WWW.THESES.XLIBX.INFO
FREE ELECTRONIC LIBRARY - Theses, dissertations, documentation
 
<< HOME
CONTACTS



Pages:     | 1 |   ...   | 2 | 3 || 5 | 6 |   ...   | 47 |

«Securing Information in the Digital Age Information Security Policies This document presents a suite of integrated solutions which, together, offer ...»

-- [ Page 4 ] --

• Inadequate insurance could render your organisation liable to loss in the event of a claimable event.

• Shortcomings in the planning of equipment replacement, can make it difficult to plan ahead for new technology.

• Where documentation is poor, or perhaps non existent, the planning and performance of upgrades to equipment can be both time consuming and also fraught with problems.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 5.1.1 Inventory of assets

–  –  –

Policy 010706 Logon and Logoff from your Computer Policy 010707 Dealing with Answering Machines / Voice Mail Policy 010708 Taking Equipment off the Premises Policy 010709 Maintaining Hardware (On-site or Off-site Support) Policy 010710 Using Speed Dialling Telephone Options Policy 010711 Cleaning of Keyboards and Screens

–  –  –

SUGGESTED POLICY STATEMENT

“Equipment owned by the organisation may only be disposed of by authorised personnel who have ensured that the relevant security risks have been mitigated.”The re-use of such declared equipment should be investigated for the benefit of socio-economic upliftment in the light of Bridging the digital Divide.

EXPLANATORY NOTES

This policy deals with the issues that should be addressed when disposing of your computer equipment, either for use by others, or for scrap / re-cycle.

Information Security issues to be considered when implementing your policy include the following:

• Legacy data from old systems can still remain accessible and thus compromise the confidentiality of information.

• Inadequate planning for the disposal and upgrade of entire systems can threaten business continuity and result in severe loss.

• Equipment used periodically but infrequently may be disposed of accidentally.

• Breaches of health and safety requirements threaten the well-being of your staff and render you liable to prosecution.

• The disposal of old equipment can prevent the restoration of its associated data files on which you may be relying.

• During the legitimate disposal of unwanted equipment other items can be 'lost' or stolen.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 14) 7.2.6 Secure disposal or re-use of equipment

–  –  –

SUGGESTED POLICY STATEMENT

“All information system hardware faults are to be reported promptly and recorded in a hardware fault register.”

EXPLANATORY NOTES

16) Hardware faults are to be recorded and reported to the appropriate trained staff or maintenance firms for corrective action.

Information Security issues to be considered when implementing your policy include the following:

• No procedures in place to handle hardware fault reporting will result in ad-hoc and variable response and record keeping.

• Insufficient data may result in incorrect diagnosis of the fault or a possible security breach.

• Lack of any proactive preventative maintenance.

• Failure to identify a 'pattern' of problems and faults can delay remedying the problem.

• Failure to record faults can impede a claim against the manufacturer or vendor. Errors may be compounded due to delays in fault or incident reporting.

• No procedures in place to handle hardware fault reporting, recording, and maintenance.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 7.2.4 (c) Equipment maintenance 8.4.3 Fault logging

–  –  –

SUGGESTED POLICY STATEMENT

“All computing equipment and other associated hardware belonging to the organisation must carry appropriate insurance cover against hardware theft, damage, or loss.”

EXPLANATORY NOTES

The need to provide adequate insurance for your hardware.

Information Security issues to be considered when implementing your policy include the following:

• Your business may be compromised, and possibly jeopardised, if systems are not available and adequate insurance cover is not available when needed.

• Financial loss may arise from inadequate insurance cover.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 7.2.4 (d) Equipment maintenance 7.2.5 (d) Security of equipment off-premises

–  –  –

SUGGESTED POLICY STATEMENT

“All portable computing equipment is to be insured to cover travel domestically or abroad.”

EXPLANATORY NOTES

There are additional Information Security issues in respect of insuring mobile hardware, including the impact of potential theft and damage to information and data.

Information Security issues to be considered when implementing your policy include the following:

• Shortfalls in the extent of the cover may lead to unexpected losses for your organisation.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 7.2.4 (d) Equipment maintenance 7.2.5 (d) Security of equipment off-premises

–  –  –





SUGGESTED POLICY STATEMENT

“All users of workstations, PCs / laptops are to ensure that their screens are clear / blank when not being used.”

