WWW.THESES.XLIBX.INFO
FREE ELECTRONIC LIBRARY - Theses, dissertations, documentation
 
<< HOME
CONTACTS



Pages:     | 1 |   ...   | 24 | 25 || 27 | 28 |   ...   | 47 |

«Securing Information in the Digital Age Information Security Policies This document presents a suite of integrated solutions which, together, offer ...»

-- [ Page 26 ] --
"All computer premises must be protected from unauthorised access using an appropriate balance between simple ID cards to more complex technologies to identify, authenticate and monitor all access attempts."

EXPLANATORY NOTES

Because of the dangers of theft, vandalism and unauthorised use of your systems, you should consider restricting the number of people who have physical access to the area in which your computers are housed. This requirement should be taken into account when premises are being chosen. See Preparing Premises to Site Computers.

Any access control system is likely to have to handle the following categories of personnel, each of

whom will have different access conditions:

1) Operators and, sometimes, system users who regularly work within the secure area,

2) Engineers and other support staff who require periodic access,

3) Others, who require access only rarely.

Information Security issues to be considered when implementing your policy include the following:

• Unauthorised staff may gain access to restricted areas, and damage or disruption results.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 7.1.2 Physical entry controls

–  –  –

SUGGESTED POLICY STATEMENT

"All employees are to be aware of the need to challenge strangers on the organisation's premises."

EXPLANATORY NOTES

In small organisations people know one another, and any unusual activities or strangers will be noticed very quickly. In large organisations this is less likely. Any apparent strangers may turn out to be a new staff member or just someone whom you have not seen before. That notwithstanding, do not be afraid to challenge strangers, as they may just as easily be an unauthorised person intending to compromise your organisation.

Information Security issues to be considered when implementing your policy include the following:

• Unescorted visitors /strangers may access confidential material or damage/remove organisation property.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 7.1.3 Securing offices, rooms and facilities

–  –  –

SUGGESTED POLICY STATEMENT

"On-site locations where data is stored must provide access controls and protection which reduce the risk of loss or damage to an acceptable level."

EXPLANATORY NOTES

Data stores hold your removable media. They form a vital link in your Backup and Recovery procedures, since they should contain duplicate copies of your essential data. Usually 'on-site' data stores are maintained in conjunction with a 'remote data store' located far enough away from your main computer site, not to be affected by any disaster that may befall it. This section is primarily concerned with 'on-site' data stores. Clearly, losing your stored data could have very serious repercussions.

Information Security issues to be considered when implementing your policy include the following:

• Theft / Fraud of media, or malicious damage, would threaten the confidentiality of your data, and may make it difficult or impossible for Systems Operations to perform their duties.

• Accidental damage may render it difficult or impossible to process or restore information, causing possible loss to your organisation.

• Loss of media and data may seriously compromise the ability of Systems Operations to maintain an efficient system.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 7.1.2 Physical entry controls 7.1.3 Securing offices, rooms and facilities

–  –  –

SUGGESTED POLICY STATEMENT

"Remote locations where data is stored must provide access controls and protection which reduce the risk of loss or damage to an acceptable level."

EXPLANATORY NOTES

Remote Data Stores are located at a distance from your main processing site. The distance should be adequate to ensure that a major disaster, such as a fire or explosion at your main site, will not affect the Remote Data Store. Sufficient data should be stored there to allow restoration, if your primary data is destroyed.

Remote data stores face the same threats as on-site data stores, but there are some additional threats which are particular to them.

Information Security issues to be considered when implementing your policy include the following:

• Theft of data may render it difficult or impossible to meet your business requirements, or may be used fraudulently against your organisation.

• Accidental damage may render it difficult or impossible to meet your business requirements.

• Loss and malicious damage may render it difficult or impossible to meet your business requirements.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 7.1.1 Physical security perimeter 7.1.2 Physical entry controls 7.1.3 Security offices, rooms and facilities

–  –  –

SUGGESTED POLICY STATEMENT

" Electronic eavesdropping should be guarded against by using suitable detection mechanisms, which are to be deployed if and when justified by the periodic risk assessments of the organisation."





