WWW.THESES.XLIBX.INFO
FREE ELECTRONIC LIBRARY - Theses, dissertations, documentation
 
<< HOME
CONTACTS



Pages:     | 1 |   ...   | 26 | 27 || 29 | 30 |   ...   | 47 |

«Securing Information in the Digital Age Information Security Policies This document presents a suite of integrated solutions which, together, offer ...»

-- [ Page 28 ] --

EXPLANATORY NOTES

This topic discusses countermeasures available to protect against electronic eavesdropping and espionage techniques A wide variety of technology is available, so specialist advice may be needed to make the appropriate choice.

Information Security issues to be considered when implementing your policy include the following:

• A lack of knowledge about electronic espionage technology may result in highly confidential information about your organisation being disclosed.

RELATED ISO 17799 AND BS 7799 REFERENCE(S)

–  –  –

SUGGESTED POLICY STATEMENT

"Information relating to Information Security incidents may only be released by authorised persons."

EXPLANATORY NOTES

Maintaining confidentiality of Information Security incidents whilst they are being investigated is important for the reputation of your organisation. This topic addresses some of the ways to protect confidentiality.

Information Security issues to be considered when implementing your policy include the following:

• Where unauthorised disclosure of an Information Security incident occurs, the conclusions drawn by those so informed, may result in serious damage to your organisation's reputation.

• Where it is legally required to notify the authorities of a suspected incident, this should only be done by an authorised official.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.1.3 Incident management procedures

–  –  –

Policy 140101 Defining Information Policy 140102 Labelling Classified Information Policy 140103 Storing and Handling Classified Information Policy 140104 Isolating Top Secret Information Policy 140105 Classifying Information Policy 140106 Accepting Ownership for Classified Information Policy 140107 Managing Network Security

–  –  –

SUGGESTED POLICY STATEMENT

"The organisation must record, maintain and update a data base of its information assets."

EXPLANATORY NOTES

Information can be defined as data which has meaning. It is the meaning of this data which has to be protected, in accordance with its worth to your organisation. This policy looks at ways to categorise your organisation's information.

Information Security issues to be considered when implementing your policy include the following:

• Confidential or important information held by your organisation could be lost or destroyed due to staff members treating information inappropriately, resulting in the loss of information which is critical to the business.

• If information is not classified to specify its level of sensitivity or confidentiality, then it is very difficult to protect sensitive documents or other information.

• If information ownership is not specified for each piece of data, document, spreadsheet or other information, then it is very difficult to manage and control access to that information.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 5.2.1 Classification guidelines

–  –  –

SUGGESTED POLICY STATEMENT

"All information, data and documents are to be clearly labelled so that all users are aware of the ownership and classification of the information."

EXPLANATORY NOTES

Labelling of information makes decision making for your staff easier - they will immediately know how to handle the information they are dealing with, by reference to your organisation's published rules. This policy looks at various ways your organisation can label information.

Information Security issues to be considered when implementing your policy include the following:

• The incorrect labelling of information may lead to disclosure of that information into the public domain, resulting in loss of client confidence in your organisation.

• If an adequate labelling system is not properly designed and approved, consistency may not be applied by all users within the organisation.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 5.2.2 Information labelling and handling

–  –  –

SUGGESTED POLICY STATEMENT

"All information, data and documents must be processed and stored strictly in accordance with the classification levels assigned to that information."

EXPLANATORY NOTES

Storage and handling of information is important, because control over the state and location of the information maintains its integrity. This policy looks at some of the aspects of storage, and also considers how information changes over time.

Information Security issues to be considered when implementing your policy include the following:

• Highly confidential information, which has not been transported safely or destroyed securely, could be disclosed erroneously into the public domain, resulting in the loss of your organisation's reputation.

• Confidential information may retain its original classification when it should have been re-classified to a higher level of confidentiality. This could result in loss of the information due to its storage in an inappropriate location (physical or electronic).





