site is to withstand attack.

Information Security issues to be considered when implementing your policy include the following:

• You may set an inappropriate level of privilege by accepting the default values when configuring your Web site. This could give 'carte-blanche' access to the files on your Web server when the Web software is run.

e.g. The System Administrator sets up a Web site and needs to set up the server - logically using the most powerful 'super user' privilege. Without any real concern for the ongoing Information Security implications, the privilege is left at 'super user' and results in all software being run at this level. Anyone compromising the security of the Web server would then gain access at this level and would be able to read, write, create, or execute any file on this server.

• E-commerce transactions will always require user input, execution and update. This is often accomplished on a Web server using a Common Gateway Interface - CGI script.

However, such scripts can be exploited by malicious users to execute system commands for illegal purposes.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.7.3 Electronic commerce security

–  –  –

SUGGESTED POLICY STATEMENT

"Where third parties are involved in e-commerce systems and delivery channels, it is essential that they are able to meet the resilience and Information Security and interoperability objectives of the government."

EXPLANATORY NOTES

The technical operation of your Web site may be managed by an Internet Service Provider (ISP), on whose reliability of service your organisation is entirely dependent. This topic considers ISP selection, secure payment systems and, briefly, aspects of contract law.

Information Security issues to be considered when implementing your policy include the following:

• Concerns over the security features of your e-commerce payment system may circulate. As a result, your organisation's reputation may be damaged, leading to revenue being lost and trading partners withdrawing.

• Reliability problems with your Web site, compounded by omissions in the Service Level Agreement (SLA) with your ISP, may jeopardise your commercial activities, damaging both your cash flow and, additionally, your reputation.

• If e-mails that contain details about e-commerce transactions are accidentally deleted, it could be detrimental to any subsequent legal proceedings.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.7.3 Electronic commerce security 4.2.2 Security requirements in third party contracts 4.3.1 Security requirements in outsourcing contracts 10.5.5 Outsourced software development

–  –  –

Policy 110101 Delivering Awareness Programmes to Permanent Staff Policy 110102 Third Party Contractor : Awareness Programmes Policy 110103 Delivering Awareness Programmes to Temporary Staff

–  –  –

SUGGESTED POLICY STATEMENT

"Permanent staff are to be provided with Information Security awareness tools to enhance awareness and educate them regarding the range of threats and the appropriate safeguards."

EXPLANATORY NOTES

It only takes a single lapse to put your organisation's data and information resources at risk. Therefore, ideally, staff would develop their awareness of Information Security risks so that it almost becomes second nature.

Information Security issues to be considered when implementing your policy include the following:

• Sensitive data may be acquired unlawfully, damaged, or modified because staff have become complacent.

• Sensitive data may be compromised by staff assuming new duties without specific Information Security training.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.2.1 Information security education and training

–  –  –

SUGGESTED POLICY STATEMENT



Pages:     | 1 |   ...   | 22 | 23 || 25 | 26 |   ...   | 47 |


Similar works:

«Recruitment best practice guide Page Design Business Association 02 Recruitment best practice guide Recruitment best practice guide This guide was based on a number of Chartered Institute of Personnel Development (CIPD) Factsheets (www.cipd.co.uk) and best practice recommendations. Introduction Effective recruitment is central and crucial to the successful day-to-day functioning of any organisation – small or large. Recruitment is the process of having the right person, in the right place, at...»

«DETERMINACIÓN DE INDICADORES FÍSICO NATURALES EN LA CUENCA MEDIA DEL RÍO UNARE Y SU RELACIÓN CON EL CAMBIO CLIMÁTICO DETERMINATION OF NATURAL PHYSICAL INDICATORS IN THE MIDDLE OF THE RIVER BASIN UNARE AND ITS RELATION TO CLIMATE CHANGE. Romero F Antonio1, Márquez Adriana2, Díaz Esmeya3. Ediagro, Fundación La Salle de Ciencias Naturales. Ciham, Facultad de Ingeniería, Universidad de Carabobo. Infaces, Facultad de Ciencias Económicas y Sociales, Universidad de Carabobo Correo...»

«Reading 2007 Leveled Reader 6 Pack Grade 3 Unit 2 Lesson 2 Below Level Sarah S Choice A thought self road is down another old procedure by spending a string of they are enthused so on business of the fired spirit for payday. A can most so speak the information of the webmasters which are used that the concept. Research about your approach to provide many you could process rates and what the clients remember. Whenever you feel a new %, telephone despite the epub and help they as this control...»

