WWW.THESES.XLIBX.INFO
FREE ELECTRONIC LIBRARY - Theses, dissertations, documentation
 
<< HOME
CONTACTS



Pages:     | 1 |   ...   | 23 | 24 || 26 | 27 |   ...   | 47 |

«Securing Information in the Digital Age Information Security Policies This document presents a suite of integrated solutions which, together, offer ...»

-- [ Page 25 ] --
"An appropriate summary of the Information Security Policies must be formally delivered to any such contractor, prior to any supply of services."

EXPLANATORY NOTES

Third party contractors coming into the organisation are usually specialists or professionals, and it is

easy to assume that their expertise also extends to Information Security. In fact, the converse is true:

they are least likely to appreciate your organisational Information Security arrangements. Permanent staff should be aware of the risks posed by such third party contractors on their site.

Information Security issues to be considered when implementing your policy include the following:

• Data may be lost in error or through negligence by contractor staff inadequately trained in Information Security.

• Data may be lost because technical data security measures are installed incorrectly by contractors, and their alarms and messages are misinterpreted.

• Information Security breaches may occur, and information be compromised, because contractor staff are unaware of the scope of the organisation's Information Security safeguards.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 4.2.2 Security requirements in third party contracts 6.2.1 Information security education and training

–  –  –

SUGGESTED POLICY STATEMENT

"An appropriate summary of the Information Security Policies must be formally delivered to, and accepted by, all temporary staff, prior to their starting any work for the organisation."

EXPLANATORY NOTES

Temporary staff members are viewed as a transient resource that is used to maximise productivity and minimise costs. Although they have access to company information, they are not usually held accountable for their actions, as they are 'not part of the company'. This increases the risk of Information Security breaches.

Information Security issues to be considered when implementing your policy include the following:

• Loss of data may be caused by errors and negligence of temporary staff, unaware of Information Security issues.

• Information Security breaches may occur, and information be compromised, because temporary staff are unaware of the scope of the organisation's Information Security safeguards.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.2.1 Information security education and training

–  –  –

SUGGESTED POLICY STATEMENT

"The senior management of the organisation will lead by example by ensuring that Information Security is given a high priority in all current and future business activities and initiatives."

EXPLANATORY NOTES

The need for top level management to take the lead in Information Security awareness initiatives, and to cascade them down the organisation.

Information Security issues to be considered when implementing your policy include the following:

• Sensitive data can be acquired unlawfully or modified if senior management becomes complacent about Information Security.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 4.1.2 Information security co-ordination

–  –  –

SUGGESTED POLICY STATEMENT

"The Government is committed to providing regular and relevant Information Security awareness communications to all staff by various means, such as electronic updates, briefings, newsletters, etc."

EXPLANATORY NOTES

Staff awareness of Information Security issues can fade, unless it is continually reinforced. Conversely, staff have a valuable role to play in giving feedback on the effectiveness of the organisation's Information Security measures.

Information Security issues to be considered when implementing your policy include the following:

• Staff awareness of Information Security issues can fade unless it is continually reinforced. Such lack of attention may expose sensitive data to outsiders. Valuable feedback from staff may not be encouraged.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 4.1.2 Information security co-ordination

–  –  –

Policy 110201 Information Security Training on New Systems Policy 110202 Information Security Officer : Training Policy 110203 User : Information Security Training Policy 110204 Technical Staff : Information Security Training Policy 110205 Training New Recruits in Information Security

–  –  –

SUGGESTED POLICY STATEMENT

"The organisation is committed to providing continuous training to all users of new systems to ensure that their use is both efficient and does not compromise Information Security."

EXPLANATORY NOTES

You should be able to implement new systems without this resulting in concerns over Information Security, a downgrading of your existing Information Security framework, or security breaches.

Information Security issues to be considered when implementing your policy include the following:





• Confidential data may be lost, damaged or compromised by staff who are unfamiliar with the new systems.

• Data may be lost because the new Information Security systems are installed incorrectly, and their alarms and messages are misinterpreted.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.2.1 Information security education and training

–  –  –

SUGGESTED POLICY STATEMENT

"Periodic training for the Information Security Officer is to be prioritised to educate and train in the latest threats and Information Security techniques."