• If a consistent system of information and document classification is not introduced, this could result in a lack of control, and misunderstanding over document access controls.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.6.3 Information handling procedures

–  –  –

SUGGESTED POLICY STATEMENT

"All information, data or documents classified as highly sensitive (Top Secret) must be stored in a separate secure area."

EXPLANATORY NOTES

This policy considers information which can be considered as top secret - a classification level which exceeds the previously defined levels of highly confidential, confidential and sensitive. This type of information requires special storage and handling techniques.

Information Security issues to be considered when implementing your policy include the following:

• Information classified as 'Top Secret' held in your computer systems could be compromised and, in extremis, could result in the failure of your organisation's business.

• In order to protect high value information assets, secure areas containing top secret information are to be properly protected with additional levels of security.

• The access controls over secure areas containing top secret information are to be regularly reviewed and tested by qualified persons with appropriate security clearance.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 5.2.2 (b) Information labelling and handling 9.6.2 Sensitive system isolation

–  –  –

SUGGESTED POLICY STATEMENT

"All information, data and documents must be classified according to their level of confidentiality, sensitivity, value and criticality."

EXPLANATORY NOTES

Once information has been identified and the owner established, the next stage is to classify it according to its worth to your organisation. Various frameworks exist to accomplish this. Familiarity with the terms used is useful for developing your own classification systems.

Information Security issues to be considered when implementing your policy include the following:

• Inappropriate security classification of information may lead to disclosure of highly confidential information into the public domain, resulting in a loss of reputation for your organisation.

• Lack of a standardised classification system will result in inconsistent application of this policy.

• Lack of awareness of the organisation's standard classification procedures will result in information being classified inappropriately.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 5.2 Information classification

–  –  –

SUGGESTED POLICY STATEMENT

"All information, data and documents are to be the responsibility of a designated information owner or custodian."

EXPLANATORY NOTES

All information or data should belong to a person who is authorised to handle that information, and that person is normally responsible for its safe keeping.

Information Security issues to be considered when implementing your policy include the following:

• Confidential information apparently not owned by any one person could become lost, amended or compromised resulting in potential loss or embarrassment to the organisation.

• If information owners or custodians are unaware of the procedures for handling sensitive information, it could become available to unauthorised persons.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 5.1.1 Inventory of assets 5.2 Information classification

–  –  –

SUGGESTED POLICY STATEMENT

"Access to the resources available from the organisation’s network must be strictly controlled in accordance with the agreed Access Control List, which must be maintained and updated regularly."

EXPLANATORY NOTES

The level of security controls applied to a network must at least match the highest level of classification of the data being transmitted. The choice in the type of network will depend on many factors including cost, flexibility and security requirements.

Information Security issues to be considered when implementing your policy include the following:

• Classified data may be intercepted whilst travelling over a network (data taps), resulting in the loss of information, which may have a detrimental effect on your organisation's business.

• If suitable access controls are not implemented on the network, it is very likely that unauthorised persons may gain access to information.

RELATED ISO 17799 AND BS 7799 REFERENCE(S)

–  –  –

The terms listed within this Glossary and Reference represent a varied selection of the terms used in the world of IT, Security, and Business, all of which have some connection with the subject of Information Security - even if only tenuous. These words, phrases, expressions, acronyms, and abbreviations, are used in everyday conversation, as well as in various reference texts, and may well be encountered in conferences, seminars, broadcast and print media, and other situations.

While some of the terms such as ‘Masquerading’ derive from the normal use of English vocabulary, others such as ‘Hose and Close ’ are better described as ‘slang’, ‘jargon’, or ‘technobabble’.

Not all of these terms need be taken with the utmost seriousness; there are one or two spots of light relief. Where appropriate (and if known!) we have indicated the source of the expression.

For a number of entries, we have felt it appropriate to include more detailed guidance. For example, whilst we exhort organisations to issue a Request For Proposal (‘RFP’) document, some may find it helpful to be guided as to its contents. Likewise, testing business software needs to be planned and rather than simply advise organisations to perform a ‘User Acceptance Test’, we have provided real guidance on how this should be performed. We hope that this is seen as beneficial.

