1. Loss of life and injury
2. Loss of shareholder confidence
3. Interruption of business processes
4. Financial loss
5. Loss of client confidence
6. Criminal charges
7. Brand and reputation damage
8. Litigation

General statement of information security policy Information and its supporting processes, systems, and networks should be available to employees (and authorized third parties) to enable them to optimize their performance. Information must be subject to an appropriate level of control to protect it from loss, unauthorized manipulation or disclosure. Objectives of information security standard policy:

1. Availability: To ensure that authorized users have access to information and its supporting processes, systems and networks when required.
2. Integrity: To safeguard the accuracy and completeness of information and associated processing methods.
3. Confidentiality: To ensure that information is accessible to only those authorized to have access.
Purpose of information security policy Information security olicy provides a framework for management to implement and maintain a level of information security that is commensurate with information security risks. Its purpose is to ensure that:
1. Trust between Business Units and trading partners with whom share public and private networks are maintained.
2. Information is secure and is protected in a manner that is commensurate with its level of sensitivity and security risk.
3. Regulatory obligations are complied with, for example privacy legislation.

The following areas are those that need security guideline in regards to information security standard:

1. Careless talk

Careless Talk means: • Talking about business, the office, and people from work, etc where you can be overheard.
• Discussing business with people who are not authorized to know.

Careless talk also means providing sensitive information inadvertently to someone who wants it for a specific purpose such as breaking into the corporate premises or computer systems. This is called Social Engineering.
Before you talk to someone about your work and the corporate business you should ask yourself the following question:
Does this person have a defined ‘Need to Know’? If they don’t have a Need to Know, then you should not talk to them about information they should not hear.

2. Email security guideline

Email is regarded as a critical component of the corporate communications system and is provided as a business tool. The security, confidentiality and integrity of Email cannot be guaranteed and certainly cannot be considered private. Due to this, you should act professionally and appropriately at all times.
If you need to send information that is sensitive or confidential and you cannot guarantee the email security, consider another method of sending this information, unless you have approved encryption.

Page 2 of 4 :: First | Last :: Prev | 1 2 3 4 | Next