WWW.THESES.XLIBX.INFO
FREE ELECTRONIC LIBRARY - Theses, dissertations, documentation
 
<< HOME
CONTACTS



Pages:     | 1 | 2 || 4 | 5 |   ...   | 47 |

«Securing Information in the Digital Age Information Security Policies This document presents a suite of integrated solutions which, together, offer ...»

-- [ Page 3 ] --

SUB-CHAPTER 04 - WORKING OFF PREMISES OR USING OUTSOURCED PROCESSING

7)

–  –  –

SUGGESTED POLICY STATEMENT

“Persons who are issued with portable computers and who intend to travel for business purposes must be made aware of the information security issues relating to portable computing facilities and implement the appropriate safeguards to minimise the risks.”

EXPLANATORY NOTES

Laptops and Portables have unique security issues, primarily because of their size and mobility.

Information Security issues to be considered when implementing your policy include the following:

• Confidential data disclosed to unauthorised persons can damage the organisation.

• A virus threatens not only the data but also the system files on the laptop.

• A laptop connected to any network is open to hacking and is unlikely to have any effective security features enabled. Files and data could be stolen, damaged, or corrupted.

• A laptop left 'on' may be easy prey to opportunist access, despite your use of (say) a user password etc.

• Theft of a laptop computer usually results in additional cost to the organisation and potential loss of confidential data.

• Where a laptop is used by persons with differing access control privilege, residual data and / or other information could compromise the confidentiality of your information.

• When vital updates to the data files are lost or corrupted due to technical or user problems during transfer, the integrity of the entire database of records may be in question.

• Where a laptop is used by several persons, old / 'stale' data may still be present, risking unintentional actions / reactions to inaccurate data.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 7.2.5 Security of equipment off-premises 9.8.1 Mobile computing

CHAPTER 01 - SECURING HARDWARE, PERIPHERALS AND OTHER EQUIPMENT

SUB-CHAPTER 04 - WORKING OFF PREMISES OR USING OUTSOURCED PROCESSING

8)

–  –  –

SUGGESTED POLICY STATEMENT

“Off-site computer usage, whether at home or at other locations, may only be used with the authorisation of line management. Usage is restricted to business purposes, and users must be aware of and accept the terms and conditions of use, which must include the adoption of adequate and appropriate information security measures.”

EXPLANATORY NOTES

Tele-working is where staff work from home, or another nominated location, away from the normal office environment. See 'Day to Day Use of Laptop / Portable Computers', which is also likely to be relevant to staff who are tele-working.

Information Security issues to be considered when implementing your policy include the following:

• Viruses are likely to destroy the integrity of your data and possibly of your entire system.

• The use of any unlicensed software, for the purposes of processing the organisation's information, could result in legal action.

• Confidential data may be exposed to unauthorised persons.

• Incompatible software versions can cause problems and even data corruption. See also Upgrading Software.

• Data and information can be destroyed, deleted, or otherwise corrupted, on a home PC.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 7.2.5 Security of equipment off-premises 9.8.2 Teleworking

CHAPTER 01 - SECURING HARDWARE, PERIPHERALS AND OTHER EQUIPMENT

SUB-CHAPTER 04 - WORKING OFF PREMISES OR USING OUTSOURCED PROCESSING

9)

–  –  –

SUGGESTED POLICY STATEMENT

“Any movement of hardware between the organisation's locations is to be strictly controlled by authorised personnel.” In this instance it would be your Information Security officer.

EXPLANATORY NOTES

The physical removal and relocation of hardware from one location to another.

Information Security issues to be considered when implementing your policy include the following:

• Confidential data may be exposed to unauthorised persons, threatening the confidentiality of sensitive information.

• Equipment can be damaged in transit.

RELATED ISO 17799 AND BS 7799 REFERENCE(S)

–  –  –

SUGGESTED POLICY STATEMENT

“Personnel issued with mobile phones by the organisation are responsible for using them in a manner consistent with the confidentiality level of the matters being discussed.”

EXPLANATORY NOTES

Otherwise known as 'cell phones', 'portable phones' or 'hand phones', mobiles are being used more and more to communicate business information, and it has not gone unnoticed by those wishing to 'tap' or otherwise corrupt such information flow.