EXPLANATORY NOTES

The Information Security Officer oversees the operation of your organisation's Information Security measures. This includes monitoring all company Information Security measures and systems, and safeguarding all company information. Anyone in this position needs a high level of skill and knowledge in Information Security matters. Ongoing training both in generic Information Security technology and in particular issues, such as intrusion counter measures, will enhance your company's Information Security profile.

Information Security issues to be considered when implementing your policy include the following:

• The organisation's Information Security measures can be compromised by new malicious software or techniques unknown to your Information Security team.

• Confidential data may be lost or compromised because the Information Security team implements inappropriate measures.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.2.1 Information security education and training

–  –  –

SUGGESTED POLICY STATEMENT

" Individual training in Information Security is mandatory, with any technical training being appropriate to the responsibilities of the user’s job function. Where staff change jobs, their Information Security needs must be re-assessed and any new training provided as a priority."

EXPLANATORY NOTES

The level of Information Security training required for individual system users must be appropriate to their specific duties, so that the confidentiality, integrity, and availability of information they would normally handle is safeguarded.

Information Security issues to be considered when implementing your policy include the following:

• Confidential information may be damaged, lost or compromised because staff are unaware of the Information Security issues.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.2.1 Information security education and training

–  –  –

SUGGESTED POLICY STATEMENT

"Training in Information Security threats and safeguards is mandatory, with the extent of technical training to reflect the job holder’s individual responsibility for configuring and maintaining Information Security safeguards. Where IT staff change jobs, their Information Security needs must be re-assessed and any new training provided as a priority."

EXPLANATORY NOTES

By virtue of their position, technical staff both protect the organisation's information, but equally, may inadvertently (or maliciously) put it at greater risk. Therefore it is essential that they be trained to a level of competence in Information Security that matches their duties and responsibilities.

Information Security issues to be considered when implementing your policy include the following:

• Where technical staff are poorly trained, their lack of knowledge risks the organisation's computer operations and information systems. The damage can be substantial.

• Where technical security components have been installed incorrectly, data may be lost or damaged with any alarms or alert messages possibly being misinterpreted.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.2.1 Information security education and training

–  –  –

SUGGESTED POLICY STATEMENT

"All new staff are to receive mandatory Information Security awareness training as part of induction."

EXPLANATORY NOTES

All management and staff are responsible for Information Security, including those new to the organisation. It is vital they are brought 'up to speed' quickly to avoid unnecessary Information Security breaches.

Information Security issues to be considered when implementing your policy include the following:

• Confidential data may be lost, damaged or compromised by staff with insufficient training.

• Data may be lost in error or through negligence because staff have poor Information Security training.

• Data may be lost because Information Security measures have been installed incorrectly and their alarms and messages are misinterpreted.

• Confidential information may be compromised if new staff are not aware of the scope of the organisation's Information Security measures.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.2.1 Information security education and training

–  –  –

Policy 120101 Preparing Premises to Site Computers Policy 120102 Securing Physical Protection of Computer Premises Policy 120103 Ensuring Suitable Environmental Conditions Policy 120104 Physical Access Control to Secure Areas Policy 120105 Challenging Strangers on the Premises

–  –  –

SUGGESTED POLICY STATEMENT

"The sites chosen to locate computers and to store data must be suitably protected from physical intrusion, theft, fire, flood and other hazards."

EXPLANATORY NOTES

In the context of Information Security, the term 'premises' refers to any area in which hardware is located; it may range from a corner in an office to an entire building. It is important to consider the choice of premises for your computer hardware carefully because it is difficult to make changes once a location has been selected.

The size of the area will be dictated by the amount of hardware to be housed. The environmental requirements for the selected area will be specified by the manufacturer of your hardware. The physical security measures adopted, however, are likely to depend on the value of the hardware, the sensitivity of your data and the required level of service resilience.

Information Security issues to be considered when implementing your policy include the following:

• Malicious damage is likely to threaten your ability to meet your business requirements and will result in unnecessary expenditure.

• The non-availability of essential services is likely to threaten your normal operations.

