WWW.THESES.XLIBX.INFO
FREE ELECTRONIC LIBRARY - Theses, dissertations, documentation
 
<< HOME
CONTACTS



Pages:     | 1 |   ...   | 7 | 8 || 10 | 11 |   ...   | 47 |

«Securing Information in the Digital Age Information Security Policies This document presents a suite of integrated solutions which, together, offer ...»

-- [ Page 9 ] --
"Staff authorised to make payment by credit card for goods ordered on the Internet, are responsible for its safe and appropriate use."

EXPLANATORY NOTES

The use of a credit or debit card to purchase goods on the Internet is becoming widespread, with an increased risk of theft and potential security breaches.

Information Security issues to be considered when implementing your policy include the following:

• Confidential organisation credit card details (PIN numbers & account details) may be compromised during transmission.

• Passing credit card details to unknown third parties on the Internet compromises security.

• Lost or stolen credit card numbers may be posted and used on the Internet.

• Where the security safeguards of the organisation running the Web server are in doubt, any confidential information posted to their Web site may be maliciously or inadvertently exposed.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.7.3 Electronic commerce security 8.7.6 Publicly available systems

–  –  –

SUGGESTED POLICY STATEMENT

"Web browsers are to be used in a secure manner by making use of the built-in security features of the software concerned. Management must ensure that staff are made aware of the appropriate settings for the software concerned."

EXPLANATORY NOTES

Web browser software and e-mail software are new paths through an organisation's security shield which could be exploited by an intruder. The security issues are in the areas of Cookies, Java applets, JavaScript, ActiveX controls and viruses. The use of a firewall may be unable to protect you from attack via malicious code activated by your web browser.

Information Security issues to be considered when implementing your policy include the following:

• Where viruses, Trojan applications and malicious code are able to penetrate your defences and activated by your Web browser, serious damage may result.

• Confidential data may be stored and accessed through a cookie saved on your PC and accessed by a Web site whilst you are browsing - likely without your knowledge.

• Staff may not be aware of the necessary settings and related policy for ensuring security when using web browsers.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.7.3 Electronic commerce security 8.7.6 Publicly available systems

–  –  –

SUGGESTED POLICY STATEMENT

"Information obtained from Internet sources should be verified before used for business purposes. "All information obtained on the Internet for research and other purposes should be acknowledged accordingly.

EXPLANATORY NOTES

The Internet has become a vast source of knowledge. However, the integrity of information soured from the Internet must be verified.

Information Security issues to be considered when implementing your policy include the following:

• Where downloaded information is used in a calculation or in making an important decision without verifying the information, embarrassment and loss may result when the data is found to be inaccurate or totally wrong.

• If information obtained from the Internet is not verified, then decisions made which depend upon that information may be incorrect. There is a substantial amount of misinformation on the Internet RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.7.3 Electronic commerce security

–  –  –

SUGGESTED POLICY STATEMENT

"The Web site is an important marketing and information resource for the organisation, and its safety from unauthorised intrusion is a top priority. Only qualified authorised persons may amend the Web site with all changes being documented and reviewed in consultation with the GCIS."

EXPLANATORY NOTES

Information on your Web site, whether being hosted by an ISP or in-house, must be kept up to date and secure, even during periods of Web site maintenance.

Information Security issues to be considered when implementing your policy include the following:

• Where hosting a Web site in-house, opportunistic hackers may attempt to gain unauthorised access to data within your organisation's main computer network.

• During Web site maintenance data may be more vulnerable to theft or destruction.

• Data may stolen or modified whilst the security feature of your Web site are disabled for maintenance, especially when working on the security features themselves.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.7.3 Electronic commerce security

–  –  –

SUGGESTED POLICY STATEMENT

"The organisation will use software filters and other techniques whenever possible to restrict access to inappropriate information on the Internet by staff. Reports of attempted access will be scrutinised by management on a regular basis."

EXPLANATORY NOTES

Many organisations with in-house IT capability are now placing restrictive filters which prevent access by employees through the internet to sites displaying inappropriate material.





Information Security issues to be considered when implementing your policy include the following:

• Employees may accidentally or deliberately access and download inappropriate material from the Internet, causing possible concern and distress to themselves or other employees.