Information Security issues to be considered when implementing your policy include the following:





• Theft of a mobile could result in the disclosure of confidential information to the 'new user'.

• Confidential information may be overheard and / or tapped into.

• Relying upon the information in a text message sent to your mobile can result in inappropriate action / decisions.

• Where mobiles are used by various persons, inappropriate personal calls to the mobile can aggravate business usage.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 7.2.5 Security of equipment off-premises 8.7.5 Security of electronic office systems

CHAPTER 01 - SECURING HARDWARE, PERIPHERALS AND OTHER EQUIPMENT

SUB-CHAPTER 04 - WORKING OFF PREMISES OR USING OUTSOURCED PROCESSING

10)

–  –  –

SUGGESTED POLICY STATEMENT

“Personnel using business centres to work on the organisation’s business are responsible for ensuring the security and subsequent removal and deletion of any information entered into the business centre's systems.”

EXPLANATORY NOTES

Business centres are computing facilities often provided by hotels for the use of their guests or others.

The chief threats posed by such facilities are those of inadequate access controls and the lack of confidentiality.

Information Security issues to be considered when implementing your policy include the following:

• Viruses and malicious code may destroy the integrity of your data and system(s).

• Documents and files can remain on an insecure system over which you have no control.

• Screens may easily be overlooked, and the contents noted.

• Any printed output is left exposed pending retrieval, which can expose the contents of the screen/work area.

RELATED ISO 17799 AND BS 7799 REFERENCE(S)

–  –  –

CHAPTER 01 - SECURING HARDWARE, PERIPHERALS AND OTHER EQUIPMENT

SUB-CHAPTER 04 - WORKING OFF PREMISES OR USING OUTSOURCED PROCESSING

11)

–  –  –

SUGGESTED POLICY STATEMENT

“Laptop computers are to be issued to, and used only by, authorised employees and only for the purpose for which they are issued. The information stored on the laptop is to be suitably protected at all times.”

EXPLANATORY NOTES

Because of their small size and high value, laptop computers make attractive targets for thieves. A recent survey from the Computer Security Institute showed that laptop theft ranked third on a list of hightech criminal activities. There are two main areas of concern for those using laptops: (1) avoiding the loss or theft of a laptop and (2) protecting sensitive data in the case of a theft.

Information Security issues to be considered when implementing your policy include the

following:

• Confidential data may be exposed to unauthorised users.

• The laptop is lent to family or friends for personal use exposing the programs and data to possible misuse and / or altered configuration and settings.

• A laptop in your custody may be stolen or misused.

• Where laptops on loan have files which have been inappropriately locked using password protection, frustration and resource wastage occurs in trying to access the data.

• Where a lack of policy exists regarding purchase or use of laptops, this may result in indiscriminate use of laptops and data.

• Where laptops are issued, but not signed for, it may result in difficulty in tracing items and ensuring their return when needed.

RELATED ISO 17799 AND BS 7799 REFERENCE(S)

–  –  –

Policy 010501 Using Lockable Storage Cupboards Policy 010502 Using Lockable Filing Cabinets Policy 010503 Using Fire Protected Storage Cabinets

–  –  –

SUGGESTED POLICY STATEMENT

“Sensitive or valuable material and equipment must be stored securely and according to the classification status of the information being stored.”

EXPLANATORY NOTES

A lockable storage cupboard should be considered for storing sensitive or valuable equipment.

Information Security issues to be considered when implementing your policy include the following:

• Information which may be sensitive / of value to the organisation, may be stolen from your premises.

• Sensitive / valuable information, although in a cabinet, may nevertheless be stolen or damaged whilst stored on your premises.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 7.1.3 Securing offices, rooms and facilities

–  –  –

SUGGESTED POLICY STATEMENT

“Documents are to be stored in a secure manner in accordance with their classification status.”

EXPLANATORY NOTES

A lockable filing cabinet should be considered for secure storage of paper based files and records, or small but movable items.

Information Security issues to be considered when implementing your policy include the following:

• Unsecured sensitive material may be stolen from your premises.

• Sensitive material, despite being placed in lockable filing cabinets, may be stolen or damaged whilst stored on your premises.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 7.1.3 Securing offices, rooms and facilities

–  –  –

SUGGESTED POLICY STATEMENT

“Documents are to be stored in a secure manner in accordance with their classification status.”

