The compromise of these documents can be very damaging for the employer. It does not matter that the employee has signed a confidentiality agreement because the damage is done.
Sensible employers who wish to prevent data downloads can stop any transfer of data from a USB port or other device by incorporating this into the Computer Group Policy, installed from the network during boot up, this disabling the USB port for this purpose; the port can still be used for a keyboard or mouse.
A less effective method would be to have a 'No USB memory stick' condition in the Employee's terms and conditions, but this does need to be policed.
I am constantly surprised that companies that are normally careful with computer data have no firm policy on removable or portable memory devices.
I have spoken here about USB sticks but this applies equally to SD cards, i-pods, etc. The relatively large capacity of these devices, often gigabytes in size, does mean that a considerable amount of data can be downloaded.
Security of data must be extended to portable memory devices.
Labels: ISO27001, removable media, sd cards, usb memory stick
Posted: Thursday, 24 May 2007
There are many management systems that companies are employing such as Quality Management, Environmental Management, Information Security Management, Food Safety Management, IT Service Management, Health and Safety etc. Usually each requires a set of manuals and forms to satisfy the requirements of each standard.
The modern approach is to use an integrated approach and employ one manual, one set of procedures and when it all works, one formal assessment by an Accredited Certification body. This approach reduces paperwork, reduces the number and complexity of internal audits and the inevitable disruption that these audits generate.
Companies that have adopted the integrated approach have seen a significant benefit to their organisations.
The usual integrations are:
- quality ISO9001 + environmental ISO14001
- quality ISO9001 + Health and Safety 18001 + environmental ISO14001
- quality ISO9001 + Information Security IS027001
- quality ISO9001 + IT Service Management (ISO20000)
- quality ISO9001 + Food Safety Management ISO22000
It is clear that quality management is the base standard and others are integrated with it.
Posted: Tuesday, 15 May 2007
Most companies will have some security on the front door; it could be a fully manned reception desk or a keypad entry system or even a locked door. Anyone intent on gaining unauthorised access will usually target another entry point. This could be an insecure window or even better a rear door or fire door that has been left ajar for those that smoke.
I have seen some quite secure buildings which are neglecting the "back door".
In the warmer months of the year companies that do not have air conditioning often prop open rear doors to allow for better air circulation.
If no one is watching a thief or data gatherer can simply walk in.
Posted: Sunday, 6 May 2007
0 Comments:
Post a Comment