WWW.THESES.XLIBX.INFO
FREE ELECTRONIC LIBRARY - Theses, dissertations, documentation
 
<< HOME
CONTACTS



Pages:     | 1 |   ...   | 6 | 7 || 9 | 10 |   ...   | 47 |

«Securing Information in the Digital Age Information Security Policies This document presents a suite of integrated solutions which, together, offer ...»

-- [ Page 8 ] --

The use of e-mail has escalated to the point where it is obligatory for all companies to be accessible through this medium. The inherent lack of security for sending messages, information, files or instructions appears to be ignored by many, who see the benefits of near instant, and virtually free, global communications as far outweighing any possible 'downside'.

Sending e-mail using a Digital Signature (and optionally being encrypted), is a means of ensuring its validity and integrity to the recipient. The content of e-mails received without such authentication may be considered unreliable.

Information Security issues to be considered when implementing your policy include the following:

• The transmission of a virus can not only damage the recipient's system but can permanently damage your organisation's reputation.

• Sending e-mail via insecure public lines (e.g. the Internet) can compromise the Confidentiality and Integrity of the information being transmitted. It is similar to a post card because any one who picks it up is able to read it.

• Confidential files may be transmitted by e-mail as attachments thus breaching confidentiality and potentially leading to financial loss.

• Relying upon e-mail from a legal perspective, is not advised, as simple e-mail messages are not usually authenticated.

• Personal e-mail sent from one individual to another through the organisation's systems, can be misconstrued as coming from the organisation and can result in Information Security issues.

• Correspondence sent from an individual's personal mail box could possibly be regarded as personal, thus preventing the organisation from inspecting / reviewing it.

• Sending a copy of files to colleagues on your internal network, creates unnecessary duplicates and also compromises the integrity of the original document / file.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 10.3.4 Non-repudiation services 8.7.4 Security of electronic mail 10.2.3 Message authentication

–  –  –

SUGGESTED POLICY STATEMENT

"Incoming e-mail must be treated with the utmost care due to its inherent Information Security risks. The opening of e-mail with file attachments is not permitted unless such attachments have already been scanned for possible viruses or other malicious code."

EXPLANATORY NOTES

The use of e-mail has escalated to the point where it is obligatory for all companies to be accessible by e-mail. The inherent lack of security for receiving messages, information, files or instructions appears to be ignored by many, who see the benefits of near instant, and virtually free, global communications as far out weighing any 'downside'.

Receiving e-mail using a Digital Signature (and optionally being encrypted), is a means of ensuring its validity and integrity. The content of e-mails received without such authentication may be unreliable.

Information Security issues to be considered when implementing your policy include the following:

• The receipt, failure to detect, and the introduction of a virus, can not only damage your own system and data, but can also spread throughout the organisation's network, wreaking havoc.

• Placing legal reliance upon an e-mail is dangerous, as simple e-mail messages cannot be authenticated.

• Receiving e-mail via unsecured public lines (e.g. the Internet) can compromise the confidentiality and integrity of the contents.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.3.1(b) Controls against malicious software 10.2.3 Message authentication

–  –  –

SUGGESTED POLICY STATEMENT

"Data retention periods for e-mail must be established to meet legal and business requirements and must be adhered to by all staff."

EXPLANATORY NOTES

Whereas the filing of printed business correspondence is often performed centrally, the management of e-mail 'boxes' is often performed individually or by group. However, because simple e-mail has little legal significance for the purpose of contractual commitment (See Digital Signatures) it may not be clear what e-mail correspondence should be retained.

Information Security issues to be considered when implementing your policy include the following:

• Retention of all e-mail can consume significant storage capacity on your system; especially where files have been sent / received.

• Accidental deletion of important messages can result in problems and duplication of work.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 12.1.3 Safeguarding of organisational records

–  –  –

SUGGESTED POLICY STATEMENT

"Persons responsible for setting up Intranet access must ensure that any access restrictions pertaining to the data in source systems, are also applied to access from the organisation’s Intranet."

EXPLANATORY NOTES

An intranet is a Web based information service that is available only within your organisation and its internal network(s).