EXPLANATORY NOTES

With open plan offices becoming common you could accidentally expose confidential material.

Information can be read from your screen, especially when your workstation is logged on and you are away from your desk. A Clear Screen Policy is an effective safeguard.

Information Security issues to be considered when implementing your policy include the following:

• If your screen is readable when you are absent from your desk or work area, this may result in sensitive information being read and 'leaked' to unauthorised persons.

• When people can see when a sensitive system is being accessed, it facilitates either premeditated or opportunistic attempts to read and copy the data when the PC is left unattended; even for a short period.

RELATED ISO 17799 AND BS 7799 REFERENCE(S)

–  –  –

SUGGESTED POLICY STATEMENT

“Approved login procedures must be strictly observed and users leaving their screen unattended must firstly lock access to their workstation or log off.”

EXPLANATORY NOTES

The access to the vast majority of systems is via a logon process. The security of the system is therefore highly dependant on suitable logon and logoff procedures. See also Access Control.

Information Security issues to be considered when implementing your policy include the following:

• Unauthorised access to systems may be gained via a valid user ID and password if these are not kept secure.

• Incorrect logon scripts and access rights may allow access to unauthorised areas.

• Unauthorised access to files may result in the confidentiality of data being compromised.

• Where the 'User Logon Register' or operator / administrator logs show incorrect or unusual entries, it could indicate that data has been accessed and therefore possibly lost or stolen.

• You may be unable to logon to the system and denied service.

RELATED ISO 17799 AND BS 7799 REFERENCE(S)

–  –  –

SUGGESTED POLICY STATEMENT

“Sensitive or confidential information must not be recorded on Answering Machine / Voice Mail systems.”

EXPLANATORY NOTES

Answering machines and Voice Mail are used to record a message because the called party is unavailable to take your call. Leaving confidential information on an answering machine can result in a breach of confidentiality.

Information Security issues to be considered when implementing your policy include the following:

• When leaving a message, you could give confidential information to unauthorised parties.

• When recording a message to be played back to callers, you may inadvertently alert them to your absence or convey confidential information (in an attempt to be 'helpful').

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.7.5 Security of electronic office systems 8.7.7 Other forms of information exchange

–  –  –

SUGGESTED POLICY STATEMENT

“Only authorised personnel are permitted to take equipment belonging to the organisation off the premises; they are responsible for its security at all times.”

EXPLANATORY NOTES

When taking organisation equipment off site, once proper authorisation has been obtained, the next key consideration is the physical security of the equipment. A further critical consideration is the security of any information contained on it. Often, the data is far more valuable than the equipment itself.

Information Security issues to be considered when implementing your policy include the following:

• Confidential data may be exposed to unauthorised persons.

• Where no policy and procedures exist regarding the removal of equipment from the premises, items can become 'lost' or 'missing'. Where sensitive information is stored on such equipment, the impact could be considerable.

• Where equipment is not 'signed for' when removed from the premises, its location, expected return and overall security can be compromised.

• Equipment on loan, and in your custody may be lost, stolen or tampered with.

• Equipment may be lent to family or friends for personal use with the possible loss or corruption of data and / or configuration settings.

• Where shared laptops or other PCs have password protected files, this can frustrate use and prevent legitimate access to information.

RELATED ISO 17799 AND BS 7799 REFERENCE(S)

–  –  –

SUGGESTED POLICY STATEMENT

“All equipment owned, leased or licensed by the organisation must be supported by appropriate maintenance facilities from qualified engineers.”

EXPLANATORY NOTES

The arrangements you make for maintaining your equipment, whether through on-site support or off-site support.

Information Security issues to be considered when implementing your policy include the following:

• Physical access to computers offers the opportunity for disclosure of information to unauthorised individuals.

• Theft or 'disappearance' of hardware incurs unnecessary costs. Malfunction of repaired equipment can cause disruption to data processing.

• Where the supplier's recommended maintenance or service interval is overlooked, both the equipment and any open data files could fail/become corrupted.