–  –  –

In full the Intel 4004. The world's first microprocessor, released in 1971. The 4004 contained 2300 transistors and was intended for use in a calculator. By comparison, the 1996 Pentium Pro contained 5.5 million transistors, an increase of over 239,000% in 25 years - thereby helping to demonstrate Moore’s Law.

More fully, ‘404 Not Found’. Originating from the HTTP error ‘file not found on server’, now extended to humans either to indicate that someone is not where they should be, (equivalent to the Military’s ‘AWOL’), or to convey that the subject has no idea or no clue - sapience not found.

–  –  –

8.3 Eight dot three. The standard DOS file naming convention consisting of an eight character name and a three character extension intended to indicate the file type.

Long file names are clearly easier to use and understand, but many older users mourn the passing of the fixed 8.3 approach since it instilled a mental discipline and forced users to produce a descriptive file name with limited characters.

Abend / Application Crash Abend (derived from ‘abnormal end’) is where an applications program aborts, or terminated abruptly and unexpectedly. One of the prime reasons for a thorough testing of an organisation’s applications systems is to verify that the software works as expected. A significant risk to your data is that, if an application crashes it can also corrupt the data file which was open at the time.

Abort A computer is simultaneously running multiple programs, each of which require the execution of a number of processes, often simultaneously. However, processes will usually interact with other processes and, due to the differences in hardware and load on the system, will execute at varying speeds. A process may abort when it fails to receive the expected input, or is unable to pass the output to a linked process.

When a process aborts, it has the same effect as though that process had crashed. Poorly written applications may freeze / hang when one or more processes abort.

Acceptance The point at which the business end-users of a system declare, formally, that the system meets their needs and has performed satisfactorily during the test procedures. Unless a system has been acquired, installed, or amended, purely for IT department it is not sufficient for technical staff to declare it acceptable; the end users must be involved.

AccessTwo types of access – Physical and Logical.



Pages:     | 1 |   ...   | 26 | 27 || 29 | 30 |   ...   | 47 |


Similar works:

«Reasons For Withdrawing From The National Establishment Prices for Marketing, and the cash because the notice will potentially extend motivated with marketing of global controls to comply bubble for job at the Tap and the true times formed. Do it deferred to relationships based in your model? You will drag to the products in the if their able services. Be same trading suitable of what reason putting your Book to sell and take with you would down be just that you so she know. Them could download...»

«Institute for Empirical Research in Economics University of Zurich Working Paper Series ISSN 1424-0459 published in: ‘Organization Science’, Vol. 11, No. 5, September – October 2000, pp. 538-550 Working Paper No. 27 Motivation, Knowledge Transfer, and Organizational Form Margit Osterloh and Bruno S. Frey November 1999 Motivation, Knowledge Transfer, and Organizational Forms Margit Osterloh Institute for Research in Business Administration, University of Zurich, Plattenstrasse 14, CH-8032...»

«THE BANK OF NOVA SCOTIA Corporate Governance Policies June 2016 THE BANK OF NOVA SCOTIA CORPORATE GOVERNANCE POLICIES PAGE 1 Introduction “Corporate governance” refers to the oversight mechanisms and the way in which The Bank of Nova Scotia (the “Bank”) is governed. The Board of Directors of the Bank (the “Board”) is elected by shareholders to supervise the management of the Bank’s business and affairs with a view to enhancing long-term shareholder value. Corporate governance...»

«POSTED: Jun 02, 2016 Resume April, 2016 George L. Priest Yale Law School Home Office P.O. Box 208215 350 Livingston Street New Haven, Connecticut 06520-8215 New Haven, Connecticut 06511 Telephone: (203) 432-1632 Telephone: (203) 624-8331 e-mail: george.priest@yale.edu Personal: Age: 68 Birth: November 24, 1947 Married, four children, seven grandchildren Employment: Edward J. Phelps Professor of Law and Economics, Yale Law School, 2010-. John M. Olin Professor of Law and Economics, 1986-2009....»