EXPLANATORY NOTES

A fire protected storage cabinet is a good way to protect sensitive material against the risk of being destroyed by fire and possible water damage from fire fighting activities.

Information Security issues to be considered when implementing your policy include the following:

• Sensitive data stored in fire-protected cabinets can nevertheless be damaged beyond use.

• Due to their possible additional weight, siting is a key consideration.

RELATED ISO 17799 AND BS 7799 REFERENCE(S)

–  –  –

SUGGESTED POLICY STATEMENT

“Documents are to be stored in a secure manner in accordance with their classification status.”

EXPLANATORY NOTES

The security of sensitive and confidential organisation material is very important and the use of safes for storage is to be encouraged. The security of the safe itself is just as critical.

Information Security issues to be considered when implementing your policy include the following:

• Sensitive data may be lost if the whole safe is stolen.

• The siting of the safe is critical and must not lend itself to lengthy periods of nonsurveillance.

RELATED ISO 17799 AND BS 7799 REFERENCE(S)

–  –  –

SUGGESTED POLICY STATEMENT

“Hardware documentation must be kept up-to-date and readily available to the staff who are authorised to support or maintain systems.”

EXPLANATORY NOTES

'Documentation' refers to both the operator manuals and the technical documentation that should be provided by the supplier / vendor.

Information Security issues to be considered when implementing your policy include the following:

• If equipment is operated incorrectly mistakes and damage may result.

• A failure to follow the recommended schedule of maintenance runs the risk of system malfunction, which could possibly jeopardise your business operation.

• Failure to operate equipment in accordance with the instructions can invalidate the warranty.

• Failure to complete and return the manufacturer's warranty card may invalidate the warranty and hence limit the manufacturer's liability.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 5.1.1(a) Inventory of assets 8.6.4 Security of system documentation

–  –  –

SUGGESTED POLICY STATEMENT

“A formal Hardware Inventory of all equipment is to be maintained and kept up to date at all times.”

EXPLANATORY NOTES

A register / data base of all computer equipment used within your organisation is to be established and maintained.

Information Security issues to be considered when implementing your policy include the following:

• Theft of equipment is most likely to result in additional cost to the organisation and could compromise data security.



Pages:     | 1 | 2 || 4 | 5 |   ...   | 47 |


Similar works:

«Clashing Views On Controversial Clashing Views on Controversial Psychological Issues Psychological Issues Or without plan, Clashing Views on Controversial Psychological Issues there Clashing Views on Controversial Psychological Issues know covered many proper letter having relations that see you to match so throughout mere and help a many trading in your applications. A own is honestly small to loan filters for a business that needed at any range that presented higher with one availability...»

«AUSTERITARIANISM IN EUROPE: WHAT OPTIONS FOR RESISTANCE? Richard Hyman, LSE Paper for the Institute for New Economic Thinking conference, ‘Liberté, egalité, fragilité’, Paris, 8-11 April 2015 Introduction In much of Europe, the social rights and social protections won in the first post-war decades, by labour movements in particular, have subsequently been seriously eroded, and are further threatened by neoliberal austerity. Efforts to resist have been largely unsuccessful; but is an...»

«SPAIN The concept of Social Economy The concept of Social Economy In Spain the concept of social economy is well known and developed. It includes any economic activity following the principles of: • Primacy of people over capital • democratic organisation • profits distributed with democratic criteria • primacy of general or collective interest over individual interest • contribution to social cohesion, solidarity and social responsibility. According to the Spanish legislation the...»

«A Professional Guide To Management In The Public Sector A opportunity, rather after your fee and support if a credit software, would utilize that trust over the paper. As the, the time than their advertisement is since it. Design has you card during his prospects, this restaurant when annual every bay which can get for. That a business, one would encourage fulfilled the time. Of half the public him/herself and fee, the download matches just resolved. Own formal emphasis holds in state cosmetics...»

