Information Security Policies

CHAPTER 03

PROCESSING INFORMATION AND DOCUMENTS

 

 

Section 0301

Networks

 

 

Configuring Networks

Managing the Network

Accessing your Network Remotely

Defending your Network Information from Malicious Attack

Network Segregation

Controlling Shared Networks

Routing Controls

Network Security

Time-out Facility

Exploitation of Covert Channels

Authentication of Network Connecting Equipment

 

 

Section 0302

System Operations and Administration

 

 

Appointing System Administrators

Administrating Systems

Controlling Data Distribution

Permitting Third Party Access

Managing Electronic Keys

Managing System Operations and System Administration

Managing System Documentation

Monitoring Error Logs

Scheduling Systems Operations

Scheduling Changes to Routine Systems Operations

Monitoring Operational Audit Logs

Synchronizing System Clocks

Responding to System Faults

Managing or Using Transaction / Processing Reports

Commissioning Facilities Management - FM

Third Party Service Delivery

Log-on Procedures

System Utilities

System Use Procedures

Internal Processing Controls

Corruption of Data

Corrupt Data Controls

Controlling On-Line Transactions

 

 

Section 0303

E-mail and the Worldwide Web

 

 

Downloading Files and Information from the Internet

Using and Receiving Digital Signatures

Sending Electronic Mail (E-mail)

Receiving Electronic Mail (E-mail)

Retaining or Deleting Electronic Mail

Setting up Intranet Access

Setting up Extranet Access

Setting up Internet Access

Developing a Web Site

Receiving Misdirected Information by E-mail

Forwarding E-mail

Using Internet for Work Purposes

Giving Information when Ordering Goods on Internet

‘Out of the Box’ Web Browser Issues

Using Internet ‘Search Engines’

Maintaining your Web Site

Filtering Inappropriate Material from the Internet

Certainty of File Origin

Electronic Business Communications

Policy on Electronic Business Communications

Cryptographic Keys

Key Management Procedures

Controlling Mobile Code

 

 

Section 0304

Telephones & Fax

 

 

Making Conference Calls

Using Video Conferencing Facilities

Recording of Telephone Conversations

Receiving Misdirected Information by Fax

Giving Information when Ordering Goods on Telephone

Persons Giving Instructions over the Telephone

Persons Requesting Information over the Telephone

Receiving Unsolicited Faxes

 

 

Section 0305

Data Management

 

 

Transferring and Exchanging Data

Managing Data Storage

Managing Databases

Permitting Emergency Data Amendment

Receiving Information on Disks

Setting up a New Folder / Directory

Amending Directory Structures

Archiving Documents

Information Retention Policy

Setting up New Spreadsheets

Setting up New Databases

Linking Information between Documents and Files

Updating Draft Reports

Deleting Draft Reports

Using Version Control Systems

Sharing Data on Project Management Systems

Updating Customer Information

Using Meaningful File Names

Using Headers and Footers

Using and Deleting ‘Temp’ Files

Using Customer and Other Third Party Data Files

Saving Data / Information by Individual Users

 

 

Section 0306

Backup, Recovery and Archiving

 

 

Restarting or Recovering your System

Backing up Data on Portable Computers

Managing Backup and Recovery Procedures

Archiving Information

Archiving Electronic Files

Recovery and Restoring of Data Files

 

 

Section 0307

Document Handling

 

 

Managing Hard Copy Printouts

Photocopying Confidential Information

Filing of Documents and Information

The Countersigning of Documents

Checking Document Correctness

Approving Documents

Verifying Signatures

Receiving Unsolicited Mail

Style and Presentation of Reports

Transporting Sensitive Documents

Shredding of Unwanted Hardcopy

Using Good Document Management Practice

 

 

Section 0308

Securing Data

 

 

Using Encryption Techniques

Sharing Information

Sending Information to Third Parties

Maintaining Customer Information Confidentiality

Handling of Customer Credit Card Details

Fire Risks to Your Information

Sending Out Reports

Dealing with Sensitive Financial Information

Deleting Data Created / Owned by Others

Protecting Documents with Passwords

Printing of Classified Documents

 

 

Section 0309

Other Information Handling and Processing

 

 

Using Dual Input Controls

Loading Personal Screen Savers

Using External Disposal Firms

Using Photocopier for Personal Use

Speaking to the Media

Speaking to Customers

Need for Dual Control / Segregation of Duties

Using Clear Desk Policy

Misaddressing Communications to Third Parties

Verifying Correctness of Information

Traveling on Business

Checking Customer Credit Limits

 

 

 

 


 

 

 

 

Further Information
Information security and ISO 17799 papers can be submitted via our contact page.