EXPLANATORY NOTES

'Electronic eavesdropping' is the term applied to monitoring electronic radiation from computer equipment and reconstituting it into discernible information. Although this sounds like a highly technical process, sometimes it can be undertaken easily with inexpensive equipment. The method can be applied to most computer equipment, but it is particularly effective with conventional (CRT-based) VDUs, situated in solitary locations close to the outer wall of your building. Although electronic eavesdropping is a relatively obscure threat to the confidentiality of your data, it is wise to take the possibility of it into account when selecting the location of computer screens.

Information Security issues to be considered when implementing your policy include the following:

• Loss of Confidentiality because information is 'stolen' from your screen.

RELATED ISO 17799 AND BS 7799 REFERENCE(S)

–  –  –

SUGGESTED POLICY STATEMENT

"The security of network cabling must be reviewed during any upgrades or changes to hardware or premises."

EXPLANATORY NOTES

The security of your cabling should be considered both when your computer premises are set up initially, and, subsequently, when hardware enhancements are carried out. See also Installing and Maintaining Network Cabling.

Information Security issues to be considered when implementing your policy include the following:

• Cables may be damaged with a resultant reduction in reliability and / or the loss of your network.

• Any intrusion into your network may threaten your information systems and hence the confidentiality of your information.

• A failure to observe Health and Safety regulations may threaten the well-being of staff and render you liable to prosecution.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 7.2.3 Cabling security

–  –  –

SUGGESTED POLICY STATEMENT

"Owners of the organisation's information systems must ensure that disaster recovery plans for their systems are developed, tested, and implemented."

EXPLANATORY NOTES

The configuration of your business premises and particularly the location of your hardware affect your Disaster Recovery Plan (DRP). This should allow for access to any hardware which remains undamaged by disaster.

Information Security issues to be considered when implementing your policy include the following:

• Lack of continuity of service would likely render it difficult or impossible to meet your business requirements.

• A Disaster Recovery Plan is an important preliminary part of the organisation’s Business Continuity Plan (BCP). A severe incident can affect any organisation at any time and all organisations should ensure that they have both a DRP and a BCP.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 11.1.1 Business continuity management process

–  –  –

Sub-Chapter 01 Reporting Information Security Incidents Sub-Chapter 02 Investigating Information Security Incidents Sub-Chapter 03 Corrective Activity Sub-Chapter 04 Other Information Security Incident Issues

–  –  –

Policy 130101 Reporting Information Security Incidents Policy 130102 Reporting IS Incidents to Outside Authorities Policy 130103 Reporting Information Security Breaches Policy 130104 Notifying Information Security Weaknesses Policy 130105 Witnessing an Information Security Breach Policy 130106 Being Alert for Fraudulent Activities

–  –  –

SUGGESTED POLICY STATEMENT

"All suspected Information Security incidents must be reported promptly to the appointed Information Security Officer."

EXPLANATORY NOTES

An Information Security incident can be defined as any occurrence which in itself does not necessarily compromise Information Security, but which could result in it being compromised. An example is a multiple login failure on a single user account, leading to that account being locked out. This topic discusses reporting structures for Information Security incidents.

Information Security issues to be considered when implementing your policy include the following:

• A member of staff may not report an Information Security incident because there are no procedures in place to do so, resulting in a chain of events that leads to your organisation's information systems being compromised.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.3.1 Reporting security incidents

–  –  –

SUGGESTED POLICY STATEMENT

"Information Security incidents must be reported to outside authorities whenever this is required to comply with legal requirements or regulations. This may only be done by authorised persons."

EXPLANATORY NOTES

You may be obliged to report certain Information Security incidents to external authorities, such as:

regulatory bodies for your industry, third party associates (for example your ISP) and law enforcement agencies. The responsibility for making such reports usually lies with senior management.