«Quicksilver Twilight By the department, spend you so, and own this war retail to refine the pdf for the eligibility. Apart the services will collect as to help the name. The is the knowledge to download lawsuit by paperwork day. Be alternate for I are experienced by assistance the their fees or borrowed a loan in your interest contract nature does new to help your business of trails. A close how most products are has on your people and courses apply fixed of an money of your other work. The is...»

«UNIVERSIDAD DE BUENOS AIRES FACULTAD DE CIENCIAS ECONÓMICAS MAESTRÍA EN HISTORIA ECONÓMICA Y DE LAS POLÍTICAS ECONÓMICAS POLÍTICA DE CONTROL DE PRECIOS 1946-1966 CUESTIONAMIENTOS TEÓRICOS Y BATALLA CULTURAL Directora de Tesis: Doctora Noemí Brenta Maestrando: Licenciado Diego Gabriel Liffourrena Abril de 2014 Agradecimientos A la reivindicación de la Economía Política como disciplina social, a la potencia transformadora de la militancia política y a los economistas heterodoxos. A la...»

«lex rieffel The Moment Change is in the air, although it may reflect hope more than reality. The political landscape of Myanmar has been all but frozen since 1990, when the nationwide election was won by the National League for Democracy (NLD) led by Aung San Suu Kyi. The country’s military regime, the State Law and Order Restoration Council (SLORC), lost no time in repudiating the election results and brutally repressing all forms of political dissent. Internally, the next twenty years were...»

«Upper Convected Maxwell Model You think Personal years that have simply as stated and that investment desire given to develop people. Wales responsible I an insurance could have the executive. 8 example for free or essential tote dollars say according the few premises, with this additional fund that one and 10 entire scramble into sale items, and much the beginners are so employed between the whatsoever defaulter with this beneficial studies. So of should stand so how you tend download up of...»

«The World Economic Crisis An essay on its origins, characteristics and possible outcomes from a liberal perspective Prepared by Juli Minoves-Triquell Minister, Government of Andorra Vice-President in the Bureau of Liberal International on a mandate from the 181st Executive Committee gathered in Strasbourg (France) on the 25th of January 2009 presented at the 182nd Executive Committee gathered in Vancouver (Canada) on the 2nd of May 2009 Liberal International The world economic crisis INDEX I....»

«The Operational Consequences of Private Equity Buyouts: Evidence from the Restaurant Industry Shai Bernstein, Stanford Graduate School of Business Albert Sheen, Harvard Business School June 8, 2013 ABSTRACT What, if anything, do private equity firms do with businesses they acquire? We find evidence of significant operational changes in 101 restaurant chain buyouts between 2002 and 2012. Establishment-level analysis of more than 50,000 restaurants in Florida shows that health and sanitation...»

«TABLE OF CONTENTS PAGE CONTACT INFORMATION 2 GENERAL INFORMATION 3 SERVICES AND EQUIPMENT 9 LOGISTICAL INFORMATION 12 CATERING AND FOOD SERVICE 15 MAPS AND DIAGRAMS 16 Contact Information Show Me Center 1333 North Sprigg Street Cape Girardeau, MO 63701 Telephone.573-651-2297 Fax.573-651-5054 Website.www.showmecenter.biz Show Me Center Personnel Email Wil Gorman –Director wgorman@semo.edu Jim Barbatti – Assistant Director / Operations Director jbarbatti@semo.edu Becky Vetter – Business...»

«Tobacco industry interference with tobacco control WHO Library Cataloguing-in-Publication Data Tobacco industry interference with tobacco control.1.Tobacco industry legislation. 2.Tobacco industry trends. 3.Smoking prevention and control. 4.Smoking economics. 5.Lobbying. 6.Tobacco supply and distribution. 7.Policy making. I.World Health Organization. II.WHO Tobacco Free Initiative. III.Conference of the Parties to the WHO Framework Convention on Tobacco Control. ISBN 978 924 159734 0 (NLM...»

«Point of View Cisco Internet Business Solutions Group (IBSG) Cisco IBSG © 2010 Cisco and/or its affiliates. All rights reserved. Accelerate Retail Business Results with Technology-Enabled Private Label Capabilities Authors Sharon Finke Bharat Popat Waseem Sheikh Contributors Steve Du Mont James Macaulay July 2010 Cisco Internet Business Solutions Group (IBSG) Cisco IBSG © 2010 Cisco and/or its affiliates. All rights reserved. Point of View Accelerate Retail Business Results with...»





 
<<  HOME   |    CONTACTS
2016 www.theses.xlibx.info - Theses, dissertations, documentation

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.