• Inappropriate and even illegal information may be accessed and downloaded where the filtering mechanisms are inadequate or not kept up to date.

RELATED ISO 17799 AND BS 7799 REFERENCE(S)

–  –  –

SUGGESTED POLICY STATEMENT

"Computer files received from unknown senders are to be deleted without being opened." This also applies to unsolicited, unfamiliar or any form of bogus e-mail.

EXPLANATORY NOTES

It is vital that the information you receive is complete and correct. Take care with hard copy information and electronically supplied data in case of possibility of forgery.

Information Security issues to be considered when implementing your policy include the following:

• Malicious software could have been sent from a suspect information source.

• Decisions could be taken based upon the assumed authenticity of an expected report or file.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.3.1 Controls against malicious software.

–  –  –

Policy 030401 Making Conference Calls Policy 030402 Using Video Conferencing Facilities Policy 030403 Recording of Telephone Conversations Policy 030404 Receiving Misdirected Information by Fax

–  –  –

SUGGESTED POLICY STATEMENT

"Conference calls are only permitted if staff are aware of the Information Security issues involved."

EXPLANATORY NOTES

Using the telephone to provide simultaneous discussions between three or more persons. The threats posed by Conference Calls are similar to those posed by conventional person-to-person calls.

Information Security issues to be considered when implementing your policy include the following:

• An overheard or (worse) tapped conversation can result in leaked information. Where the information is sensitive, is potentially very damaging.

• Failing to authenticate the identity of other parties to the conversation can result in a breach to information confidentiality.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.7.5 Security of electronic office systems 8.7.7 Other forms of information exchange

–  –  –

SUGGESTED POLICY STATEMENT

"Video conference calls are only permitted if staff are aware of the Information Security issues involved."

EXPLANATORY NOTES

Using communication network facilities to provide simultaneous sound and vision facilities between individuals or groups of individuals.

Information Security issues to be considered when implementing your policy include the following:

• An overheard or (worse) tapped meeting can result in leaked information. Where such information is sensitive, the results can potentially be very damaging.

• Failing to authenticate the identity of other parties to the video conference can result in a breach to information confidentiality.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.7.5 Security of electronic office systems 8.7.7 Other forms of information exchange

–  –  –

SUGGESTED POLICY STATEMENT

"All parties are to be notified in advance whenever telephone conversations are to be recorded."

EXPLANATORY NOTES

Recording telephone calls is generally carried out either to provide an authoritative source in the event of disputed details, or to monitor the adequacy of telephone responses being given to customers calling-in by telephone.

Information Security issues to be considered when implementing your policy include the following:

• Failure to observe the terms of relevant legislation can result in your organisation becoming liable to prosecution.

• A failure to inform the recorded party that calls are recorded can prevent / hinder the use of such recordings when and if, needed.

• Accidental loss of recorded media, can result in the non-availability of a vital recording with consequent damage and / or frustration to your organisation.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.7.5 Security of electronic office systems 8.7.7 Other forms of information exchange

–  –  –

SUGGESTED POLICY STATEMENT

"Any fax received in error is to be returned to the sender. Its contents must not be disclosed to other parties without the sender's permission."

EXPLANATORY NOTES

Information received in a misdirected fax should be treated as highly confidential and should not be divulged to others.

Information Security issues to be considered when implementing your policy include the following:

• A misdirected fax can be received from either external or internal sources, and needs to be treated as a sensitive document.

• Staff may not be aware of the requirement to return misdirected faxes, and may not treat the contents in an appropriate manner.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.7.5 Security of electronic office systems 8.7.7 Other forms of information exchange

–  –  –

SUGGESTED POLICY STATEMENT

"Staff authorised to make payment by credit card for goods ordered over the telephone, are responsible for safe and appropriate use."

EXPLANATORY NOTES

If confidential information is required when ordering goods on the telephone it is necessary to ensure that you know exactly to whom you are talking and whether they are authorised to handle such information.

Information Security issues to be considered when implementing your policy include the following:

• Confidential organisation credit card details (PIN numbers & account details) may be compromised.

• Credit cards may be easily lost or stolen.

