Find hidden files with Show Hidden Files

[SOLUTIONS] [DOWNLOAD] [ORDERING] [SUPPORT] [PRESS] [PARTNERS] [TESTIMONIALS] [ABOUT US]

Password Protected Information Security Policies

The purpose of this document is to suggest a company a Password Protected Information Security Policy to prevent information leakage and in-appropriate using of computers. This set of policies can be an appendix to companies’ Information Security policies.

Elaborate security policy using concept and mind mapping techniquesThe contents:

  • Protecting Documents with Passwords
  • Sending Information to Third Parties
  • Dealing with Sensitive Information
  • Delivering Awareness Programmes to Permanent Staff
  • Detecting incidents
  • Responding to Information Security Incidents

* - The reference in “related reference(s)” section are to ISO 17799 AND BS 7799

Author note

The “Password Protected Information Security Policies “document was written for www.FindProtected.com by Jerry Watts, an independent IT security consultant. You can contact Jerry Watts by e-mail jerry.watts@aks-labs.com

Copyright note

The “Password Protected Information Security Policies “document was written for www.FindProtected.com by Jerry Watts, an independent IT security consultant. You may use any part of this document for your purpose leaving the reference to www.findprotected.com.

Protecting Documents with Passwords

Show Hidden Files newsletter is about password protection, password recovery and searching password protectedPOLICY STATEMENT

“Sensitive or confidential electronic data and information should be secured, whenever possible, with access control applied to the directory on the computer concerned. The sole use of passwords to secure individual documents is less effective, and hence discouraged, as passwords may be either forgotten or become revealed to unauthorized persons.“

EXPLICATIVE NOTES

The simplest way to limit access by unauthorized people to your documentation is to apply a password. You may however forget your password and then encounter problems accessing your data.

Information Security issues to be considered when implementing your policy include the following:

  • Opening a document or spreadsheet may be impossible where the password has been forgotten or the owner is no longer available.

  • Owner can only protect with password sensitive / confidential electronic data, but not his personal files.

RELATED REFERENCE

9.1.1 Access control policy

Sending Information to Third Parties

POLICY STATEMENT

“Prior to sending information to third parties, not only must the intended recipient be authorized to receive such information, but the procedures and Information Security measures adopted by the third party, must be seen to continue to assure the confidentiality and integrity of the information.”

EXPLICATIVE NOTES

When sending information to external third parties the principal consideration should be the integrity and confidentiality of the data.

Information Security issues to be considered when implementing your policy include the following:

  • Third parties receiving the data may not treat it in a confidential manner, resulting in the data being accessed by unauthorized persons.

  • There should be some information security procedures at the offices of the recipient that involve securing data, for example, password protection.

  • Information security procedures at the offices of the recipient may be inadequate.

RELATED REFERENCE

8.7.1        Information and software exchange agreements

Dealing with Sensitive Information

POLICY STATEMENT

“Sensitive information is to be classified as Highly Confidential and must be afforded security measures which, in combination, safeguard such information from authorized access and disclosure.”

EXPLICATIVE NOTES

Information is usually sensitive, especially in competitive markets. Information Security issues to be considered when implementing your policy include the following:

  • Sensitive information could be lost or stolen.

  • Sensitive information may be given to unauthorized parties unintentionally.

  • Technology security measures should include access limitation by strong password protection.

RELATED REFERENCE

5.2.1       Classification guidelines

Delivering Awareness Programmes to Permanent Staff

POLICY STATEMENT

“Permanent staff are to be provided with Information Security awareness tools to enhance awareness and educate them regarding the range of threats and the appropriate safeguards.”

EXPLICATIVE NOTES

It only takes a single lapse to put your organization's data and information resources at risk. Therefore, ideally, staff would develop their awareness of Information Security risks so that it almost becomes second nature. Information Security issues to be considered when implementing your policy include the following:

  • Sensitive data may be acquired unlawfully, damaged, or modified because staff have become complacent.

  • Sensitive data may be compromised by staff assuming new duties without specific Information Security training.

RELATED REFERENCE

6.2.1       Information security education and training

Detecting incidents

POLICY STATEMENT

“Information Security incidents must be properly investigated by suitably trained and qualified personnel.”

EXPLICATIVE NOTES

Your investigation into an Information Security incident must identify its cause and appraise its impact on your systems or data. This will assist you in planning how to prevent a reoccurrence.

Information Security issues to be considered when implementing your policy include the following:

  • A recurrence of data loss / corruption during a particular phase of processing may be indicative of the inappropriate closure of a prior Information Security incident.

  • If the organization entrusts its information security to untrained and inexperienced personnel it may incur the risks involved in adequate responses to reported incidents. Suitable training should always be provided.

RELATED REFERENCE

6.3    Responding to security incidents and malfunctions

Responding to Information Security Incidents

POLICY STATEMENT

“The Information Security Officer must respond rapidly but calmly to all Information Security incidents, liaising and coordinating with colleagues to both gather information and offer advice.”

EXPLICATIVE NOTES

All Information Security incidents have to be evaluated according to their particular circumstances, and this may, or may not, require various departments to be involved: Technical, Human Resources, Legal and the owners of information (local department heads). If it appears that disciplinary action against a member of staff is required, this must be handled with tact.

Information Security issues to be considered when implementing your policy include the following:

·        An inappropriate response to an Information Security incident may result in your organisation being subjected to further incidents, culminating in the loss of business critical services.

·        Responses to Information Security incidents should be carried out in accordance with a predefined plan and procedure. If this process is not carefully followed there is the danger that the response will be haphazard and uncoordinated.

RELATED REFERENCE

8.1.3        Incident management procedures

 

 

Be the first to hear about new Show Hidden Files solutions

Sign up for the free Show Hidden Files email newsletter. Enter your email address below, and then click the Subscribe button. Your email address will be kept confidential, and we will use it only to send you our newsletter. 

Email

YOUR FEEDBACK

Please, let us know what you think about this article:

This article was useful for me

If article was not useful then, please let us know if:

Information is wrong

Needs more information

Not what I expected

Your comments:

Your name (optional)        E-mail (optional)
  

Made in Devoler