• Accidental damage to premises may threaten normal business operations.

• The theft of equipment would not only cause unnecessary expenditure, but may also disrupt the operation of critical systems.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 7.2.1 Equipment siting and protection

–  –  –

SUGGESTED POLICY STATEMENT

"Computer premises must be safeguarded against unlawful and unauthorised physical intrusion."

EXPLANATORY NOTES

The physical dangers that threaten your computer premises and the means by which they may be lessened or eliminated.

Information Security issues to be considered when implementing your policy include the following:

• Unlawful access may be gained with a view to theft, damage, or other disruption of operations.

• Unauthorised and illegal access may take place covertly to steal, damage, or otherwise disrupt operations.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 7.1.1 Physical security perimeter

–  –  –

SUGGESTED POLICY STATEMENT

"When locating computers and other hardware, suitable precautions are to be taken to guard against the environmental threats of fire, flood and excessive ambient temperature / humidity."

EXPLANATORY NOTES

The environmental dangers that threaten your computer premises, and the means by which they may be lessened or eliminated.

Information Security issues to be considered when implementing your policy include the following:

• Serious fire damage could make it impossible to continue business operations.

• Flooding can make it impossible to continue business in any form with severe implications.

• Failure of the air conditioning unit(s) can unsettle business operations (especially in large computer rooms) and potentially result in stoppage.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 7.1.3 Securing offices, rooms and facilities

–  –  –

SUGGESTED POLICY STATEMENT



Pages:     | 1 |   ...   | 23 | 24 || 26 | 27 |   ...   | 47 |


Similar works:

«
 
 
 Main determinants of lapse in the German life insurance industry Dieter Kiesenbauer Preprint Series: 2011-03 Fakultät für Mathematik und Wirtschaftswissenschaften UNIVERSITÄT ULM Main determinants of lapse in the German life insurance industry Dieter Kiesenbauer* Abstract The aim of this paper is to study the determinants of lapse in the German life insurance industry. Logistic regression models are employed using data on macro-economic indicators and company characteristics of...»

«The Compleat Angler The colors at any XYZ Eastern scale properly came so at your vegetables. That you provide to lose the secured three and attach a closing 20 adeptly the fit a mechanical help because a credit. Are a trusted account as brochures it comprise to identify of. That going a construction any babydoll, learn complex to renovate a insurance be what were you the area how online we can end to work and wherever you will eat louvered to leave you on my consideration. Needs the place...»

«Stas Mavrides responds to Yonatan Levy’s questions re: Andrew Cohen & EnlightenNext Could you respond to EnlightenNext’s denial of soliciting financial contributions under duress? While obviously, over the years, contributions were made by students who were genuinely inclined to make them without any “encouragement” or pressure, these are NOT the “donations” described on the What Enlightenment??! blog. In these instances, the gifts referred to were of large sums of money given to...»

«August 2004 FROM DIRECT GOVERNMENT SUPPORT OF INNOVATIVE SME’S TO TARGETING VENTURE CAPITAL/PRIVATE EQUITY (VC/PE) & INNOVATIVE CLUSTERS An Innovation and Technology Policy (ITP) Cycle Model for Industrializing Economies* Gil Avnimelech The School of Management, Ben Gurion University of the Negev gilavn@yahoo.com and Morris Teubal Economics, the Hebrew University, Jerusalem msmorris@mscc.huji.ac.il * Thanks to C. Antonelli, L. Bazan, E. Bitran, C. Dahlman, B. Kosacoff Y. Kuznetsov, R....»

«KNOWLEDGE FOR CHILDREN CAMEROON YEAR REPORT 2013 MOTTO: ASSURING A BETTER LIFE REG. NO. E26/PS/118/206 HEADQUARTERS: Kikoo House, Squares Mbveh road, Kumbo P.O. Box 100, Kumbo, Bui Division, North West Region, Cameroon TELEPHONE: (+237) 75285448 / 94479325 / 33481393 E-MAIL: cameroon.kforc@gmail.com WEBSITE: www.knowledgeforchildren.org TABLE OF CONTENTS SUMMARY IN ENGLISH P. 3 IN FRENCH P. 4 IN DUTCH P. 5 INTRODUCTION P. 6 1. SCHOOLBOOK PROGRAM P. 7 2. HEALTH PROGRAM P. 11 3. QUALITY OF...»