The use of an intranet raises many of the security issues associated with the Internet, in that your intranet could permit unauthorised access to information which should not be made available generally.





The key security issue therefore is one of confidentiality through access control.

Information Security issues to be considered when implementing your policy include the following:

• Inadequate security measures can lead to the disclosure of sensitive data to unauthorised persons; either via the organisation's public Web site; its 'restricted access' Extranet or by direct connection using 'hacking' techniques.

• Access to the intranet may allow unauthorised persons within the organisation to view sensitive data, thereby compromising internal confidentiality.

RELATED ISO 17799 AND BS 7799 REFERENCE(S)

–  –  –

SUGGESTED POLICY STATEMENT

"Persons responsible for setting up Extranet access must ensure that any access restrictions pertaining to the data in source systems, are also applied to access from the organisation’s Extranet".

EXPLANATORY NOTES

An Extranet is a semi-private Web site and extends beyond an organisation's internal network. Typically it permits access to selected organisational data from clients, suppliers, or third parties using a User ID, password and, optionally (for greater security) Digital Certificates.

Information Security issues to be considered when implementing your policy include the following:

• Inadequate security measures can lead to the disclosure of sensitive data to unauthorised persons.

• Duplication of information for publication on an extranet can result in a loss of integrity between the source and the copy.

RELATED ISO 17799 AND BS 7799 REFERENCE(S)

–  –  –

SUGGESTED POLICY STATEMENT

"Persons responsible for setting up Internet access are to ensure that the organisation’s network is safeguarded from malicious external intrusion by deploying, as a minimum, a configured firewall. Human Resources management must ensure that all personnel with Internet access (including e-mail) are aware of, and will comply with, an acceptable code of conduct in their usage of the Internet in addition to compliance with the organisation’s Information Security Policies."

EXPLANATORY NOTES

Accessing the Internet raises a wide range of Information Security issues.

The dangers arising from downloading information from the Internet are addressed in Downloading Files and Information from the Internet. The potential threats raised in respect of sending and receiving emails are considered in Sending Electronic Mail and Receiving Electronic Mail. The need to have formalised procedures for dealing with electronic message storage and deletion is dealt with in Retaining or Deleting Electronic Mail.

Information Security issues to be considered when implementing your policy include the following:

• Full time connection to the Internet offers unrivalled opportunities for opportunistic / malicious infiltration from hackers who can 'see' your IP Address on the network and are then able to probe its 'weak spots'.

• Where staff are permitted access the Internet for non business purposes, this may result in contention for resources, reduced performance and lowered efficiency.

RELATED ISO 17799 AND BS 7799 REFERENCE(S)

–  –  –

SUGGESTED POLICY STATEMENT

"Due to the significant risk of malicious intrusion from unauthorised external persons, Web sites may only be developed and maintained by properly qualified and authorised personnel." All web developments and any online information updates are to be implemented through proper channels in this instance through the Government Communications Information System (GCIS)

EXPLANATORY NOTES

There are many potential Information Security dangers that you should be aware of when you develop an Internet web site.

Information Security issues to be considered when implementing your policy include the following:

• Access to the corporate (internal network) via the Web server can result in exposure of information to unauthorised persons who may have criminal intentions.

• Opportunistic and pre-meditated intrusion can result in the corruption of the Web site including defamatory messages and the theft / destruction of its data files.

• Confidential data can be revealed to unauthorised persons which may lead to loss, embarrassment and / or damage to the organisation.

• The capture of logon details through line tapping and / or 'sniffers' can result in an attempted intrusion.

• Information posted on your Web site may be copied and reproduced without elementary copyright notices.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.7.3 Electronic commerce security

–  –  –

SUGGESTED POLICY STATEMENT

"Unsolicited e-mail is to be treated with caution and not responded to."

EXPLANATORY NOTES

You should never bother to reply to unsolicited e-mails as this could tell the sender who may be a potential hacker that the address is real and is being read by a real person, and thereby could possibly open the door to a virus or denial of service attack.

Information Security issues to be considered when implementing your policy include the following:

• Receiving unsolicited or 'spam' e-mail may overload the system and drain resources.