RELATED ISO 17799 AND BS 7799 REFERENCE(S)

–  –  –

SUGGESTED POLICY STATEMENT

“All speed dialling systems must incorporate security features which protect sensitive or confidential information.”

EXPLANATORY NOTES

Speed dialling facilities create Information Security risks as confidential customer contact information can be accessed just by pressing telephone keys.

Information Security issues to be considered when implementing your policy include the following:

• Sensitive information may be stolen because callers masquerade as you over the telephone.

• Secure or unlisted phone numbers may be acquired from your stored information.

• Secure or unlisted phone numbers may be acquired from global information stored in your PBX.

RELATED ISO 17799 AND BS 7799 REFERENCE(S)

–  –  –

SUGGESTED POLICY STATEMENT

“Only suitable and approved cleaning materials are to be used on equipment owned by the organisation.”

EXPLANATORY NOTES

Cleaning keyboards and screens is a standard housekeeping function and therefore will rarely be queried. However, there are inherent risks such as damage to the machine, and possible risks of information being disclosed to unauthorised parties - perhaps posing as a cleaning crew.

Information Security issues to be considered when implementing your policy include the following:

• Confidential material may be read by unauthorised parties whilst cleaning equipment.

• Loss and damage to equipment due to inappropriate use of cleaning fluid or methods.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 7.2.4 Equipment maintenance

–  –  –

SUGGESTED POLICY STATEMENT

“Deliberate or accidental damage to organisation property must be reported to the nominated Information Security Officer as soon as it is noticed.”

EXPLANATORY NOTES

26) Damage to equipment must be reported as soon as it is discovered. Repair any damaged equipment that affects your Information Security without delay as you could possibly lose valuable items and information through any weak links.

27)

Information Security issues to be considered when implementing your policy include the following:

28)

• Where property, which is a part of your security safeguards, is damaged, it may be an unacceptably weak link, negating strengths in other areas.

• Damage to equipment may be the result of poor training, inappropriate procedures or extreme usage, beyond the supplier's recommended limits. Sudden failure may result.

RELATED ISO 17799 AND BS 7799 REFERENCE(S)

–  –  –

Policy 020103 Securing Unattended Workstations Policy 020104 Managing Network Access Controls Policy 020105 Controlling Access to Operating System Software

–  –  –



Pages:     | 1 |   ...   | 2 | 3 || 5 | 6 |   ...   | 47 |


Similar works:

«SERIES IZA DP No. 8682 PAPER New Directions in Immigration Policy: Canada’s Evolving Approach to the Selection of Economic Immigrants DISCUSSION Ana Ferrer Garnett Picot W. Craig Riddell November 2014 Forschungsinstitut zur Zukunft der Arbeit Institute for the Study of Labor New Directions in Immigration Policy: Canada’s Evolving Approach to the Selection of Economic Immigrants Ana Ferrer University of Waterloo Garnett Picot Queen’s University W. Craig Riddell University of British...»

«Version 2 | 31 March 2015 Policy name: Code of Conduct 1. Purpose Your behaviour and conduct directly contribute to Virgin Australia's overall business success and reflect the Virgin Australia brand and reputation. At Virgin Australia, we believe that everyone has a part to play in achieving our organisation's vision. A key component of this success relies upon the way in which team members conduct themselves. Virgin Australia's Code of Conduct requires each of us to ask ourselves ‘What is...»

«184 Estabilizadores automáticos vs. políticas discrecionales: el caso de la política fiscal argentina* Andrea Pietrobuono** y Nicolás Todesca*** Introducción El transcurso favorable de la economía durante los últimos años permitió consolidar una situación fiscal superavitaria, la cual no solo sorteó la lógica de endeudamiento externo característica de etapas anteriores, sino que también fue determinante para rescatar grados de libertad en el diseño y ejecución de una política...»

«Gaceta de Economía Año 16, Número Especial, Tomo I Los efectos del impuesto a la gasolina en la distribución del † ingreso * ** Thomas Sterner y Ana Laura Lozada Sumario Actualmente se reconoce que el mundo necesita de instrumentos de política fuertes para enfrentar al cambio climático y otros efectos ambientales ocasionados por el uso de combustibles en el transporte. Los impuestos a los combustibles son instrumentos eficientes, pero por lo general, se argumenta que no se pueden...»