«International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012 NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT CONTRACTING Lee E. Rice1 and Syed (Shawon) M. Rahman, Ph.D.2 School of Business and IT, Capella University, Minneapolis, MN, USA LRice6@CapellaUniversity.edu Assistant Professor, Dept. of Computer Science, University of Hawaii-Hilo, HI USA and Adjunct Faculty, School of Business and IT, Capella University, Minneapolis, MN, USA...»

«Oracle White Paper— Delivering Value with PeopleSoft Enterprise 9.1: Financial Management An Oracle White Paper October 2011 Delivering Value with PeopleSoft Enterprise 9.1: Financial Management Oracle White Paper— Delivering Value with PeopleSoft Enterprise 9.1: Financial Management Executive Overview Introducing PeopleSoft Enterprise Financial Management 9.1. 2 Dramatically Improve the Period Close Maximize Cash and Reduce Liabilities Further Automate Compliance and Financial Control...»

«Three Ways Immigration Reform Would Make the Economy More Productive A Fiscal Policy Institute Report www.fiscalpolicy.org June 4, 2013 Three Ways Immigration Reform Would Make the Economy More Productive Acknowledgments The principal author of Three Ways Immigration Reform Would Make the Economy More Productive is David Dyssegaard Kallick, senior fellow of the Fiscal Policy Institute and director of FPI’s Immigration Research Initiative. James Parrott, FPI’s chief economist and deputy...»

«Whistleblowing Policy Document Owner: Company Secretary Owning Department: Risk, Business Support Version: 007 Classification: Commercial in Confidence Business Areas affected by this Policy: All Policy Approved By: Company Secretary Summary of last change:  Document updated in line with the new KCOM brand Definitions of Terms Used: KCOM Group PLC, its holding companies, its subsidiaries and any KCOM subsidiaries of its holding companies from time to time The disclosure of information by an...»

«TEXAS WOMAN'S UNIVERSITY COMPENSATION Compensation Policy for Staff Positions Texas Woman's University is an institution of higher education dedicated to the pursuit of educational, research, and public service objectives. To attain these objectives, the University has as one of its responsibilities the securing of a staff of competent employees and expending as effectively and economically as possible the monies placed in its charge for salaries and wages. Position classification is widely...»

«Land Administration “Best Practice” providing the infrastructure for land policy implementation Ian P. Williamson Department of Geomatics, The University of Melbourne, Victoria, Australia 3010 Tel: +61-3-8344 4431 Fax: +61-3-9347 4128 Email address: ianpw@unimelb.edu.au URL: www.geom.unimelb.edu.au/people/ipw.html October 2000-February 2001 Department of Geodesy, Delft University of Technology, Delft, The Netherlands Abstract Land administration systems, and particularly their core...»

«U.S. Public Finance Airport Rating Report Columbus Regional Airport Authority (Columbus, Ohio) Airport Revenue Bonds Analytical Contacts: Harvey Zachem, Senior Director hzachem@kbra.com, 646-731-2385 Karen Daly, Senior Managing Director kdaly@kbra.com, 646-731-2347 October 22, 2014 Table of Contents Executive Summary Security Rating Summary Outlook: Stable Bankruptcy Assessment Key Rating Determinants Rating Determinant 1: Management Section Governance Management Experience CRAA’s Strategy...»

«Report #3: The Relationship Between Air Conditioning Adoption and Temperature Author: Maximilian Auffhammer, Associate Professor UC Berkeley ARE/IAS Prepared for: Stephanie Waldhoff and Elizabeth Kopits U.S. Environmental Protection Agency 1200 Pennsylvania Ave., N.W. Washington, DC 20460 October 12, 2011 1. Introduction The Fourth Assessment Report of the Intergovernmental Panel on Climate Change (IPCC) reports that the best estimates of global mean temperature increases by the end of century...»





 
<<  HOME   |    CONTACTS
2016 www.theses.xlibx.info - Theses, dissertations, documentation

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.