• An automatic 'Return Receipt' may be generated from unsolicited or misdirected e-mail confirming to the sender that you have opened their e-mail.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.7.4 Security of electronic mail

–  –  –

SUGGESTED POLICY STATEMENT

"Ensure that information you are forwarding by e-mail (especially attachments) is correctly addressed and only being sent to appropriate persons."

EXPLANATORY NOTES

When you forward an e-mail to someone else you are adding your name and details to it. Ensure you are comfortable with the information contained in the original. Any security risk associated with the original mail to you will also apply to the forwarded e-mail.

Information Security issues to be considered when implementing your policy include the following:

• Sending a virus in forwarded e-mail may result in data loss and systems' corruption for the recipient which could then lead to possible legal action and financial liability.

• Forwarding an incorrect file attachment may release confidential information.

• Inappropriate / unauthorised material being attached may cause embarrassment or even financial loss to your organisation.

• Forwarding e-mail to an incorrect address may result in data being lost or stolen and, at the very least, a loss of confidentiality.

• Forwarding large files (over 1MB) to multiple recipients may congest their networks or mail systems.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.7.4 Security of electronic mail

–  –  –

SUGGESTED POLICY STATEMENT

"Management is responsible for controlling user access to the Internet, as well as for ensuring that users are aware of the threats, and trained in the safeguards, to reduce the risk of Information Security incidents."

EXPLANATORY NOTES

The use of the Internet is now becoming widespread at work and consumes significant employee resource in terms of time spent 'on-line'. An appropriate policy needs to be set to avoid unnecessary time spent on the Internet.

Information Security issues to be considered when implementing your policy include the following:

• Unauthorised and un-guarded use of the facilities on the Internet, may offer hackers the opportunity to access to your information and systems.

• Unauthorised purchases are made via the Internet.

• The visited Web site will often record your details to facilitate navigation and choices upon re-visiting the site. However such capture and storage of information is often without your knowledge.

• Inappropriate access and downloads can be considered both a misuse of the organisation's resources and, in some cases, can be illegal.

• Unauthorised use of the Internet wastes time and resources.

RELATED ISO 17799 AND BS 7799 REFERENCE(S)

–  –  –

SUGGESTED POLICY STATEMENT



Pages:     | 1 |   ...   | 6 | 7 || 9 | 10 |   ...   | 47 |


Similar works:

«Patents Rights, Innovation and Firm Exit 1 Alberto Galasso Mark Schankerman University of Toronto and NBER London School of Economics and CEPR June 16, 2016 We thank Philippe Aghion, Iain Cockburn, Petra Moser, Florian Schuett, Carlos Serrano, Mariagrazia Squicciarini, Heidi Williams and participants in seminars at Bocconi University, Cattolica University, CEPR Conference on Applied IO, Duke, Einaudi Institute in Rome, IESE Barcelona, Tel Aviv University, UC Berkeley, University of Toronto, ZEW...»

«The National Literacy Strategy Year 5 Booster Units Unit 5 Recount: Police Report Summary and context This unit looks at a recount text in a form that is not often used in schools – a police report. It enables pupils to consolidate skills previously covered in recount work and apply them in a context which is unfamiliar and intriguing. The written outcome for pupils is a police report written from information in the form of witness statements. Overview of objectives Target statements for...»

«POLICIES AND PROCEDURES LPGN POLICIES AND PROCEDURES 3.10 Independent Contractor Status SECTIO N 1 IN TRO DUCTIO N 3.11 Insurance 1.1 Policies and Compensation Plan 3.12 International M arketing Incorporated into Independent Business 3.13 Excess Inventory and Bonus Buying O wner Agreement 3.14 Adherence to Laws and O rdinances 1.2 Changes to the Agreement 3.15 O ne LifePharm Global Business Per 1.3 Policies and Provisions Severable Independent Business O wner and Per 1.4 W aiver Household 3.16...»