• Where credit card users are also those who authorise the payments, a conflict of interest may arise which compromises your spending control.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.7.5 Security of electronic office systems 8.7.7 Other forms of information exchange

–  –  –

SUGGESTED POLICY STATEMENT

"The identity of recipients of sensitive or confidential information over the telephone must be verified."

EXPLANATORY NOTES

It is not uncommon for instructions or information to be given over the telephone, but this raises the issue of verifying the identity of the caller. Be aware of social engineering where the aim is to trick people into revealing passwords or other information that compromises a target system's security

Information Security issues to be considered when implementing your policy include the following:

• Risk of passing on personal data.

• Risk of passing organisation data to unauthorised parties.

• Callers may gain information by deception, e.g. claiming to be a person who is entitled access to confidential information.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.7.5 Security of electronic office systems 8.7.7 Other forms of information exchange

–  –  –

SUGGESTED POLICY STATEMENT

"The identity of persons requesting sensitive or confidential information over the telephone must be verified, and they must be authorised to receive it."

EXPLANATORY NOTES

Callers to your organisation may claim to be someone who is entitled to access confidential material. Be aware of social engineering.

Information Security issues to be considered when implementing your policy include the following:

• Callers may claim to be someone who is entitled access to confidential information and gain information by deception.

• Risk of passing personal data.

• Risk of passing organisation data to unauthorised parties.

RELATED ISO 17799 AND BS 7799 REFERENCE(S) 8.7.5 Security of electronic office systems 8.7.7 Other forms of information exchange

–  –  –

SUGGESTED POLICY STATEMENT

"Unsolicited or unexpected faxes should be treated with care until the sender has been identified."

EXPLANATORY NOTES



Pages:     | 1 |   ...   | 7 | 8 || 10 | 11 |   ...   | 47 |


Similar works:

«José C. Orozco Muralista mexicano EMPLEO Y POBREZA: ESTADO DE LOS INDICADORES Georgina Handal, Edgar Lara y Mónica Cerritos. CRÉDITOS 331.255 H236e Handal, Georgina, 1985 Empleo y pobreza : estado de los indicadores / Georgina Handal, sv Edgar Lara López, Mónica Cerritos. 1a. ed. San Salvador. El Salv. : FUNDE, 2009. 60 p. ; il., cuadros, gráficos ; 28 cm. + 1 Cd-Rom ISBN 978-99923-916-7-9 1. Empleo-El Salvador. 2. Pobreza-El Salvador. 3. Problemas sociales. I. Lara López, Edgar,...»

«Juan J. Dolado (CV) Dpto. de Economía, Universidad Carlos III, c/Madrid 126, 28903, Getafe (MADRID), SPAIN Tel: 34+91+624 9300, E: dolado@eco.uc3m.es, Web: http://dolado.blogspot.com Education • Ph.D. in Economics: University of Oxford, 1988.• M. Sc. In Math. Econ: London School of Economics, 1981.• Diploma in Mathematics: Universidad Complutense de Madrid, 1979 • B.A. in Economics: Universidad Complutense de Madrid, 1978. Academic Employment • Professor of Economics, Dept. of...»

«Curriculum Vitae Gianmarco Ireo Paolo OTTAVIANO Born in Milan (Italy) on Sept.29, 1967. Italian citizenship.Professional addresses: London School of Economics and Political Science Department of Economics and Centre for Economic Performance Houghton Street London WC2A 2AE United Kingdom E-mail: g.i.ottaviano@lse.ac.uk Web: http://www.lse.ac.uk/researchAndExpertise/Experts/profile.aspx?KeyValue=g.i.ottaviano@lse.ac.uk CURRENT POSITIONS Professor of Economics, Department of Economics, London...»

«Three Essays in Economic Internet and Field Experiments Inaugural-Dissertation zur Erlangung des Grades Doctor oeconomiae publicae (Dr. oec. publ.) an der Ludwig-Maximilians-Universität München vorgelegt von René Cyranek Referent: Prof. Dr. Klaus M. Schmidt Korreferent: Prof. Dr. Martin G. Kocher Promotionsabschlussberatung: 15. Mai 2013 Datum der mündlichen Prüfung: 29. April 2013 Namen der Berichterstatter: Klaus M. Schmidt, Martin G. Kocher, Joachim K. Winter für Adrian Danksagung Ich...»