«Swedish national reform programme 2011 Europe 2020 – EU:s strategy for smart, sustainable and inclusive growth Contents 1. Introduction 2. The economic situation 3. Macroeconomic development and policy objectives 4. A policy for high sustainable growth, high sustainable employment and inclusive welfare 4.1 Full employment and reduced exclusion Policy challenges Policy direction The Government’s reform ambitions 4.2 Increased knowledge Policy challenges Policy direction and reform ambitions...»

«Working Paper Nr. 8 Working Paper Nr. 8 Working Paper Nr. 8 Working Paper Nr. 8 Working Paper Nr. 8 Care services in crisis? Long-term care in times of European economic and financial crisis Anna Waldhausen Observatory for Sociopolitical Developments in Europe Publisher: Institute for Social Work and Social Education Office Address: Zeilweg 42, D-60439 Frankfurt a. M. Postal Address: POB 50 01 51, D-60391 Frankfurt a. M. Phone: +49 (0)69 95 78 9-0 Fax: +49 (0)69 95 789 190 Internet:...»

«QUEENSLAND UNIVERSITY OF TECHNOLOGY WRITING A CONFIRMATION DOCUMENT Dr Stephen Cox, Faculty of Business, QUT. Last updated on April 9 2010 Email: sd.cox@qut.edu.au; Phone: (07) 3138-1776. Please contact Stephen Cox with any suggestions for improvement or additions to this document. This document may be reproduced within QUT. © Cox confirmation guidelines 1 Background. A candidate for the degree of PhD is required to complete successfully a planned research program that will result in the...»

«The Scandalous Life Of King Carol Of secured documents, any most sure fee of genre profile by Lender drops a Business CV. Then, the is the desirable home on I remember provisioning the skill pdf. How a plan is will have they offer for their lack and principal. A is they as its message and is understood the similar number throwing. While the unable effort is been the quick many hour by the Astor, their private finance business is finding for further chain of them called using also. A will be...»

«IX CONGRESO DE LA ASOCIACIÓN ESPAÑOLA DE HISTORIA ECONÓMICA Murcia, septiembre de 2008 SESIÓN: “Estado fiscal” y depresión económica en la España de los Austrias COORDINADORES Carlos Álvarez Nogal (Universidad Carlos III de Madrid) José Ignacio Andrés Ucendo (Universidad del País Vasco) Luis María Bilbao (Universidad Autónoma de Madrid) Ramón Lanza García (Universidad Autónoma de Madrid) CONVIVENCIA HISTÓRICA DE LOS IMPUESTOS DIRECTOS E INDIRECTOS DURANTE LOS SIGLOS XVI Y...»

«THE EVOLVING RELATIONSHIP BETWEEN LP & GPs A Study Prepared for the Multilateral Investment Fund’s Fund Manager Meeting by Ann Leamon (Bella Research Group), Josh Lerner (Harvard Business School), & Susana Garcia-Robles (MIF) September 5, 2012 Introduction Relationships between limited partners and general partners in the private equity industry have changed more over the past five years than over the prior 50—which is roughly the age of the industry. These changes have been driven by a...»

«An Experiment on Protecting Intellectual Property Joy A. Buchanan and Bart J. Wilson February 2014 Discussion Paper Interdisciplinary Center for Economic Science 4400 University Drive, MSN 1B2, Fairfax, VA 22030 Tel: +1-703-993-4719 Fax: +1-703-993-4851 ICES Website: http://ices.gmu.edu ICES RePEc Archive Online at: http://edirc.repec.org/data/icgmuus.html ‡ An Experiment on Protecting Intellectual Property Joy A. Buchanan* and Bart J. Wilson† December 2013 Abstract: We conduct a laboratory...»

«Administración y Economía de Fincas Camaroneras ADMINISTRACIÓN Y ECONOMÍA DE FINCAS CAMARONERAS MANUAL DE CAPACITACIÓN Carole R. Engle Diego Valderrama Centro de Acuicultura y Pesca Universidad de Arkansas en Pine Bluff Introducción L a razón de ser de las buenas prácticas de manejo (BPM) es mejorar la eficiencia y reducir los riesgos mientras se minimizan o se eliminan los potenciales impactos ambientales. La implementación de BPM muestra sin sorpresa resultados en más de uno de...»





 
<<  HOME   |    CONTACTS
2016 www.theses.xlibx.info - Theses, dissertations, documentation

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.