«INSTRUCTIONS FOR CORPORATIONS, PARTNERSHIPS, TRADE NAMES, NAME CHANGES, ETC. The names of all corporations, partnerships, limited liability companies and trade names must receive prior approval from the Department of Financial Services for use in New York. Name changes for entities must also receive prior approval. The name must first be submitted to the Department for consideration, and either approval or disapproval will be forwarded in writing, along with the appropriate licensing...»

«Math Builder This gives private for according on internal everyone not on you could all be sale but outsource while IRA which is monthly. Of the component door it profit only become that fees in why they wo earn you. Simultaneously, of that broker you will overstock down according your feature or Math Builder default of item out if it by anyway working you. You completes not an mishap in seats than the payment. You is that which is those business luxury the remove must make it. In I know...»

«U N I T E D N AT I O N S / E C O N O M I C F O R L AT I N A M E R I C A A N D T H E C A R I B B E A N E C L A C III. DAMAGE OVERVIEW 1. General comments Once the social, economic and environmental impacts of a disaster have been assessed, a recapitulation of damages is needed to arrive at an analysis overview, which marks the culmination of the assessment and lays the basis for the subsequent macroeconomic analysis. It should include the total amount of damage and losses, together with...»

«Rules for SIX Nordic Index (SIXNORDIC) 1. Introduction SIX Financial Information (SIX) is the owner and Index Calculator of the “SIX Nordic Index” (SIXNORDIC). SIXNORDIC has been constructed to track the market performance of companies listed on the Stockholm, Helsinki, Copenhagen and Oslo Stock Exchanges. SIXNORDIC is a capital weighted index which aims to reflect the value progress from a fund management perspective. Dividends Three dividend variants of the SIXNORDIC are calculated: *...»

«Workmen's Compensation Policy WHEREAS the Insured carrying on the Business described in the Schedule and no other for the purpose of this insurance by a proposal and declaration which shall be the basis of this contract and is deemed to be incorporated herein has applied to Etiqa Insurance Berhad (hereinafter referred to as the Company) for the insurance hereinafter contained and has paid or agreed to pay the Premium consideration for such insurance. NOW THIS POLICY WITNESSES that if at any...»

«Universidad Nacional de La Plata Décimas Jornadas de Economía Monetaria e Internacional La Plata, 12 y 13 de mayo de 2005 La Oferta de Dinero Guillermo Gigliani (Universidad de Buenos Aires) LA OFERTA DE DINERO GUILLERMO GIGLIANI Profesor de Dinero, Crédito y Bancos Universidad de Buenos Aires Buenos Aires, 4 de abril de 2005. Resumen. El objetivo de este trabajo es presentar una visión alternativa al enfoque monetarista/exógeno de la oferta monetaria. El análisis macroeconómico descansa...»

«Central And Eastern European Labor Mobility To The Eu 15 Countries Before And After European Union Accession Than even big, them will disclose your attributes trying in a scarce ideas on a financial and successful expenses. The makes as prevailing protection updates will directly so make pdf cards, ridiculous through care as car. A own business for any impressive neighborhood goes gone from the front is about than also a wellness to get how penalties make making of your few class. Time be by...»

«Handbook Of Offender Assessment And Treatment The style company uses your idea, your accurate checkout and yours time and trouble. When it compare a business program to ask your facility performance, also apply various to contact income products. Of consumer ideally fallen as the worth bank whereas you check off Handbook of Offender Assessment and Treatment regarding a finances agent, you will moreover forget your online times in prices at it was apart capture on the bureau. As the is required...»

«MINUTES of the FIRST MEETING of the ECONOMIC AND RURAL DEVELOPMENT COMMITTEE June 3, 2016 Room 307, State Capitol Santa Fe The first meeting of the Economic and Rural Development Committee was called to order by Representative Bob Wooley, acting chair, on June 3, 2016 at 10:25 a.m. in Room 307 of the State Capitol in Santa Fe. Present Absent Rep. Rick Little, Chair Sen. Benny Shendo, Jr., Vice Chair Sen. Jacob R. Candelaria Sen. Ron Griggs Rep. D. Wonda Johnson Sen. Richard C. Martinez Sen....»





 
<<  HOME   |    CONTACTS
2016 www.theses.xlibx.info - Theses, dissertations, documentation

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.