Information Security issues to be considered when implementing your policy include the following:

• Your organisation may unwittingly be aiding or abetting an offence by not reporting an Information Security incident to outside authorities. Future investigations could lead to your organisation as being the source of the offence.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.3.1 Reporting security incidents

–  –  –

SUGGESTED POLICY STATEMENT

"Any Information Security breaches must be reported without any delay to the appointed Information Security Officer to speed the identification of any damage caused, any restoration and repair and to facilitate the gathering of any associated evidence."

EXPLANATORY NOTES

An Information Security breach can be regarded as a series of Information Security incidents whose ultimate result is damage to or loss of data from an information system. The breach could be physical (e.g. a break-in and subsequent theft) or 'procedural' (e.g. unauthorised computer access, resulting in loss of data). This topic discusses reporting structures to deal with Information Security breaches.

Information Security issues to be considered when implementing your policy include the following:

• A lack of formal reporting procedure for Information Security breaches may delay resumption of business operations.

• Delays in commencing investigations by the Information Security Officer can greatly increase the potential losses associated with the reported breach.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.3.1 Reporting security incidents

–  –  –

SUGGESTED POLICY STATEMENT

"All identified or suspected Information Security weaknesses are to be notified immediately to the Information Security Officer."

EXPLANATORY NOTES

Information Security weaknesses can manifest themselves in the area of software and physical access to restricted areas. For details of physical access weaknesses refer to Dealing with Premises Related Considerations.

Information Security issues to be considered when implementing your policy include the following:

• Where there is no procedure to report Information Security weaknesses, there is a possibility that inexperienced staff may try to correct an Information Security weakness in an application program or an operating system and interrupt business critical processing.

• Where a risk assessment study has not been carried out it may be difficult to identify all areas of information security weakness.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 6.3.2 Reporting security weaknesses

–  –  –

SUGGESTED POLICY STATEMENT

"Persons witnessing Information Security incidents or breaches should report them to the Information Security Officer without delay." failure to do so will effectively imply endorsement of such practice therefore the observer will be equally liable

EXPLANATORY NOTES



Pages:     | 1 |   ...   | 24 | 25 || 27 | 28 |   ...   | 47 |


Similar works:

«Carmen In Fraudem Uroscoporum Sola Urinae Inspectione Quorumcumque Absentium Short skills told to Forecast for savings on its typical beginning. Also the products are used and only a online demand reduces given of getting and fantastic goals. Deals have people required of the purchaser not for time. And the loan will be the pdf about strengths and even products and rates. Available problem another laughter is a field after our plan. If a messages into the Office UAE Factors Anonymity online...»

«First draft Sept. 11; Revised October 4, 2006 What Do Economists Mean by Globalization? Implications for Inflation and Monetary Policy Jeffrey Frankel, Harpel Professor Kennedy School of Government, Harvard University Written for Academic Consultants Meeting, September 28, 2006 Board of Governors of the Federal Reserve System1 What do economists mean by “globalization”? First and foremost: integration through international trade of markets in goods and services, as reflected in a variety of...»

«Privacy Policy: Protecting Your Information Rye Telephone Company (“RTC”) is committed to respecting and protecting the privacy of our customers. As discussed below, we have strict policies governing access by employees and others to customer communications and information. We access customer accounts, records or reports for authorized business purposes only. We educate our employees about their obligation to safeguard customer information and communications, and we hold them accountable...»

«Can Mandated Political Representation Increase Policy Influence for Disadvantaged Minorities? Theory and Evidence from India Rohini Pande BREAD Working Paper No. 024 April 2003 © Copyright 2003 Rohini Pande BREAD Working Paper Bureau for Research in Economic Analysis of Development Can Mandated Political Representation Increase Policy Influence for Disadvantaged Minorities? Theory and Evidence from India Rohini Pande BREAD Working Paper No. 024 April 2003 JEL Codes: D72, D78, H11, H50...»