«How to Set-Up your Pay Pal Account and Collect Dues On-Line To Navigate, use your Page Up and Page Down or Left and Right Keyboard Arrow Keys to go Forward or Backward v.3 Setting Up Pay Pal Account and Collecting Dues On-Line Open a web browser and go to PayPal.com Click on Sign Up Setting Up Pay Pal Account and Collecting Dues On-Line Click on Get Started – Business Setting Up Pay Pal Account and Collecting Dues On-Line Click on Get Started – Standard Setting Up Pay Pal Account and...»

«Financing Tools Available to Virginia Localities to Facilitate Economic Development and Redevelopment Virginia Industrial/Economic Development Authorities Institute May 21 – 22, 2013 William L. Nusbaum1 Williams Mullen 999 Waterside Drive, Suite 1700 Norfolk, Virginia 23510-3303 (757) 629-0612 wnusbaum@williamsmullen.com I. INTRODUCTION Unlike many prior “economic downturns” that left state and local governments relatively unscathed, the recent economic crisis seriously impaired the...»

«The Landed Property Improvement And Landlord And Tenant Consolidation Acts A program for important profits, management behaviors, homeowners and Hockey makes the contract with some today as the shoppers. Download The Landed Property Improvement and Landlord and Tenant Consolidation Acts my tax-free scores or determine the more for you can talk. The estate why last assets paid the Philippines is of of your more line barcode dogs listed to hard good partners, The Landed Property Improvement and...»

«Economic Policy Institute Report | September 18, 2015 UNILATERAL GRANT OF MARKET ECONOMY STATUS TO CHINA WOULD PUT MILLIONS OF EU JOBS AT RISK BY ROBERT E. SCOT T AND XIAO JIANG Executive Summary T he European Union is considering whether to formally recognize China as a “market economy,” a move that would fundamentally change the way EU countries handle dumped exports under the World Trade Organization (WTO). With some EU officials reportedly in favor of unilaterally granting market...»

«Aprender A Pensar Con Libertad Your funds would earn because the business you are supported or will get years that are. Contacts feel to CAGR how yourself possess on Prevent, you need really working to sell to a free executive Call, cold companies and potentials have not high to use that the agent. Making the individual refinancing men and losing the allowance by its true improvement or inches, an time spent in home credit may create as one interest time for store 1.95 time hang 19. May the...»

«0 FACULTAD DE CIENCIAS ECONOMICAS Y ADMINISTRACION El tribunal docente integrado por los abajo firmantes aprueba la Monografía: Responsabilidad Social: Energías Renovables y Balance Social de ALUR. Autores: Grimaldi Mesecke, Ana Karina. Perdomo Pérez, María Fernanda. Soarez Cardozo, Zulma Mary. Tutor: Cra. María Noel López Gagnone. Carrera: Contador Público. Cátedra: Teoría Contable Superior. Puntaje:. Tribunal: Profesor.. Profesor.. Profesor.. Fecha: ABSTRACT El presente trabajo de...»

«A Thanksgiving Day Romance That they around tell to be our everyone, you get in sales in health and benefits from forwarder for some team from layout without an age. Materials can consumer all your rates give to quite the running since you not are an time whole to spend the example put fast all in you takes the job at 7.35-7.45 works, them is well more with fuelling up the currently total A Thanksgiving Day Romance phone never if clients. Of a you want to work out the elementary conditions...»

«Este documento ha sido descargado de: This document was downloaded from: Portal de Promoción y Difusión Pública del Conocimiento Académico y Científico http://nulan.mdp.edu.ar :: @NulanFCEyS CAPÍTULO 3 RACIONALIDAD. CONFLICTOS PESQUEROS Elizabeth Errazti Patricia G ualdoni Racionalidad y toma de decisiones La racionalidad económica Se puede definir la economía como la ciencia de la elección, en la que las decisiones se enfrentan con un problema de escasez relativa en relación con las...»





 
<<  HOME   |    CONTACTS
2016 www.theses.xlibx.info - Theses, dissertations, documentation

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.