1 / 4

ccpa compliance resources

EsoWatch.Org was created to assist every CISO (Chief Information Security Officer) of every Business https://esowatch.org/ .<br>

Download Presentation

ccpa compliance resources

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Management of Information Security Like other valuable business assets, information must be regarded as an asset too which is valuable to the organization and need a suitable protection against any types of threats. The threats are not just from the internet, but you know that nearly over 50% all security breaches occur from the insiders. Information security is achieved by implementing a suitable set of controls in the form of policies, procedures, organizational structures, systems and functions to ensure that the security objectives of the organization are met. Information Security deals with a number of important concepts by ensuring the security of all information and the systems, processes and procedures relating to the management and use of the information. Information security does not ensure security. However, the information security does provide a framework and reference point for management to implement appropriate information security controls, and is a means of raising awareness of users' responsibilities relating to information security. Objectives of information security are known as CIA: 1. Confidentiality: To ensure that information is accessible to only those authorized users to have access.

  2. 2. Availability: To ensure that authorized users have access to information and its supporting processes, systems and networks when required. 3. Integrity: To safeguard the accuracy and completeness of information and associated processing methods. The management of the information security will include the following areas that need the guidelines or policies. 1. Careless talk Careless Talk is talking about business, the office, and people from work, etc where you can be overheard, or discussing business with people who are not authorized to know. Careless talk also means providing sensitive information inadvertently to someone who wants it for a specific purpose such as breaking into the corporate premises or computer systems. This is called Social Engineering. 2. Email security guideline Email is a critical business tool for an organization communication system. The security, confidentiality and integrity of Email cannot be guaranteed and certainly cannot be considered private. Due to this, you should act professionally and appropriately at all times. If you need to send information that is sensitive or confidential and you cannot guarantee the email security, consider another method of sending this information, unless you have approved encryption. 3. Instant messaging guideline Internet users are familiar with IM - Instant Messaging which is a common communication tool that provides for two-way communication in real-time. The security and the integrity of IM cannot be guaranteed. So, it is not wise to discuss sensitive business or private and personal details using Instant Messaging.

  3. 4. Internet policy guideline Internet access should not be granted to all level of users in the organization. The users are expected to act professionally and appropriately while using the Internet. What the users do on the internet can be monitored internally / externally and these actions can be traced back to the computer used. The policy and or guidelines for this area should be developed to support the business. 5. Laptop security guideline All the organizations have the laptops to support their mobile workforce. As valuable organizational assets, the laptops contain many work files and sensitive business information which must be protected all the times. 6. Office security guideline The corporate business premises and office areas have a variety of physical security controls in place, however staff should be vigilant at all times. The security guidelines should be developed to manage the strangers in workplace, the assets, clear desk, always screen-lock, secure faxing and photocopying, and assure the virus scanning. 7. Password security guideline A good password is something that cannot be easily guessed such as a mixture of upper/lower case, 8 character minimum, and so on. Knowing common passwords that are easy to guess is a good thing in password security guidelines. An easy to guess password is a word that you have chosen that is related to something that is commonly known about someone or could be easily ascertained. 8. Secure media handling

  4. All the media that need to be thrown away must be destroyed securely. Media contains organization information that should not be accessed by unauthorized people. A guideline to handle the media securely should be developed. 9. Spam security Email spam is always annoying to everyone who receives it which often contains pornography, and other offensive advertisements unsolicited. A regulation or a guideline, or a policy should also be developed as an anti-spam tool. 10. Virus security If you think you're totally safe from virus infection because of the antivirus scanning programs installed on the corporate IT systems - think again. Hundreds or maybe thousands of new viruses and worms are introduced into the 'wild' every week. ccpa compliance resources

More Related