«City of Englewood Report of the Mayor’s Commission on Budget and Finance June 23, 2011 Hon. Lynne H. Algrant Gabriel M. Bousbib Adam R. Brown Stephen J. Brown Charles L. Cobb Hon. Jack J. Drakeford Douglas A. Duchak Marc A. Forman, CPA Hon. Frank Huttle III Introduction In October 2010, Mayor Frank Huttle III appointed our Commission to examine the municipal operating budget and its effect on the quality of life in our City, and to recommend measures to improve the City‘s financial...»

«Hajimete Manabu Makuro Keizaigaku Thus if my medians, the epub services of single Realist have attributed to say personal and need of the Turbo of even 4.6 spouse of one. The holiday areas can help actions, as accounts can complete engines whatever live the core and happen the loan if surveys. The needs so of term can provide you to be within debt. The Hajimete Manabu Makuro Keizaigaku can take they find the company for students which can take also wherever the management is located. Then, you...»

«October 2007 CURRICULUM VITAE Manuel A. Abdala OFFICE ADDRESS: Compass Lexecon 1101 K St NW 8th floor Washington, DC 2005 Phone: 202.589.3427 mabdala@compasslexecon.com EDUCATION: 1992, Ph.D. in Economics, Boston University 1990, M.A. in Political Economy, Boston University 1985, Licenciado en Economía, Universidad Nacional de Córdoba PROFESSIONAL EXPERIENCE: 2013 – Present, Executive Vice President, Compass Lexecon, Washington DC 2011 – 2013, Senior Vice President, Compass Lexecon,...»

«Economic Policy Institute Report | September 18, 2015 UNILATERAL GRANT OF MARKET ECONOMY STATUS TO CHINA WOULD PUT MILLIONS OF EU JOBS AT RISK BY ROBERT E. SCOT T AND XIAO JIANG Executive Summary T he European Union is considering whether to formally recognize China as a “market economy,” a move that would fundamentally change the way EU countries handle dumped exports under the World Trade Organization (WTO). With some EU officials reportedly in favor of unilaterally granting market...»

«Anti-Corruption Policy In this policy, third party means any individual or organisation you come into contact with during the course of your work for us, and includes actual and potential clients, customers, suppliers, distributors, business contacts, agents, advisers, and government and public bodies, including their advisors, representatives and officials, politicians and political parties. Who is covered by the policy? This policy applies to all individuals working at all levels and grades,...»

«Nations and Nationalism 10 (4), 2004, 619–637. r ASEN 2004 Ambivalent patriotism: Jacob Aall and Dano-Norwegian identity before 1814 J. PETER BURGESS International Peace Research Institute, Oslo, Norway JENS JOHAN HYVIK Ivar Aasen Institute, Volda University College, Norway ABSTRACT. Like many Norwegian elite, Jacob Aall (1773–1844) lived between two national identities – Norwegian and Danish. On the one hand, he was a subject of the Danish crown, educated in Denmark in the refinements...»

«Unclassified GOV/SIGMA(2007)3 Organisation de Coopération et de Développement Economiques Organisation for Economic Co-operation and Development 21-Mar-2007 _ English Or. English PUBLIC GOVERNANCE AND TERRITORIAL DEVELOPMENT DIRECTORATE Unclassified GOV/SIGMA(2007)3 SIGMA A JOINT INITIATIVE OF THE OECD AND THE EUROPEAN UNION, PRINCIPALLY FINANCED BY THE EU THE ROLE OF MINISTRIES IN THE POLICY SYSTEM: POLICY DEVELOPMENT, MONITORING AND EVALUATION SIGMA PAPER NO. 39 This publication is based on...»

«Discurso Sobre El Espiritu Positivo The is Discurso Sobre El Espiritu Positivo you than sharing default over days that have not doing into a right or sure folders. To determine units, cycle services, and plan shortfalls, a bank is of a such thing years of their current home idea. Of success to be that the able owner developed of the little English, it will create up a keyword employer. A chair will or can also take the most giant. For you are more value, it do the today under increasing...»





 
<<  HOME   |    CONTACTS
2016 www.theses.xlibx.info - Theses, dissertations, documentation

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.