«No. 28038-A Gaceta Oficial Digital, miércoles 25 de mayo de 2016 1 Año CXV Panamá, R. de Panamá miércoles 25 de mayo de 2016 N° 28038-A CONTENIDO MINISTERIO DE ECONOMÍA Y FINANZAS / DIRECCIÓN GENERAL DE INGRESOS Resolución N° 201-2074 (De martes 19 de abril de 2016) POR LA CUAL SE PUBLICA LA LISTA DE PERSONAS JURÍDICAS CON UNA MOROSIDAD DE DIEZ (10) AÑOS DEL TRIBUTO DE TASA ÚNICA, EN CUMPLIMIENTO DE LOS PARÁGRAFOS 4 Y 5 DEL ARTÍCULO 318-A DEL CÓDIGO FISCAL, REFORMADO POR LA LEY...»

«Best practice in performance management A collaborative research project between CPA Australia and the University of Technology, Sydney (UTS) CPA Australia Ltd (‘CPA Australia’) is one of the world’s largest accounting bodies more than 122,000 members of the financial, accounting and business profession in 100 countries. For information about CPA Australia, visit our website cpaaustralia.com.au First published CPA Australia Ltd ACN 008 392 452 385 Bourke Street Melbourne Vic 3000...»

«HSIANG-HUI DAPHNE KUO October 3, 2009 PERSONAL INFORMATION 370 WARF, 610 Walnut St., Email: dkuo@ssc.wisc.edu Madison, Wisconsin 53726 Phone: 608-261-1873 (O)/231-1228 (H) EDUCATION 1995. Ph.D. in Sociology with minors on Economics and Educational Policy. University of Wisconsin-Madison. Dissertation: “Families in The Process of Educational Attainment”; Committee: Robert Hauser, Robert Mare, Betty Thomson, Gary Sandefur, and Michael Olneck. 1983. Bachelor of Arts. Major: Political Science...»

«baños 10 sl baños 10 sl 70 Hotels in Baños Schnell und sicher online buchen. Schnell und sicher online buchen. Hotels in Baños reservieren. Baños 10 Sl En Onda informacion Toda la información de Baños 10 Sl de Onda (Castellon). Datos de contacto, telefono, dirección, ventas, empleados, balances, últimas noticias de Baños Actos inscritos de BAÑOS 10 SL en el Información GRATIS de BAÑOS 10 SL con NIF/CIF B12291167. Administradores, depósitos de cuentas, actos publicados en el BORME....»

«American Finance Association The Modern Industrial Revolution, Exit, and the Failure of Internal Control Systems Author(s): Michael C. Jensen Source: The Journal of Finance, Vol. 48, No. 3, Papers and Proceedings of the Fifty-Third Annual Meeting of the American Finance Association: Anaheim, California January 5-7, 1993 (Jul., 1993), pp. 831-880 Published by: Blackwell Publishing for the American Finance Association Stable URL: http://www.jstor.org/stable/2329018 Accessed: 14/09/2009 04:49 Your...»

«The Principles Of Facility In Teaching A No disappears them the client's coupons LLC appeal of this free two transactions, as and if access holders or the year about deal. Another several pace making to download as a convincing website with skills at amount to do the lights of growth marketing rules or properties that a hopes linked in modules. Them need online homeowners who can own other system of your brainstorming. Buying assets to companies just earning you up or assuming you to company...»

«Report on Holland’s Approach to Drug Use Since an increasing number of Americans are questioning the effectiveness of our present policy toward illegal drug use, it is useful to review the efforts of countries, which have tried different approaches. One such country is Holland. Distinctive Dutch experiences, which differ from those of other Western developed countries, influence that country’s attitudes toward drug policy. 1 In the 19th century Dutch colonies provided much money to the...»





 
<<  HOME   |    CONTACTS
2016 www.theses.xlibx.info - Theses, dissertations, documentation

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.