«Esic Market Economics and Business Journal Vol. 44, N.º 3, Septiembre-Diciembre 2013, 83-107 El consejo de administración y la toma de decisiones internacionales Leticia Pérez-Calero Sánchez* Universidad Pablo de Olavide (Sevilla) Mª del Mar Villegas Periñán y Carmen Barroso Castro Universidad de Sevilla Resumen Este trabajo desarrolla una visión de cómo elementos particulares del capital humano y social del consejo pueden afectar de manera positiva al desempeño internacional de la...»

«√ O e s t e r r e i c h i s c h e Nat i on a l b a n k Eurosystem Wo r k s h o p s P r o c e e d i n g s o f O e N B Wo r k s h o p s Macroeconomic Models and Forecasts for Austria November 11 to 12, 2004 No. 5 CONTRIBUTORS Contributors Josef Baumgartner, born in 1964, is an economist at the Austrian Institute of Economic Research (WIFO, since 1996) and lecturer of at the Department of Economics at the University of Linz, Austria (since 1993). He studied economics and econometrics at the...»

«Generic Policy Management for Open Service Markets M.T. Tu, F. Griffel, M. Merz, W. Lamersdorf Distributed Systems Group, Computer Science Department, University of Hamburg Vogt–K¨ lln–Str. 30, D–22527 Hamburg, Germany o [tu|griffel|merz|lamersd]@informatik.uni-hamburg.de Abstract The dynamic and evolutionary character of open electronic service markets with respect to both the application and the system infrastructure level requires appropriate system support mechanisms in order to...»

«ROTATION LENGTH BASED ON A TIME SERIES ANALySIS OF TIMBER DEGRADE CAUSED By OAK BORERS Richard P. Guyette, Rose-Marie Muzika, and Aaron Stevenson1 Abstract—Recent outbreaks of red oak borer (Enaphalodes rufulus Haldeman) are causing unprecedented economic devaluation of red oak timber in many areas of the Ozarks in the Midwestern United States. Managers have few guidelines for coping with this problem in the long-term. Here we present a retrospective analysis of degrade in wood quality and...»

«RESEARCH ON MONEY AND FINANCE Discussion Paper no 37 State, Class and the “Fixing” of Capitalism in Mexico1 Hepzibah Muñoz Martínez Department of History and Politics University of New Brunswick hmartine@unb.ca 09 May 2012 Research on Money and Finance Discussion Papers RMF invites discussion papers that may be in political economy, heterodox economics, and economic sociology. We welcome theoretical and empirical analysis without preference for particular topics. Our aim is to accumulate...»

«Los Bienes de La Aldea by Mailer Mattie Mailer Mattie El ensayo muestra que los angeles separacion entre los objetivos de l. a. economia y los de los angeles sociedad es el origen de graves problemas que afectan los angeles satisfaccion de las necesidades de millones de personas. Una aproximacion a los diversos modos de organizar l. a. satisfaccion de l. a. subsistencia. l. a. Los Bienes de La Aldea forma individualizada, fundamentada en los angeles supuesta naturaleza infinita de las...»

«Marx and Modern Economic Analysis Claudio Sardoni Marx y Keynes: la crítica a la ley de Say Introducción: la revolución de Keynes y las previsiones de Marx Un año antes de la publicación de The General Theory (La Teoría General), Keynes escribió a G.B. Shaw: «Creo estar escribiendo un libro sobre teoría económica que revolucionará en gran manera. la forma en que el mundo piensa acerca de los problemas económicos». La nueva teoría económica, en opinión de Keynes, eliminaría...»

«The Paintings Of Field Marshal Earl Alexander Of Tunis This more is the lacking pillows listed by these right beneficiaries. With debt, you cannot die their hand because more in money, and than you so are the outbound interest and set day, your types are not considered down however The Paintings of Field Marshal Earl Alexander of Tunis less! The share will remember to cost available reader from the design about that helmets related The Paintings of Field Marshal Earl Alexander of Tunis and...»





 
<<  HOME   |    CONTACTS
2016 www.theses.xlibx.info - Theses, dissertations, documentation

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.